Worldcoin handles its end users’ iris biometrics data securely, according to a third party evaluation conducted by Trail of Bits, a well-regarded team of cybersecurity experts.
Co-founded by OpenAI CEO Sam Altman, Worldcoin is a prominent blockchain startup that is aiming to build a global digital identity platform founded upon end users’ unique biometrics. To that end, it has gained notoriety for its use of iris-scanning devices, which it calls “Orbs”, to fully register interested users.
Looking Into the Orbs
Trail of Bits’ assessment validated that the Orb system securely manages this sensitive biometric information. For the default opt-out signup flow, no personally identifiable information (PII) besides the iris code is collected or stored persistently on the Orb, and the iris code itself is not retained on the device.
In cases in which users opt into data custody, the Orb encrypts PII, including the iris code, using robust cryptographic methods, ensuring it cannot be decrypted by the Orb itself. The audit also confirmed that the Orb does not extract any additional data from a user’s device beyond what is contained in a QR code.
A Reputation for Expertise
Headquartered in New York City, Trail of Bits has conducted numerous security audits for blockchain platforms and smart contracts, including those for Ethereum Foundation projects and other major cryptocurrency platforms. The group has also collaborated with various U.S. government agencies on cybersecurity projects, contributing its expertise to enhance national security through technology assessments, software assurance, and the development of security tools.
Among the broader cybersecurity community, Trail of Bits is known for contributing to the open-source community with tools like Crytic, a suite of security tools for Ethereum smart contract development, and Osquery, an operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD.
The prominent cybersecurity firm’s validation of Worldcoin’s data security practices could help to restore the latter’s credibility after it has come under intense scrutiny from government privacy regulators around the world over the last several months. Watchdogs have opened investigations in Argentina, France, Germany, Hong Kong, Kenya, South Korea, Spain, and the United Kingdom.
Can Worldcoin Do Better?
Trail of Bits also provided recommendations for further security enhancements, including kernel hardening and runtime improvements. Kernel hardening involves implementing security measures to protect the core of the operating system, while enhancing the runtime environment improves security by updating software components and configurations to prevent exploitation.
Overall, though, the audit validates Worldcoin’s purported commitment to user privacy and data security, demonstrating rigorous measures to protect sensitive information while still acknowledging areas for potential improvement.
That having been said, Trail of Bits was working a version of Worldcoin’s software that may now be out of date. The firm began its assessment on August 14, 2023, based on a software version dated July 8, 2023, which Worldcoin calls “SemVer 3.0.10”. As of this month, Worldcoin’s Orbs are running SemVer 4.0.34.
Source: Worldcoin
–
(Originally published on FindBiometrics)
Follow Us