Worldcoin, now known simply as World, is redefining how digital identity is developed by centering on the human iris as its primary biometric. Sam Altman’s company has attracted significant attention—both positive and negative—since its launch.
According to Shady El Damaty, CEO of Holonym and expert in zero-knowledge cryptography, the World Network’s centralized infrastructure makes it particularly vulnerable to data leaks and exploitation.
However, in an exclusive response to BeInCrypto, World refuted several claims regarding its infrastructure and data handling, offering its justifications.
A Universal Digital Identity: Privacy or Risk?
With artificial intelligence continually blurring the lines between humanity and technology, Altman’s most recent project has taken the concept to the next level.
SponsoredWorld, an initiative the OpenAI CEO launched in July 2023, has a bold objective: to scan every eye on Earth and forge a universal digital identity for humanity.
At its heart lies the World ID, a privacy-preserving digital identity generated through a unique biometric scan of a user’s iris, referred to as “the Orb.”
“Worldcoin is the very first example of a company… that has the explicit mission of documenting every single person in the world with a cryptographically immutable link between a cryptographic hash of your eye and… your biometrics,” El Damaty told BeInCrypto.
In exchange for this biometric verification, users receive WLD tokens, World’s native cryptocurrency. These tokens serve as both an incentive and a fundamental component of participating in this global network.
World clarified that it does not maintain a centralized data storage infrastructure, nor does it retain users’ biometric information.
Instead, the company emphasizes its privacy-first design and the use of technologies like secure multi-party computation to ensure that users’ data is fragmented and stored in a decentralized manner.
They further noted that much of the technology behind World’s system is open-sourced, which allows others to verify and build upon their protocols, ensuring transparency and trust.
Why the Iris? Unpacking World Network’s Biometric Choice
Unsurprisingly, World’s launch has been received with skepticism.
While users have generally grown comfortable with biometric authentication, such as fingerprints for passport scans or Face ID to unlock smartphones, the prospect of having one’s eyeballs scanned to create a digital identity has elevated the feeling of living in a simulated reality.
“[World] settled on… the iris, which has enough entropy within it that it’s really difficult to brute force. They could have gone with fingerprints, but they didn’t because these can be very easily modified; they can be burnt off, or you could use different fingerprints. Whereas for eyes, they are very difficult to change,” El Damaty explained.
The reason behind World’s decision to use such a specific biometric is in line with its stated purpose.
As artificial intelligence continues to develop at a rapid pace, this initiative is a way to provide a trust layer for the world post-AI.
This mission is often framed as creating “proof of personhood” in an era when distinguishing real humans from AI bots will become increasingly complicated.
“In the future, it might be really difficult to know who you’re interacting with, maybe both in the digital world as well as the physical world as robotics and automation continues to improve,” El Damaty added, noting, “With OpenAI, I think they really quickly realized that the most valuable commodity in the world isn’t going to be a currency or some hard asset, but it’s going to be authenticity.”
Though the cause may seem noble enough, the way World Network has decided to go about it has drawn scrutiny. Part of it stems from a fundamental disagreement on what digital identity should entail, leading to a philosophical divide.
Refuting these comments, World clarified that the WLD token airdrop is a benefit of verification in certain markets and not a core component of participation in the World network.
In its response to BeInCrypto, the organization emphasized that users can engage with the network and obtain a World ID without necessarily receiving the WLD tokens, which are not required for basic participation.
Monolithic vs. Pluralistic Identity Systems
Worldcoin’s “one iris scan belongs to one identity” system embodies a monolithic identity. Experts often criticize such an approach for heightened security risks.
In a recent blog post, Ethereum co-founder Vitalik Buterin warned that such a singular, universally linked identity risks online privacy and individual freedom. He expressed concern that even with advanced privacy tools, a one-identity-per-person property brings several security risks.
“That’s the real risk. If someone takes a picture of your eyes, can they use all publicly available information, or maybe even dark web information, to identify who you are and what you’ve done on-chain,” El Damaty told BeInCrypto.
This approach also contrasts with the cypherpunk ethos that birthed Bitcoin, which emphasizes anonymity. Critics argue that World represents a significant philosophical shift away from this privacy-first tradition by permanently labeling individuals.
A specific point of concern for Buterin and others is World’s nullifier. This cryptographic mechanism ensures that each person signs up only once. However, its very function also presents a significant vulnerability.
“As soon as your nullifier is given up… all of the accounts that you have linked to that nullifier are also given up… it could be the foundation of a really massive data leak,” El Damaty warned.
In response to these risks, El Damaty advocates for pluralistic identity systems with multiple online identities for different purposes. This protects sensitive real-world information from being inextricably linked to a single, globally unique ID.
“Those iris codes shouldn’t be linked to the same amount of information that can be used to access your voting record or your social security benefits or other really critical information that, if ever given up, would undermine your status as a person in the real world,” he added.
World refuted concerns that their system could become a honeypot for hackers or government surveillance. According to the company, its infrastructure is designed to be decentralized, meaning biometric data is not stored centrally.
They pointed to the implementation of secure multi-party computation for iris codes, which ensures that the data is fragmented and cannot be accessed by any single party.
This is part of their broader strategy to maintain control in the hands of users and prevent external entities, including governments, from accessing their data without permission.
Could Worldcoin Data Become a Government Honeypot?
World Network’s global scope directly challenges national sovereignty, especially a state’s right to define its citizens’ identity. This raises a critical question: What if foreign governments demand access to their citizens’ biometric data collected by this company?
Tools for Humanity, World’s parent company, might use its distributed infrastructure as a defense, claiming data resides in various nations. However, El Damaty believes this defense is precarious.
Sponsored Sponsored“[World] also ha[s] infrastructure in the United States that’s going to be beholden to the US government’s authority. The US can come in and say, ‘hey, we’re going to pull the plug and put your executives in jail if you don’t hand over all of the logs that are coming from this central server that’s responsible for coordinating the entire network.'”
This vulnerability transforms World’s vast biometric database into a potential honeypot for governments. El Damaty pointed to precedents like the 2018 CLOUD Act, which allows US law enforcement to compel US-based tech companies to provide data, even if stored overseas.
Many nations have not waited for such hypothetical scenarios to play out, leading to immediate and forceful regulatory action.
World strongly disputes this concern, stating that it does not store data in a centralized location. Instead, it uses secure multi-party computation to ensure that no single entity has access to all user data.
Why Nations Are Banning Worldcoin
The international community’s response to Worldcoin’s initiative has been overwhelmingly hostile.
Sponsored SponsoredCountries like Spain, Portugal, Kenya, and Indonesia have either imposed bans or initiated investigations into World’s operations, citing concerns over data handling, transparency, and age verification.
El Damaty highlighted a crucial transparency issue. As a private company, World’s financial and operational details aren’t fully open for public scrutiny. This, he suggested, enables them to strategically control how they present their activities to the world.
This opaqueness contributes to existing global skepticism.
“I don’t think governments are going to suddenly turn overnight and say, ‘okay, well, we’re going to let this American company [from] Silicon Valley run by one of the world’s most powerful people to track all of our citizens and give them their crypto tokens,’” El Damaty said.
Without detailed clarity, many nations remain wary of entrusting such fundamental identity information to a private entity perceived to be operating outside established legal and ethical norms.
In contrast to the claims of widespread hostility, World points out that it legally operates in 160 countries and has verified over 14 million unique humans since its launch.
Furthermore, World claims to have more than 30 million users and has processed over 500 million transactions via its non-custodial World App.
According to the company, these statistics demonstrate that the project is being widely accepted and trusted, despite the vocal criticisms from some governments.
