Worldcoin’s biometric approach has raised concerns that it offers cryptocurrency at the potential cost of privacy.

The following is a guest post by Philippe Desmarais, CEO of Kelvin Zero.

Want to have your retina scanned with a metal sphere owned by a private company with the same founder as OpenAI for some cryptocurrency and a digital world ID? Just a few weeks after Worldcoin launched, more than 2 million people have said “yes.”

Did I mention that governments and private companies can leverage the digital identity system? Just five years ago, this would have sounded crazy. But make no mistake, this heavyweight project is backed by one of the most successful entrepreneurs in modern history and funded by some of the world’s most powerful venture capital firms. If you haven’t taken Worldcoin seriously and thought through its implications (mostly worrying), now is a good time to start.

As someone who lives and breathes privacy and data protection, and as the co-founder and CEO of a cybersecurity company focused on identity verification and decentralized biometrics, Worldcoin has rekindled an existential question I ask myself every day: What is the privacy price of our digital advancement?

In the case of Worldcoin, the cost is too high.

As the world moves towards a more connected future, the debate has settled on the value of blockchain technology and its potential to create a more secure and connected digital world. It’s a game changer. This brings us to Worldcoin, which has taken center stage with its ambitious goal of promoting financial inclusion for everyone.

But actions speak louder than words. Worldcoin’s approach to biometric data collection raises serious concerns about individual privacy. First, if the technology already exists to give individuals control over their biometric information while giving them certainty in their identity systems, then the mass collection and centralized storage of biometric information should not be happening. There has never been a reason to collect and centralize biometric data.

Worldcoin aside, biometrics are undoubtedly an integral part of the future of authentication. The question is not if, but how. Multiple strategies and solutions have emerged, with the most notable approaches relying solely on biometric template hashing, eliminating the need to store actual biometric data on the device or in a cloud environment. The field of biometric authentication is constantly evolving, but the most promising concepts are those that prioritize data security and privacy.

On the other hand, cybercriminals often target centralized biometric databases to exploit vulnerabilities, which can have devastating consequences for the affected individuals. While users can delete their biometric data after creating Worldcoin’s so-called “World ID,” they can also choose to encrypt and save their data.

Simply encrypting biometric data is not enough. If the data is compromised, it can be kept for a period of time until it is decrypted. Biometric information is perhaps our most personal information, and unlike a password, it is permanent. Once the decryption process is complete, it is gone forever. If a password is compromised, the user changes it. If a person's retina is damaged, they will never be able to use it securely again.

Without the necessary third-party oversight, we are entrusting what could become one of the most valuable databases in the world to a single point of failure that should never have existed in the first place. Have big tech companies reached the point where they are finally showing us what they are capable of? With Worldcoin, we know what they are capable of and what they intend to do.

Kenya just suspended Worldcoin operations due to these exact concerns. And within weeks of launch, Germany’s privacy regulator, the Bavarian State Data Protection Supervisory Office, announced that it had been investigating Worldcoin since November 2022 because the project processes “large-scale sensitive data.”

Beyond storage and oversight issues, mass biometric data collection can create a potential surveillance state across the globe. The notion that a single entity can access our most private data on a massive scale rings alarm bells about potential abuses of power. Despite the most stringent security measures, no system is completely immune to cyber threats. What are the most pressing cyber threats today? Nation-states.

Amid all the cynicism surrounding Worldcoin — much of which is justified — perhaps the most sinister part of the project is its launch strategy. Let’s just call it what it is: They’re targeting some of the world’s poorest regions, offering more than $50 worth of cryptocurrency to some of the most economically vulnerable people for the right to collect their biometric data on a massive scale.

Let’s say an organization ignores the fundamental flaws of collecting and centralizing biometric data, and does it anyway. In this case, the bottom line is that they go above and beyond to educate participants about the impact of giving it up. Worldcoin doesn’t go far enough in this regard. Especially in developing countries, many people may be participating without understanding the purpose of what they are registering for.

Ethereum founder Vitalik Buterin also published a lengthy post expressing his concerns about Worldcoin. He touches on many of the basic issues detailed here, but also goes a step further, questioning the unknown functionality of the retinal scanning ball and hinting at the possibility of a backdoor in the system.

His point, like mine, is how do we know that everything works the way it should? The answer is we don't. We put our trust in a privately held, single point of failure database that could end up being the most powerful database in the world. We believe that the technology is flawless and that the way it presents itself to us is completely accurate.

The bottom line for Worldcoin is that if some form of failure or malfeasance occurs within the project, there is no going back. An unacceptable lack of action, understanding, or both by global regulators has resulted in private entities collecting and storing biometric data from individuals in nearly every corner of the globe.

Now that Worldcoin has come this far, I call on lawmakers to step in before it’s too late. We need complete, verifiable answers to the questions we asked prior to launch, but we are not receiving them. At this point, the most sensible path forward is to prohibit the collection and centralization of biometric information, especially when it is used to create a privatized digital identity system. #隐私   #世界币