Worldcoin, a project that collects biometric data and rewards tokens, is facing a wave of strong opposition from privacy activists and many regulatory agencies, raising questions about safety. and the future of this project.

Worldcoin, the brainchild of Sam Altman - CEO of OpenAI, is attracting the world's attention with the goal of creating a global digital identity network based on AI and blockchain technology, promising a revolution. in the field of digital identification. The project uses iris scanning technology through the “silver sphere” Orb to authenticate user identities and reward them with the WLD cryptocurrency. 

According to information from the project, more than 5 million people around the world have participated in iris scanning. In addition to receiving online ID verification, users are also rewarded with 25 WLD tokens, equivalent to about 115 USD. As of April 11, more than 10 million people have registered to use Worldcoin's World App. These events have attracted the attention of both the technology and media world.

CEO Altman affirmed that Worldcoin will create a global digital identity network based on proof of personality, bringing many benefits such as preventing fraud, expanding access to financial services, as well as facilitating conditions for the development of AI.

However, this "silver ball" also contains many unknowns. Since its launch, Altman's startup has repeatedly faced strong opposition from influential privacy activists. Despite using blockchain technology, the project also received less than enthusiastic support from the cryptocurrency community.

Privacy concerns: digital dream or disaster?

The popularity of Worldcoin has raised many privacy concerns as data breaches and the sale of stolen data online have become a reality.

Edward Snowden, the whistleblower of the NSA surveillance scandal, was one of the individuals who spoke out fiercely against it. Snowden said that collecting biometric data - an extremely sensitive and immutable type of information - can lead to potential risks such as abuse, theft and data trafficking.

Not only Snowden, many other experts and activists also expressed concern about the possibility of Worldcoin being used for bad purposes such as monitoring, manipulating and controlling users. 

Rory Mir, director of community engagement at the Electronic Frontier Foundation (EFF), a nonprofit organization that defends civil liberties in the digital world, expressed concerns about the security of biological data. biometrics, especially retinal scan data. He said this data is “quite immutable and difficult to hide,” making it an attractive target for surveillance activities. “You only have one body, so when this data is collected and used to track you, you don't have many options,” Mir shares. 

He emphasized that the collection of biometric data should be subject to strict safeguards, including ensuring explicit consent from those being scanned, and could even be banned altogether. Mir doubts whether Worldcoin's contractors meet these standards consistently. 

Meanwhile, Vahan P. Roth, a member of the executive board at Swissgrams AG, criticized Worldcoin for blatantly contradicting the core spirit of cryptocurrency. According to him, Worldcoin violates the core principles of anonymity and decentralization that Bitcoin and other digital currencies are built on.

A user in India is scanning a hammock with Wordcoin's ball. Many regulatory agencies around the world are involved

Privacy concerns have prompted regulators in many countries to get involved. In 2023, India, South Korea, Kenya, Germany, and Brazil began investigating Worldcoin's data collection practices. Spain became the first country to ban Worldcoin's biometric data collection in March this year. 

The Spanish Data Protection Authority (AEPD) said the allegations against Worldcoin were based on multiple reports from Spanish citizens, including inadequate information about the purpose of data use, collection data from minors without parental consent and without even allowing users to withdraw their consent after having had a retinal scan.

Worldcoin filed an appeal against the ban, but the National Court (Audiencia Nacional) rejected it, stating that people's right to protect their personal data must take precedence over Worldcoin's economic interests.

Most recently, Hong Kong introduced a similar ban on May 22, arguing that it was unreasonable for Worldcoin to store biometric data for long periods of up to 10 years to train AI models.

Meanwhile, Christoph Schmon, EFF's international policy director, said the European Union's data protection regulations provide a "one-stop shop" for dealing with cross-border issues. . 

According to Schmon, Worldcoin's main authority in Europe will be Germany, where the company is headquartered. However, Spain's data watchdog (AEPD) said that other EU member states could intervene in "exceptional cases" to protect individuals' privacy. AEPD emphasized that it is working closely with other supervisory authorities in the EU, as demonstrated by the Worldcoin ban in Portugal and the potential ban in Italy. 

Schmon noted that regulators could use international cooperation mechanisms such as the Global Privacy Conference or intergovernmental dialogues to address the activities of entities operating globally. demand like Worldcoin. 

How can Worldcoin demonstrate good faith?

Facing pressure from many sides, Worldcoin has begun implementing measures to increase transparency and security, to reassure users and government agencies.  Four days after the ban in Spain, Worldcoin made the source code of the Orb software public, allowing the community to test and evaluate its safety. 

Additionally, Worldcoin has introduced the “Personal Preservation” feature in the World App, allowing users to control their data. According to the company's statement, data is encrypted before being transmitted from Orb to the World App, ensuring no unencrypted copies exist anywhere. 

Worldcoin has also passed third-party audits, proving the Orb software has no direct vulnerabilities in the end-to-end encrypted messaging system. Additionally, the company has made public the source code of the secure multilateral algorithm used in its biometric data system, to increase transparency and allow community inspection. Worldcoin also affirmed that users can safely delete old iris codes, increasing data control for users.

Experts in the field of technology and data security have expressed agreement with Worldcoin's recent changes. Sascha Drobnjak, head of legal and compliance at Arcium, said that open sourcing the software, introducing a “Personal Preservation” feature and allowing users to cancel ID verification are steps in the right direction.

Lasha Antadze, co-founder of Rarilabs, emphasized the importance of empowering users so that Worldcoin can avoid further bans and gain trust. Antadze believes that Worldcoin needs to improve the mechanism that allows users to give, refuse or withdraw consent for the use of their data, as well as provide a clear choice to opt in or out of the service. .

While Worldcoin's recent changes are considered positive and may help them avoid further bans, there are still many challenges ahead. Much of the public remains apprehensive about large-scale biometric data collection by a private entity. Worldcoin needs to address security and privacy concerns to convince both users and regulators.

Antadze, co-founder of Rarilabs, believes that regulatory agencies also need to improve their knowledge of technology to make regulations more accurate and effective. Lack of technological understanding can lead to blanket bans, which disadvantage everyone.

Worldcoin acknowledges that its technology is novel and complex, and is willing to engage in discussions to explain and clear up misunderstandings. However, to achieve widespread adoption, Worldcoin will have to work harder to inform, demonstrate and convince both the public and regulators that their protocol is private, secure and useful. .

In a quite positive sign, Worldcoin Foundation recently removed the old retina code system and switched to using secure multi-party computing (SMPC) technology to protect biometric data, to enhance security. confidential and transparent after being questioned by many countries about its data collection practices.