Worldcoin’s Iris-Scan ID Proposition Is Best Considered With Eyes Wide Open

Published 10 months ago
By Forbes | Segun Olakoyenikan
Biometric eye scan
Getty Images

Company’s offer of $60 along with proof you aren’t a robot has hidden risks. Why trust a private enterprise with your biometric data?

Worldcoin’s campaign to literally capture eyeballs on the internet is coming up against security concerns as critics question whether the benefits of the iris-scanning system of identity verification are worth the privacy risk.

The project offers people about $60 worth of the new Worldcoin (WLD) cryptocurrency in exchange for a digital scan of their eyeballs. In addition to the 25 tokens, users get a unique World ID, which proves they are humans–rather than artificial intelligence software–and can be used to verify their identity to third parties without any other personal information being shared.


But having a private organization like Worldcoin possess a global database of human iris scans is a key concern raised by analysts, investors and researchers who spoke to Forbes–especially since the campaign kicked off in poor communities in the developing world, isn’t yet available in the United States and faces regulatory reviews in Kenya, the U.K. and Germany.

On the other hand, along with being able to prove users are real people, Worldcoin could help enable instant cross-border financial transactions, pave the way for a more transparent and inclusive democratic process through verified voting and create a more efficient distribution of public resources on a global scale, according to Worldcoin.

More than two million people from 34 countries have signed up for World ID, according to data provided by Worldcoin, which also said that it has started ramping up the global distribution of Orbs with the hopes of increasing the scanning devices to 1,500 this year to boost adoption.

Worldcoin claimed that it hit the milestone in less than half the time it took to reach the first million, predominantly in developing countries like Argentina, Chile, India, Uganda, and Kenya where Worldcoin’s iris scanning has just been suspended.


Over the past week, the project’s World App mobile application has become the most-downloaded app in Kenya, according to data from AppFigures without stating the period, displacing popular apps such as WhatsApp Messenger and TikTok. One of the key drivers of adoption in Kenya has been promotions from local influencers and musicians, including Afro-pop star Kagwe Mungai.

“Come with me to sign up for Worldcoin,” reads a text on an Instagram video featuring Mungai standing next to a giant Orb device in Kenya’s capital Nairobi. “I signed up and even got my iris scanned for my unique world ID which I can use to access online services and more.”

The $60 being offered to Kenyans represents nearly half of the average monthly income in East Africa’s largest economy where about a third of the population lives in poverty and has witnessed multiple deadly protests this year over cost-of-living crisis.

How frequently people use the new coin for its intended purposes remains to be seen in the East African country where Tools for Humanity is originally authorized as a data processor.


Kenyan authorities announced on Wednesday that they’ll probe Worldcoin’s operations to assess the project’s “authenticity” and “legality” in the East African country. “Accordingly, the government has SUSPENDED forthwith, activities of ‘WORLD COIN’,” the announcement read. But in a statement to Forbes, the Worldcoin Foundation said that the demand for World ID in Kenya had been “overwhelming” and the suspension was “out of an abundance of caution and in an effort to mitigate crowd volume”.

The country joined both the U.K. and Germany whose data regulators have reportedly launched an inquiry into the digital ID project.

“We note the launch of WorldCoin in the U.K. and will be making enquiries,” a spokesperson for the Information Commissioner’s Office in the U.K. said in an emailed statement. Consent to process biometric data “needs to be freely given and capable of being withdrawn without detriment.” Since information on Worldcoin is blockchain based, it can never be changed or withdrawn.

Worldcoin was cofounded in 2019 by Sam Altman, CEO of OpenAI, whose ChatGPT program is one of the earliest examples of an artificial intelligence program that can be confused with real people to some degree. Altman’s cofounder Alex Blania claimed that Worldcoin was decentralized, but ironically, the project itself functions as a centralized bottleneck in this system and plans to open-source the code are delayed for the future.


Worldcoin says the operation of infrastructure software such as the backend services that ensure iris codes are unique after signup is coordinated by the Worldcoin Foundation, a group of the project’s contributors based in the Cayman Islands and with a subsidiary in the British Virgin Islands – two locations known globally as tax havens.

“We don’t think it’s a great idea to train a bunch of people to hand over their biometric data to a non-governmental entity,” says a venture capitalist who passed on backing Worldcoin. It also creates a precedent and incentive for other crypto companies to collect biometric data, which could have dangerous consequences if a project’s leaders turn out to be corrupt, the investor says.

Worldcoin developer Tools For Humanity launched the token of the ambitious eyeball-scanning project on July 24 followed by listing across major crypto exchanges, as the artificial intelligence scheme aims to revolutionize human identity verification and bridge income inequality. It’s not the first time a tech company has used iris scans for verification. The 13-year-old, New York-based company Clear, which scans irises and allows paying subscribers to skip airport security lines, says it has more than 15 million customers.

With recent advances in AI making it much harder to distinguish humans from robots online, the project looks to replace the traditional approach to online login with a decentralized digital verification system – all under the control of Worldcoin.


“It’s becoming increasingly difficult to distinguish fiction from reality, which is a particular concern in the financial and democratic systems,” wrote Louis Schoeman, who runs platforms for trading stocks and cryptocurrencies, in a research report last week. “Worldcoin wants to defend people from AI misinformation and make it clear who and what to trust online.”

The proof-of-personhood idea of Worldcoin developer Tools For Humanity requires people to join the system by scanning their irises using an eyeball-like device called the Orb. The scanner verifies people’s identity and assigns a unique World ID, which allows those authenticated to prove they are human without having to reveal their personal data to third-party platforms linked to the Worldcoin protocol.

“It’s only Tools for Humanity that has access to these Orbs, so identity creation is centralized,” says Abdoulaye Ndiaye, professor of economics at NYU’s Stern School of Business who also conducts research on blockchain technology. “We need to make sure that if it’s a platform or digital infrastructure, it has to be as open as possible so that it makes the creation of identity and updating to be decentralized. Also, the blockchain allows the possibility of people to use and create applications on top.”

Ndiaye believes that Worldcoin could play a major role in many parts of the world where there is a need for social programs but that have difficulty in effectively targeting the right beneficiaries. The professor, however, warned that there could be a risk associated with the project if Worldcoin links unique user identities with other information such as names, phone numbers and locations, and then sells the data.


“The Worldcoin Foundation complies with all laws and regulations governing the processing of personal data in the markets where Worldcoin is available,” a representative for Worldcoin said in an emailed statement, adding that the project “does not and never will sell any user personal data”.

Iris scans are processed, stored, and subsequently deleted from the Orb’s local memory unless the owner specified otherwise, according to Worldcoin. However, the processed personal data on the Orb are already encrypted and uploaded to Worldcoin’s blockchain-based digital identity network, creating doubts over privacy concerns and the possibility of mishandling of the coded iris data on a technology that stores information without options for removal or alteration.

The identity system has the potential to reduce digital fraud, facilitate banking for the unbanked population and even reduce the number of identity verification requests, according to Michael Silberberg, head of investor relations at crypto hedge fund AltTab Capital.

But Worldcoin’s integrity has also been brought to question given Tools for Humanity’s connection with Sam Bankman-Fried, a cofounder of the collapsed crypto exchange FTX. Bankman-Fried, who backed the project’s $25 million Series A investment round back in 2021, faces 12 criminal charges including fraud and money laundering. Data from venture capital market research firm PitchBook showed that the bankrupt Singapore-based crypto hedge fund Three Arrows Capital also partook in the early-stage funding.

Earlier this year, Worldcoin raised $115 million in a Series C funding round led by Blockchain Capital and venture capital heavyweight Andreessen Horowitz. Google parent company Alphabet also invested, according to PitchBook.

The supply of Worldcoin tokens is capped at 10 billion over the next 15 years, and only 143 million were available at the global launch of the scanning project. That puts the market value of the Worldcoin token at around $340 million currently, down 34% from an all-time high of $512 million on July 24, the day the token launched, according to Coinbase data. On a fully diluted basis, all 10 billion circulating supply of Worldcoin would have a value of $23.7 billion.

An April 2022 investigation by MIT Technology Review accused Worldcoin of exploitation in lower-income countries in Africa and Asia, including Kenya, and of collecting biometric data from people who had little understanding of what Worldcoin was. One conclusion the authors drew: “It’s just cheaper and easier to run this kind of data collection operation in places where people have little money and few legal protections.” In response to the allegation, Worldcoin said it was also operating in developed countries, including some European nations. “Worldcoin has always tried to conduct field tests in a sample of countries around the globe that would be representative of the world as a whole,” a Worldcoin spokesperson said.

BuzzFeed News article published around the same time asserted that Worldcoin “has angered the very people it says it’s trying to help.” Alex Blania responded, “Quite surely, in some places, communication, marketing, all of those things, could have been clearer and better.”

Ethereum inventor Vitalik Buterin wrote in a blog post just after the global launch that there’s no one-size-fits-all approach to verifying people’s identity, but one of the major risks associated with Worldcoin is the limited availability of Orbs around the world and the possibility that users might inadvertently reveal more information than intended during iris scans.

Buterin also said it’s difficult to verify if there are cracks in the construction of the Orb device, leaving room for potential backdoors. “Hence, even if the software layer is perfect and fully decentralized, the Worldcoin Foundation still has the ability to insert a backdoor into the system, letting it create arbitrarily many fake human identities,” he said.

The Ethereum founder also raised concerns about the possibility of creating 3D-printed “fake people” that can pass the iris scan to get World IDs.

“The problem of making a proof-of-personhood system that is effective and reliable, especially in the hands of people distant from the existing crypto community, seems quite challenging,” Buterin added.