Worldcoin, the ambitious brainchild of OpenAI CEO Sam Altman and two of his partners, has been marred by controversies since it debuted in late July last year.
The idea was simple: establish a global digital ID system, introduce a global currency, the Worldcoin token (WLD), and develop the World App, a universal wallet that leverages World ID to facilitate payments.
When the project launched, the initial reception was divided. Privacy advocates and regulators across several jurisdictions argued that collecting biometric data on such a large scale poses many risks.
However, the project managed to draw in over 2 million users who signed up for a digital ID during its initial rollout phases.
The regulatory pressure prompted Worldcoin to implement the Secure Multi-Party Computation system. This encrypts the scanned iris data into secret shares to address concerns about data centralization.
At the time of publication, the project was banned in some countries, while others were investigating its data collection practices.
Despite the mixed reception, the project had 119 ‘orbs’—spherical devices that scan a user’s iris—across 18 countries within the first few months. Now, Worldcoin plans to expand that number to 1,500 globally. Meanwhile, the World App has raked in over 10 million users.
While Worldcoin’s approach to decentralized identity shows promise, ongoing debates question whether it truly tackles the broader issues at play.
What are your thoughts on Worldcoin’s biometric data collection efforts?
Worldcoin has recently announced they will delete all biometric data and distribute it in a MPC network. This removes one major concern about data concentration from the technical point of view. Worldcoin also uses nullification to protect users against cross-application tracking.
Do you see any shortcomings with the project’s current approach to security?
Security is more complex than its technical component—it’s a property of the entire solution, including technology, people, processes, and power structures. Worldcoin uses many right cryptographic primitives to achieve privacy and security, but they are not following the principles of decentralization and transparency that most Web3 projects embrace. They have open-sourced most of their technologies, yet the governance, long-term goals, and tokenomics remain a source of concern.
Worldcoin claims that Secure Multi-Party Computation will enhance data privacy and security by distributing biometric data across multiple parties. Do you believe this approach can effectively address the ethical concerns?
No. Technical security should never stop the ethical debate around the implications of a unique identifier that can’t be changed for my entire life. This is an identifier that I can’t deny, be forced to present, and can’t change. The implications are deep and, in some cases, dangerous.
Despite the controversies, Worldcoin has garnered considerable attention. What do you think is driving its appeal?
Every tokenized project is susceptible to speculation, and Worldcoin is no different. They are linked to Sam Altman and OpenAI, which have a “winner” aura attracting controversy and investor interest. There is also a sentiment that OpenAI is investing in a problem they help create (synthetic identities), which is both ethically reprehensible and economically attractive.
Can identity verification systems be enhanced in security and efficiency while minimizing reliance on biometric data?
Biometrics is at the core of all identity systems, even National ID and Passports. It’s not about the technology but about who is the source of trust and how centralized it is. Governments should play that role, and projects like EUDI (the European Union’s digital identity solution) will make it more available to many citizens. Some alternatives are networks of trust (social graphs, P2P vouching, etc.), but none have seen mass adoption so far.
From your experience at Privado ID, what are the key considerations for creating identity solutions that align with international data protection standards?
We advocate for open ecosystems of interoperability. Centralizing everything in a single identity provider is tempting (faster, easier, simpler), but we need a healthy, open ecosystem of competing and local identity providers to avoid concentration of power. This provides choice and alternatives and can adapt to local regulations. For example, adding Age Verification to Google or Apple accounts offers convenience but creates large databases for these companies, potentially leading to non-compliance with local regulations. An ecosystem of Age Verification providers with interoperable credentials is better.
How does Privado ID approach the challenge of creating open ecosystems and ensuring interoperable credentials within its platform?
We aim to provide the infrastructure to support open ecosystems of interoperable credentials. We are not in the business of providing these credentials but aim to connect identity providers and users, enabling credential exchange and monetization in a privacy-preserving way with the best user and developer experience. We see ourselves as a marketplace of trusted data where consumers (applications) and providers (credential issuers) can integrate and conduct business while respecting users’ privacy and right to consent.
