Worldcoin’s Orb Wants to Prove You’re Human—But at What Cost?

Key Takeaways:

• Worldcoin’s Orb uses iris scans to create a unique digital ID (World ID) for human verification, addressing the problem of bots and fake online accounts.
• Despite encryption and decentralization, ongoing privacy and data control risks persist with Worldcoin’s Orb. The irreversible nature of biometric data presents significant challenges, especially when it comes to user consent and data security.
• Worldcoin is forming strategic partnerships with major companies like Visa and Tinder. These collaborations could drive broader adoption of decentralized identity verification and transform how industries approach digital identity.

 

Imagine handing over one of your most unique identifiers—your eyes—in exchange for cryptocurrency. That’s exactly what Worldcoin asks individuals to do with its biometric Orb. Co-founded by Sam Altman, Worldcoin aims to address the identity crisis created by the rise of artificial intelligence. The Orb scans your iris to verify that you are human, with the goal of providing a universal proof of personhood.

However, while Worldcoin emphasizes privacy through encryption and decentralization, significant concerns remain about the collection of biometric data. The ethical issues surrounding biometric data are not new. In fact, the growing use of biometrics in identity verification has sparked ongoing debates about privacy and consent. Worldcoin’s use of such sensitive data could consolidate too much power in the hands of those controlling it, raising questions about the risks to individual privacy. The key question remains: Is proving you’re human worth the potential cost to your privacy and autonomy?

What Is Worldcoin’s Orb and How Does It Create a World ID?

Worldcoin’s Orb, now known as World ID, is a biometric scanner designed to verify human identity online. The process starts when the Orb captures a detailed image of your iris using infrared light. Your iris is unique to you, and the image is then processed to create a cryptographic identifier—a World ID. This digital ID helps confirm that you’re human, tackling the growing issue of bots and fake accounts online.

Once the image is captured, it’s not stored as a raw scan but is transformed into a cryptographic hash, which is a secure, anonymized version of the data. This ensures your sensitive information is not directly accessible or stored in its original form. The cryptographic hash is then stored in a decentralized manner, rather than on centralized servers. This aligns with Worldcoin’s goal, as outlined in its whitepaper, of creating a decentralized, user-controlled identity system.

For reuse, the World ID can be referenced across different platforms. Each time you need to verify your identity (whether for a transaction, logging in, or other services), the World ID can be used to confirm your identity without needing to rescan your iris. The decentralized system ensures that your data remains private and secure, as it is only accessible when needed and cannot be easily replicated or exploited.

Key Partnerships Driving World ID Integration

While Worldcoin’s Orb aims to address identity verification challenges, it is through strategic partnerships that World ID is beginning to take shape across various industries. Some key partnerships include:

1. Match Group: Enhancing Authenticity in Dating Platforms

Worldcoin’s partnership with Match Group, the parent company of popular dating apps like Tinder, addresses the growing issue of fake profiles and online scams. By integrating World ID into its platform, Match Group aims to create a safer, more trustworthy environment for users, ensuring profiles are authentic and free from deception.

This collaboration could revolutionize the online dating experience, helping users connect with real people rather than encountering bots or scammers. As the partnership expands to other platforms within the Match Group and enters international markets by 2026, the impact could be significant in reducing fraudulent activity and building trust. World ID may eventually become a standard feature across dating apps, enabling users to interact with verified profiles confidently.

2. Visa and Stripe: Bridging Crypto and Traditional Finance

Worldcoin has partnered with Visa to launch the World Card, a debit card that allows users to spend digital assets at over 150 million merchants worldwide. This collaboration blends the flexibility of cryptocurrency with the practicality of traditional fiat systems. With over 150 million merchants accepting Visa, this partnership makes it easier for users to seamlessly spend digital assets, expanding access to financial services.

Additionally, Worldcoin has integrated Stripe into the World App, allowing users to make payments directly through the app on Stripe-enabled websites and apps. This integration simplifies the conversion of digital assets to fiat currency, enhancing the user experience and broadening the accessibility of digital payments.

These partnerships bridge the gap between traditional finance and crypto, introducing World ID as a trusted method for verifying transactions. World ID simplifies access to banking and crypto services, particularly in regions lacking traditional ID systems, enabling broader participation in the global economy. By verifying identities, it reduces fraud, enhances trust, and makes transactions more secure and accessible. This could reshape financial services by combining the flexibility of crypto with the security of traditional finance.

3. Razer: Securing the Gaming Ecosystem

Gaming has become one of the world’s most popular pastimes, but with this growth comes the challenge of bot-driven disruption. To address this, Razer, a leading gaming hardware company, is integrating World ID (now called Razer ID) across its ecosystem. With Razer ID, the company ensures that only real, human players can participate in games, especially in competitive tournaments.

This partnership is crucial for creating a fairer and more enjoyable gaming environment. Bots have long posed challenges, from disrupting competitive play to generating fake accounts in multiplayer games. By using Razer ID to verify human players, Razer is taking a significant step toward eliminating bots from the gaming ecosystem.

The integration of World ID into Razer’s platform will drastically improve the integrity of online gaming. Players will compete against real people, not automated bots, creating a more authentic and competitive experience. This move could redefine gaming security, ensuring players enjoy fair and enjoyable gameplay.

4. Kalshi and Morpho: Simplifying Access in Decentralized Finance (DeFi)

Worldcoin’s integration with DeFi platforms like Kalshi and Morpho allows users to sign in using World ID credentials, making it easier and more secure to access decentralized financial services. These platforms rely on accurate user identification for safe transactions, and World ID ensures that only real users are granted access.

By offering verified access to decentralized markets and lending platforms, World ID could make it easier for individuals without traditional forms of identification to participate. This is especially important in emerging markets, where financial services are often hard to access due to the lack of official ID systems.

World ID opens up opportunities for more people to engage in the decentralized economy. It provides a secure and private way to verify users without relying on central authorities. As DeFi platforms continue to grow, integrating World ID could help make these services more inclusive and expand access to decentralized financial tools.

5. Alchemy: Supporting Web3 Development

Alchemy, a top Web3 development platform, has partnered with Worldcoin to add World ID into its infrastructure. This partnership aims to bring World ID to the Web3 space by allowing developers to add secure, decentralized identity verification to their decentralized applications (dApps).

As World ID becomes a key part of Web3, it could change the way we think about identity in decentralized systems. Web3 development relies on trustless systems, and adding World ID into this space offers a useful tool to verify identities while keeping privacy intact.

By offering World ID to millions of developers through Alchemy’s platform, the partnership helps speed up the growth of decentralized applications (dApps). This could lead to a more secure and user-friendly Web3, with a digital identity system that ensures privacy and builds trust in decentralized transactions.

What Are the Risks of Using Permanent Biometric Data in Worldcoin’s World ID?

When we think about digital identity, we typically imagine things like passwords or PINs—simple, resettable, and often forgotten. Worldcoin’s World ID, however, relies on something much more permanent: your biometric data. Specifically, your iris—an incredibly unique and unchangeable part of your body—becomes the foundation for verification. Once your iris is captured and processed by the World ID system, it becomes part of an irreversible digital identity tied to your biometric fingerprint. Unlike a password that can be reset, once your iris is recorded, it cannot be undone, raising significant ethical and practical concerns of biometrics.

Biometric data, especially something as personal as your iris, is irreversible. This raises serious questions about informed consent. While users may willingly provide their biometric information, do they fully understand the long-term implications? In regions with limited access to information about biometric data risks, users may not fully comprehend what they’re agreeing to when they scan their iris. The promise of rewards or access to services can influence their decision. However, the permanence of biometric data could lead to unintended consequences.

Even though Worldcoin uses cryptographic hashing to store biometric data, a risk remains if someone compromises that hashed data. In this case, attackers could exploit what was meant to be anonymized data, revealing users’ identities. Since biometric data can’t be erased like a password, this increases the risk.

As Michael Will, a German data regulator, aptly puts it: “Once somebody has your specific iris picture, you’ll never have the possibility to stay anonymous.” This quote highlights a core issue with Worldcoin’s approach—the loss of anonymity. As privacy concerns grow, losing the ability to remain anonymous could have significant implications for individuals’ autonomy.

Who Controls Your Biometric Data in Worldcoin’s World ID?

The question of control over biometric data is a critical issue with Worldcoin’s World ID. While Worldcoin doesn’t store raw biometric data and uses a cryptographic hash, the infrastructure behind World ID remains centralized under the control of the Worldcoin Foundation and its partners. Even when the data is hashed, it still resides on centralized servers managed by Worldcoin. This raises concerns about who truly has access to this sensitive information. Despite claiming decentralization, the system is largely controlled by Worldcoin, leaving important questions about data ownership, security, and usage unanswered.

The concept of consent also becomes more complicated. When individuals give up something as permanent as their iris in exchange for rewards or access to services, are they truly providing informed consent? Worldcoin’s privacy features and decentralized approach may sound reassuring, but the scale of data collection and its ties to financial incentives could make users feel that opting in is their only option.

Worldcoin’s push for a universal proof of personhood may overlook a crucial ethical consideration: the permanence of biometric data. It’s not just about proving you’re human; it’s about the long-term impact when that proof cannot be undone. The irreversible nature of this data could have consequences that affect personal and professional lives in ways that are difficult to predict.

What Are Global Regulators Saying About Worldcoin’s World ID?

Worldcoin’s World ID has sparked significant regulatory scrutiny across the globe. As one EU regulator highlighted: “Worldcoin’s operation violates multiple data protection laws and risks the safety of people’s sensitive data.”  This concern has been echoed by regulators across the globe, raising questions about privacy and data protection. Some notable examples include:

• Kenya: In August 2023, Kenya became the first country to suspend Worldcoin’s operations. Authorities cited privacy concerns and ordered the company to halt biometric data collection and processing until a full investigation could be conducted.
• Germany:  The Bavarian State Office for Data Protection Supervision found that Worldcoin’s biometric data handling violated GDPR. Worldcoin was ordered to delete unlawfully collected data and halt biometric data processing until it complies with GDPR standards.
• Spain: In March 2024, Spain’s data protection authority took swift action, imposing a temporary ban on Worldcoin’s operations. The AEPD ordered the deletion of personal data previously collected and emphasized the need to safeguard privacy. This decision was upheld by the High Court.
• Argentina: Worldcoin faced legal action for including unfair terms in its user agreements under Argentina’s National Consumer Protection Law. This resulted in a fine exceeding $1 million and a lawsuit against the company for violations.
• EU-Wide: Across the European Union, regulators continue to raise concerns about Worldcoin’s data practices. Investigations into excessive biometric data collection, lack of transparency, and failure to uphold users’ rights under GDPR are ongoing, reflecting widespread regulatory caution toward the company.

Conclusion: If World ID Is the Future, It Needs Real Transparency and Accountability

Worldcoin is introducing a new model that could transform how we verify our identity. By using biometric data, such as iris scans, Worldcoin’s World ID has the potential to make identity verification more secure and efficient across a wide range of industries. 

For Worldcoin to truly succeed, it must prioritize full transparency, clear consent, and a system that gives users real control over their data. Without these, it risks becoming a tool that compromises privacy rather than empowering individuals.

User-centric identity is key. This means real control, auditability, and the ability to opt out or remove data if necessary. Proving who you are should never come at the cost of your privacy or personal freedom.

Looking ahead, Worldcoin’s future hinges on addressing these critical issues. The next step is clear: Worldcoin must ensure that its system operates with transparency, security, and respect for users’ rights. The future holds great potential, but for World ID to thrive, it must prioritize trust and control for the people who use it.

Identity.com

Identity.com helps many businesses by providing their customers with a hassle-free identity verification process through our products. Our organization envisions a user-centric internet where individuals maintain control over their data. This commitment drives Identity.com to actively contribute to this future through innovative identity management systems and protocols.

As members of the World Wide Web Consortium (W3C), we uphold the standards for the World Wide Web and work towards a more secure and user-friendly online experience. Identity.com is an open-source ecosystem providing access to on-chain and secure identity verification. Our solutions improve the user experience and reduce onboarding friction through reusable and interoperable Gateway Passes. Please get in touch for more information about how we can help you with identity verification and general KYC processes using decentralized solutions.