ETHEREUMDEVELOPMENT

Vitalik's In-Depth Analysis of Worldcoin: What are the Four Major Risks? Why Does the Perfect Identity Verification Not Yet Exist?

share
Vitalik

Ethereum founder Vitalik Buterin discussed the concept of biometric proof of personhood and the application of Worldcoin in an article, where he outlined the potential risks and flaws of Worldcoin. However, he also challenged the prevailing community perception of the project, stating, "In fact, Worldcoin's efforts in privacy protection far exceed those of other centralized identity verification projects."

Original article: What do I think about biometric proof of personhood?

What is the Worldcoin's original intention?

The concept of Worldcoin is that in the future, AI will bring a lot of resources and wealth to humanity, but it may also take away a lot of jobs, and robots and humans will become indistinguishable. Therefore, the future world will need:

  1. A complete "Proof of personhood" digital identity verification system

  2. To provide "Unconditional Basic Income, UBI" for everyone

Worldcoin has developed a biometric technology device called "Orb" for iris scanning, aiming to mass produce and distribute it globally so that people can easily establish their ID.

However, Worldcoin has been controversial due to privacy, security, and ethical issues related to token economics. Vitalik hopes to discuss this in the article and let users decide through their perspectives whether they would be willing to establish their digital identity in the future through scans such as iris, facial, and voice.

Why is identity verification important?

Identity verification solves many problems such as spam and centralized power. Without a robust mechanism, decentralized governance, community platform voting, etc., are susceptible to manipulation by the wealthy, as shown in the figure below. This also leads to many services having to block DoS attacks by setting prices.

Many applications still rely on national government-supported identity verification systems, such as credit cards, passports. Vitalik believes that this has made significant and unacceptable sacrifices in terms of privacy.

Which applications can integrate identity verification?

Identity verification projects not only include Worldcoin but also Proof of Humanity, Circles UBI, and others.

However, Vitalik sarcastically points out that the "flagship applications" of these projects are the introduction of "tokens that everyone can receive" or the so-called "UBI" tokens, where registered users can receive a specific number of tokens daily, weekly, or hourly.

However, identity verification projects can have more diverse applications:

  • In DAO voting

  • Quadratic voting, financing

  • Airdrops based on real users

  • As an alternative verification method to prevent DoS attacks

  • Prevent bots, Sybil attacks in social media

  • Provide discounted tokens, NFT sales for the poor

Vitalik reiterates throughout the article:

Existing solutions still heavily rely on "highly opaque algorithms," "centralized IDs like KYC," and there is a need for a more secure alternative to realize the security attributes in the above applications.

How does Worldcoin operate?

The Worldcoin application app, like a typical Ethereum wallet, generates public and private keys. Before users scan their iris with the Orb iris scanner, they need to display a QR code generated by the app with the public key. The Orb iris scanner can verify and distinguish:

  1. That the user is indeed human

  2. That the user's iris does not match any scanned users

If both points are verified, the Orb iris scanner will sign the message, convert the data into an irreversible hash value, and upload it to a centralized database. The database only stores the hash value, which is used to prove the uniqueness and non-repetition of the user who underwent the scan, giving the scanned user a "World ID."

Users with a "World ID" can verify their ownership of the private key through zero-knowledge proof ZK-SNARK, matching it with the public key in the Worldcoin database to prove their identity without revealing the private key.

Concerns about the "centralized database" of Worldcoin arise, and Worldcoin promises to replace the database with a decentralized on-chain system in the future if this mechanism works well, although there is no specific timeline.

Vitalik then proceeds to point out the current issues with Worldcoin.

Four Major Risks of Worldcoin

Privacy Concerns: What could Worldcoin potentially leak?

Even the registration data of the iris scanner may potentially leak personal information to some extent. Vitalik assumes that malicious actors could potentially access all the videos of identity verification users during registration, enabling them to determine which individuals have actually registered for a World ID. Although the ability to prevent multiple registrations is essential for an identity verification project, it still poses a risk of abuse.

Furthermore, while World ID is stored as hash values, it may still reveal certain data in the future, such as gender, race, medical data, etc.

However, Vitalik concludes in this section that the potential for data leakage with Worldcoin is quite limited, far lower than what other massive data collection systems like road surveillance can capture. The iris scanner only computes and stores irreversible hash values of the user's iris.

Although the iris scanner may seem very "dystopian," in practical terms, Worldcoin focuses on user privacy and implements an anonymous system that other centralized identity verification projects do not implement.

Lack of Accessibility: Where are the iris scanners located?

Without an adequate number of iris scanners, it may be difficult to establish and access World IDs.

Vitalik points out that only 51% to 64% of the population south of the Sahara Desert in Africa owns smartphones, with a projected increase to over 80% by 2030. However, while the global smartphone count is in the billions, there are only a few hundred iris scanners. Even with larger-scale production output, it would be challenging to achieve a dense distribution of iris scanners within 5 kilometers of each person.

Vitalik then praises the continuous efforts of the Worldcoin team in this regard. He mentions that the Aadhaar ID of the Indian government is also based on iris and fingerprint data, but it is still weaker in terms of privacy, and accessing it via a smartphone seems to be the most accessible option.

Iris scanner located in a shopping center in Portugal

Centralization Risks: Who manufactures the iris scanners? Are there backdoors?

Vitalik presents three types of centralization risks:

  1. High-level governance risk: Especially decisions made when participants have different viewpoints.

  2. Hardware facilities: Inability to verify if the iris scanner has backdoors. Even if Worldcoin is perfectly decentralized in software, the Worldcoin Foundation still has the capability to implant backdoors in the system or be subject to hacker attacks, creating any number of fake World IDs.

  3. Non-open-source algorithms: Using proprietary, undisclosed algorithms to determine who the real participants are leads to excessive centralization of power, affecting verification fairness and security.

Vitalik points out that the iris scanner is independently manufactured by Tools for Humanity, a subsidiary entity of Worldcoin, with most of the code being open-source, and the remaining code is expected to be released soon under a similar "Business Source License (BSL)" like Uniswap to prevent malicious forking of the project and to prevent what Worldcoin considers unethical behavior. He also lists three International Human Rights Declarations.

Additionally, the goal of the Worldcoin team is to allow and encourage other organizations to manufacture the iris scanners in the future, transitioning from being manufactured by the developer Tools for Humanity to being led by a DAO over time, to manage which organizations can manufacture the iris scanners.

However, Vitalik also mentions the risk of the first point, that manufacturers may be subject to hacker attacks, and Worldcoin needs to regularly review iris scanners from different manufacturers.

Security Concerns: Is losing your phone equivalent to losing your World ID?

Vitalik lists several concerns:

  1. User phones could be hacked: Hackers could steal World ID private keys.

  2. Government forcibly obtaining ID: Scanning people's irises at border controls or routine checkpoints.

  3. Using 3D-printed irises to deceive and obtain World IDs: If fake irises are realistic enough to pass verification, it could lead to the mass production and sale of fake World IDs.

Would a Social Network Graph be Better than Biometric Verification?

With so many flaws in biometric verification, would a verification mechanism based on a social platform relationship graph be better?

Vitalik describes the social graph-based verification as follows:

If a bunch of existing verifiers all confirm the validity of your identity, then your identity should be verified.

He also mentions that supporters of the social graph believe it has the following advantages over biometric verification as a better alternative:

  • Does not rely on specialized hardware devices, easier to deploy

  • Eliminates competition among iris scanner manufacturers

  • Can verify pseudonyms, making it more user-friendly

  • The "binary" nature of biometric verification is imperfect; for example, an iris scanner may mistakenly identify visually impaired individuals as non-human

Vitalik generally agrees with the above points but points out that the social graph also has its shortcomings, such as difficulties in widespread adoption in countries with many marginalized individuals, increased likelihood of revealing personal social relationships, and risks of centralization relying on simple registration.

There is No Perfect Identity Verification Solution

Vitalik then compares different identity verification projects.

He uses India's Aadhaar as an example of a dedicated biometric verification device, which has privacy and security advantages but lacks decentralization, while general devices are widely adopted but rapidly lose security.

He believes that ideally, integrating and complementing the three technologies is currently the best approach.

As shown in the figure below, all three verification schemes have advantages and disadvantages:

Vitalik concludes by mentioning the challenges of developing an identity verification solution, acknowledging that development teams are prone to errors and face difficulties balancing commercial interests and the demands of a broad community. He emphasizes the need for development teams to remain highly focused.

Building an effective and reliable identity verification system, breaking free from the control of existing crypto communities, seems to be quite challenging. I do not envy anyone attempting this task, as it may take several years before an effective method can be found.

However, understanding the work that development teams have completed is also crucial, as he states:

Many development teams have shown a stronger emphasis on privacy compared to government and large enterprise identity verification solutions, which is a success we have achieved and should continue to strive for.

Vitalik concludes that while identity verification seems valuable, and various implementation methods carry risks, having no identity verification at all also poses risks. He looks forward to seeing progress in various types of identity verification projects and ultimately converging them in coherent ways.