Worldcoin — a new financial system connected to sensitive biometric information, mostly harvested from poor people — sure sounds like a terrible idea.
“Terrible” doesn’t do it justice.
Worldcoin will need to assemble a vast database of iris data. But not everyone is eager to gaze into an Orb. In the bootstrapping phase, at least, you had to pay people to scan their eyes. And so Worldcoin turned to the global south — home to the cheapest eyeballs — and played a dark game of ‘what will people do for money?’
Incredibly, Worldcoin was unprepared for an obvious consequence of this rollout strategy: A black market for verified credentials. You can now seemingly buy a World ID for as little as $30. Anyone, then, with more than $30 on hand can command more than one digital identity (although Worldcoin is aware of this issue and has proposed solutions to resolve it). Connecting real people to digital identities is a thorny puzzle.
Worldcoin does not fix this. And it’s unlikely it ever can, since nothing in the design can stop professional sybil attackers farming eyeballs on the ground level through nefarious means.
This does not inspire trust in the system or its designers. And yet trust is what they demand. Worldcoin’s promotional materials are full of promises — to delete sensitive biometric information, or keep it hidden from view, or not use it in nefarious ways. One blog post (quoted here; the original appears to have been changed since initial release) put it this way: “During our field-testing phase, we are collecting and securely storing more data than we will upon its completion… We will delete all the biometric data we have collected during field testing once our algorithms are fully-trained.”
“Trust us,” in other words. “We’ll totally delete the eyeball database.”
But when it comes to sensitive information, promises aren’t enough. And the very people who insist that you trust them are the ones who should command the most suspicion. The fact that Worldcoin’s co-founder Sam Altman also heads up OpenAI — a firm currently being sued over allegations of dubious uses of large data sets — asks more questions than it answers.
Sometimes Worldcoin’s privacy promises are conjoined with dazzling technical details. Zero-knowledge proofs, we’re told, will save the day, and allow users to prove humanity without connecting any particular financial activity to a World ID or other associated transactions.
There’s a grain of truth here. Zero-knowledge proofs can generate impressive privacy guarantees. But in the case of Worldcoin marketing, they’re more theater than substance. Taking off your shoes at the airport makes it look like important precautions are being taken (but doesn’t actually make you any safer); and long blog posts about zero-knowledge proofs distract from, but don’t in fact address, the problem of Worldcoin asking for users’ trust.
Linking immutable biometric traits to money could have dystopian consequences.
Hellbound and Down 