The Web Needs A Way Of Proving That You’re A Real Person — Worldcoin Is Not The Solution
In the online world, proving that you’re dealing with a real person is cumbersome and full of friction, and it’s even tougher to make sure that it’s the same person as last time while at the same time preserving that person’s privacy. But Worldcoin, formally launched on July 24, 2023, raises more issues than it solves.
Worldcoin In A Nutshell
A quick recap of what it’s all about: Worldcoin promises to provide a “new identity and financial network owned by everyone,” which will not only distinguish humans from bots or other AI-generated entities but also enable “global democratic processes” and even “show a potential path to AI-funded UBI [universal basic income].” And as the name suggests, there’s a cryptocurrency involved (WLD). So far, so techno-utopian.
What’s already a reality today is Worldcoin’s way of issuing a World ID to an individual. Using a bespoke piece of hardware called an Orb, a Worldcoin Operator scans a person’s iris; once the credential issuing process is completed, the user can download their World ID to their World App wallet. People with a World ID also receive free WLD as an incentive (in eligible countries, which today excludes the US), and to encourage continued engagement, there are regular Worldcoin Grants in the form of WLD that the user has to claim. Aside from using their World ID as proof of personhood, credential holders can also use their World App wallet to transfer other digital currencies or assets.
Worldcoin Is Problematic On Many Levels
Forrester believes that there’s little chance that World ID will be widely accepted as a form of pseudonymous online verification mechanism or proof that the person really is the same as last time. Nation states won’t accept such a credential in lieu of their national digital identities, and the close association with a cryptocurrency is a hindrance. In countries where cryptocurrencies are legal or tolerated, it’s not clear whether the coin awards will be a sufficient incentive to encourage people to obtain a World ID, and in countries where the legal situation is unfavorable, there’s no incentive. That aside, there are a few other fundamental issues worth highlighting:
- Privacy concerns abound. Aside from any Big Brother concerns that consumers may have, there are no tangible privacy safeguards in Worldcoin other than “trust us” writ large. The Orb’s hardware and software are proprietary, and it’s unclear how well tested some of the cryptography is. As for the promise that actual iris scan data won’t be retained: The whitepaper refers to “all images being promptly deleted on-device per default (absent explicit consent to Data Custody)” [our emphasis]; in other words, it’s possible to retain the data — and who guarantees that it won’t be? Biometrics in general raises privacy concerns; given major fiascos (such as the US Office of Personnel Management losing over 6 million government employees’ facial images, etc.), many people are averse to letting their biometric data be stored by third parties.
- Iris biometrics are clumsy at best and inaccurate at worst. Iris biometric scans suffer from false rejections after the user has had too much to drink or has not slept enough. And providing high-quality sensors to digitally unsavvy people is a recipe for tech support challenges. Lastly, any sensor that is not available on a mobile phone today will have to fight an uphill battle for adoption.
- The sign-up process isn’t fit for purpose. It’s unclear how thorough the Worldcoin Operator vetting process is. Operators must have a registered business in the country of operation and will have to undergo a review process (by the Worldcoin team) and know-your-customer check; there’s also mention of compliance training. Nothing is said about the criteria that apply when Operators expand their teams. There’s also no detail about the incentive scheme and what mechanisms are in place to prevent abuse. A reporter’s conclusion that “The pitch is essentially, ‘Hey, get some free crypto!’” isn’t confidence-inspiring at the best of times. Given some of the dubious practices that a team from MIT uncovered during Worldcoin’s beta phase, one really might have expected the Worldcoin team to devote more care and attention to what is arguably one of the most crucial and sensitive parts of the ID-issuance process.
- Worldcoin isn’t as inclusive as it’s made out to be. “Built for all, without compromises,” proclaims the introduction to the World App. But the “for all” is an overstatement, because: 1) Anybody who doesn’t have either an iPhone or an Android smartphone won’t be able to use the World App wallet and 2) it’s a self-custodial wallet, which means that users are responsible for their own key management. Suggesting that “users can choose to back up their keys (encrypted) to Google Drive or iCloud for syncing and recovery” doesn’t make self-custody viable for “all.”
- Ownership and control structures are complex, and the commercial model is uncertain. Worldcoin doesn’t try to hide the fact that it’s operating in a centralized way today. However, there’s no clear description of the path to decentralization (whatever it may mean) or eventual governance model. It’s not enough to state that WLD holders will participate in governing the protocol, as, unless carefully designed, such governance structures are easy to exploit. There’s not enough detail on the tokenomics to figure out how that aspect is meant to work. It’s also not clear how investors will get their money back. The head of product stated in a Financial Times interview that the “project will make money” and that all products are “for profit.” There’s no mention of how — and also no mention of how that profit fits in with the initiative’s worthy aims.
Unsurprisingly, Worldcoin has already attracted regulator interest, with the UK’s Information Commissioner quoted as stating that they’re looking into the privacy aspect. Should significant numbers of people hold WLD and put Worldcoin’s aim to make WLD “the most widely used digital currency” within reach, financial regulators will also step up. And finally, it’s worth noting that the Web3 world isn’t enamored of Worldcoin, either — in his “What do I think about biometric proof of personhood?” blog post, Ethereum cofounder Vitalik Buterin discusses the problem domain of proving personhood online in detail and explains why Worldcoin isn’t the answer.