Last week, identity verification and authentication startup WorldID (which was founded by OpenAI founder Sam Altman)  announced that they are  broadening operations of their Orb device in the USA.  The Orb is a large form factor iris scanner device (available now) that also has a mobile phone size counterpart (whose availability planned for 2026).  Orb provides proof of human verification for initially Worldcoin users and is not an identity provider.

World ID (the vendor behind the Orb) provided the following short description of how the Orb works: “Verifying your World ID at an Orb is a one-time process. Here’s what actually happens when you verify your World ID: The Orb takes images of your eyes and face to confirm you’re a real human, processes those images to create an iris code that checks that you are unique and have never verified at an Orb before, encrypts the images, sends them to your phone and then permanently deletes them from the Orb. This entire process happens locally on-device.

Your verified World ID then lives on your phone (currently in World App) as a secure, encrypted proof of human credential with all the images and data generated at the Orb completely in your control.

When a relying party or application asks the user to prove they’re human, currently the user will scan the QR code provided by the third-party app, open World App, approve the request with a few simple taps on their phone.”

Forrester believes that Orb faces several challenges that will hamper its ability to gain broader consumer adoption, including:

  • Required mobile side sensor on user’s device.

The vendor claims that wide-scale Orb distribution is essential to making proof of human (PoH) verification widely usable, with TFH combining trained operators, partnerships, and flagship locations to provide accessible and high-quality sessions in high-demand areas. TFH is expanding distribution methods, including staffed pop-ups and self-serve fixtures, while preparing for global mass deployments targeting high-density regions and filling gaps with mobile and pop-up routes. The ultimate goal is to create a decentralized ecosystem of verification options—including retail counters, community groups, and consumer hardware—making World ID verification easily accessible to everyone worldwide.

Forrester’s take on the above is that most identity verification and authentication schemes leverage mobile device native, consumer grade sensors (camera, fingerprint reader, microphone, accelerometer, GPS). Orb adds a requirement for a non-standard iris scanner, meaning extra hardware and software costs and integration. Traditionally, customers have been unwilling to pay for such features (see Microsoft Infocard). Without a reliable readily available mobile phone integrated sensor, identity verification and authentication use cases are limited. Customers cannot scan their passports, faces, fingerprints in preparation (registration, ticket purchase, checking bags, entering airports) for air or train travel.  Without consumer side pre-registration, using biometrics – even for a one time pre-registration proof of human use case –  (including iris scanners) also creates scalability and throughput problems (read “massive lines”).

  • Iris scanning accuracy is sensitive to alcohol consumption. Forrester’s take is that while the solution is not currently used for routine, repeat authentication, iris scanning inherently suffers from accuracy challenges. Studies point in the direction that because alcohol consumption causes the pupil to dilate iris scanning may be causing false rejects in situations when the subject had consumed alcohol. Eye disorders may also reduce the accuracy rate of iris recognition.
  • Privacy concerns. The vendor claims the following: “The data generated at the Orb to create the proof of human credential is encrypted, sent to the user’s phone, and then deleted permanently from the Orb. It is entirely self-custodial and stored locally on the user’s device as part of their World ID personal custody package. World and Tools for Humanity never have access to the images, the iris code is encrypted with a set of ephemeral keys and sent to different parties who are able to perform a collective operation but never have access to the underlying data. This process is called AMPC (Anonymized Multi-Party Computing) and currently involves three entities, none of which are World or Tools for Humanity. They are prohibited both technically and contractually from either accessing or sharing the encrypted data with the other parties.”

Forrester’s take is that while the Orb claims to delete the image immediately, privacy advocates argue that the data collected is still private and conditions and rules around its usage are unclear.

  • Iris scanning is hackable. The vendor claims that the Orb is designed to ensure high-accuracy uniqueness verification, even in the presence of malicious actors, using advanced presentation attack detection (PAD) systems that operate locally to protect user privacy. Its hardware integrates multiple security measures, including cryptographic keys, tamper monitoring, thermal sensors, and fraud detection checks, making biometric attacks costly and complex while safeguarding against unauthorized access to data. Continuous improvements are made through internal testing, audits, and a bug bounty program, ensuring the Orb remains resilient against evolving attack methods.

Forrester’s take is that iris scanning security is vulnerable to simple presentation attacks. In 2016, the Galaxy Note 7 smartphone debuted with an integrated iris scanner that got hacked in a year: using a photo of the victim’s eyes and placing contact lens between the photo and the iris scanner fooled the iris scanner. The Orb personal device (slated to launch in 2026) will likely be susceptible to these same issues.

  • Regulatory obstacles and bans. Forrester’s take is that In response to watchdog organizations’ complaints, countries (Brazil, Columbia, Germany, Hong Kong, India, Kenya, Portugal, Spain, South Korea) are investigating the solution for privacy violations or have already banned the use of the Orb (e.g.: Hong Kong) or Worldcoin or both.
  • Orb is centralized, and therefore not linked to government issued identities. The vendor states that currently, the Orb is distributed exclusively by Tools for Humanity, but the long-term goal is to decentralize both the Orb and World ID issuance to third parties. World ID Credentials, introduced last year, allow users to optionally link government-issued identity documents to their World ID, providing lower-assurance Sybil-proof signals without requiring an Orb visit. These credentials are securely stored on the user’s device, enabling attestations (e.g., age or nationality) without sharing real identity, with initial support for NFC-enabled passports and national IDs. Further the vendor claims that Identity documents are not a scalable or effective mechanism for proof of human (PoH) due to significant limitations, including the fact that over 50% of the global population lacks digitally verifiable IDs and the inherent contradiction between KYC requirements and preserving user anonymity. While zero-knowledge proofs (ZKPs) and digitally signed IDs could address some privacy concerns, issues like limited availability of NFC-readable IDs, potential fraud, and lack of a global system for ID verification undermine their reliability for ensuring uniqueness. Ultimately, the lack of infrastructure, standardization, and accountability in ID systems makes them unsuitable for achieving a global, fraud-proof, and inclusive PoH solution.

Forrester’s take is that many governments are working to issue online and physically usable natively digital identity documents (e.g., national IDs, driver’s licenses, or passports) that can act as not only proof of human but also official authentication and qualified electronic signature credentials. The Orb and Worldcoin identity system is largely unrelated to these schemes. First, virtual asset providers (VASPs, such as Coinbase) still have to perform a KYC process using traditional methods (government issued physical or digital identity document-based verification) before allowing the customer to register – even if the customer has a proof of human credential provided by the Orb. Second, the Orb ecosystem and architecture is centralized and has limited applicability outside of Worldcoin use cases. Third, KYC-capable, “proof of human” and (active and even passive) liveness checks are readily available in Identity Verification (IDV) solutions that work on regular mobile devices without the need for extra hardware or visiting an Orb location.