Worldcoin | French privacy regulator investigates, latest audit report reveals nearly thirty protocol vulnerabilities

share
Worldcoin | French privacy regulator investigates, latest audit report reveals nearly thirty protocol vulnerabilities

The French regulatory authority revealed to foreign media that there are concerns regarding data collection and storage by Worldcoin, and an investigation is currently underway. Worldcoin has also stated that they will fully support and cooperate with the regulatory authority. The following day, Worldcoin released an audit report conducted by two security firms, which identified nearly 30 vulnerabilities in the protocol, most of which have been addressed.

French Regulatory Agency Warns: Concerns Over Data Collection

The French National Data Protection Commission (CNIL) stated to Fortune on July 28 that there seem to be issues with Worldcoin's biometric data collection and storage, and the commission is currently investigating.

Worldcoin has always emphasized that it does not store users' personal biometric data externally, and the related iris data is encrypted using hash calculations, with the database only storing irreversible hash values.

Ethereum founder Vitalik Buterin recently expressed support for the Worldcoin project in a lengthy article, believing that Worldcoin's efforts in privacy protection far exceed those of other centralized identity verification projects.

Recap: Vitalik's In-Depth Analysis of Worldcoin | What are the Four Major Risks? Why Does Perfect Identity Verification Not Yet Exist?

Worldcoin: Supporting and Cooperating with Regulatory Agencies

Worldcoin told the media outlet CoinDesk that it will continue to cooperate with regulatory agencies, providing them with more information to achieve privacy and data protection.

We are committed to cooperating with our European partners to ensure that the Worldcoin project meets regulatory requirements and provides safe, reliable, and transparent services to verified users.

Worldcoin also reiterated its previous statement that the project is compliant with EU regulations on biometric data collection and transmission, as well as the General Data Protection Regulation (GDPR) to ensure compliance in Europe.

Worldcoin Completes Audit, Fixes 24 Vulnerabilities

On the morning of July 29, Worldcoin officially released an audit report conducted by security firms Nethermind and Least Authority.

Nethermind identified 26 security vulnerabilities in Worldcoin, of which 24 have been fixed, one has been mitigated, and one vulnerability issue has been confirmed.

The audit covered the World ID contract, World ID airdrop contract, Worldcoin token WLD grant contract, WLD ERC-20 token contract, and related token ownership wallets.

Least Authority found three issues and made six recommendations, with the vulnerabilities either resolved or planned to be resolved.

Nethermind Audit Vulnerabilities Diagram

Typically, in security audit reports, the status of vulnerability resolution is described as fixed, mitigated, or confirmed. Fixed means the vulnerability has been repaired, mitigated means a temporary solution has been devised, and confirmed means the vulnerability has been identified but not yet resolved.

As Worldcoin, with the halo of OpenAI founder Sam Altman, strives for adoption, its privacy protection efforts seem destined to be scrutinized by various parties.