In the post, Buterin highlights four major concerns with Worldcoin’s user authentication system, called “Proof-of-Personhood” (PoP).
Worldcoin claims it can authenticate its users without storing personal data or relying on a central authority. To obtain a “World ID,” users must scan their iris with a device known as an “Orb.” Compatible apps, like Worldcoin’s own wallet application, can leverage Worldcoin’s network of authenticated users to tailor their services and root out bots.
In his blog post, Buterin argues that this system has potential issues with privacy, accessibility, centralization, and security.
Buterin argues first that scanning one's iris could potentially release more information than intended. For instance, if someone else scans a World ID holder's iris, they can run it against the Worldcoin database to determine – at the very least – whether that person is in the system. In addition, Buterin says World IDs won’t be readily accessible to everyone, since getting ahold of an “Orb” device can be difficult.
Furthermore, the “Orb” is a hardware device, and Buterin alleges that “we have no way to verify that it was constructed correctly and does not have backdoors.” He adds that “the Worldcoin Foundation still has the ability to insert a backdoor into the system, letting it create arbitrarily many fake human identities.”
Finally, Buterin expresses security concerns with Worldcoin given that users' phones could be hacked, and they could be coerced into giving out their iris scans.
Buterin acknowledges that there is no perfect solution to overcoming these issues. “There is no ideal form of proof of personhood,” Buterin writes. “Instead, we have at least three different paradigms of approaches that all have their own unique strengths and weaknesses.” Those three approaches are known as social-graph-based, general-hardware biometric, and specialized-hardware-biometric solutions (like Worldcoin).
Buterin also adds that Worldcoin has taken certain steps with its hardware that make it superior to more traditional identification schemes – particularly when it comes to user privacy. "It does seem like specialized hardware systems can do quite a decent job of protecting privacy," says Buterin. "However, the flip side of this is that specialized hardware systems introduce much greater centralization concerns."
The newly-launched WLD token spiked earlier Monday by over 20% on major crypto exchanges, following Worldcoin’s mainnet launch.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.