In light of Generative AI’s rapid rise, identity validation solutions are more critical than ever. Fraudsters can now access sophisticated tools to create, steal, and abuse identities faster and more effectively than ever. New solutions are cropping up to protect identities, and assert authenticity, offering innovative technologies for identity authentication, safe payments, or fraud detection. Most recently, this topic has reached mainstream media primarily due to the launch of World ID - ’a digital passport that lets you prove you are a unique and real person while remaining anonymous.’
Created by OpenAI’s founder, Sam Altman, World ID is positioned as a tool to distinguish humans from AI through what it calls ‘proof of personhood.’ Stored on the blockchain, World ID issues digital wallets to those who are scanned by what is called the Orb. This biometric imaging device captures a high-resolution image of a person’s iris to ensure each person is associated with a unique digital identifier.
However, the innovative identity validation solution has stirred some controversy. Though an appealing solution at a glance, many questions about its usability, trustworthiness, and privacy have arisen. These questions touch upon Altman’s technology, his role in creating the problem that he now offers a solution for and reexamine solutions already in the market.
We will further analyse the different components that makeup worldcoin, exploring its technology, adoption challenges, and privacy concerns.
Several technologies are involved in creating, storing, and using World ID, each of which has its own merit — the Orb, the digital wallet, and the blockchain.
The Orb scans the irises of humans and generates digital identities based on this. After 18 months of experimentation, World ID was launched, and centers opened up worldwide to scan eyeballs. Users download the World App and can go to these centers to verify their identity. At each center, the Orb scans each iris and creates a unique digital World ID.
Scanning unique physical attributes for identification has been introduced previously, making it unclear why this new technology is needed. We have biometric imaging of faces, fingerprints, and more. What is unique about scanning irises is still being determined, but this has its downfalls, as with other biometric identifiers. In the 18 months of testing, the tool had trouble scanning the eyes of some Asian people because of the lack of diverse training data. If the goal is to fully rely on the Orb to validate identities, will different shapes of eyes skew the database? Will different contact lenses create inconsistencies? These questions remain unanswered so far.
After each person’s irises are scanned, they receive a digital identity stored on the World ID app. The app also serves as a digital wallet. However, World ID is prohibited in many countries, and where it is allowed, Worldcoin as a legitimate currency is years away. Furthermore, in the one month since its launch, the app has already crashed from too much traffic. Therefore, if businesses around the world were relying on this technology to approve transactions, sign up users, or evaluate trust and safety concerns, the results would most likely prove unactionable at best, and dangerously fraudulent at worst.
World ID has positioned itself as a privacy-preserving identity and financial network owned by everyone. However, it is unclear what this means precisely — storage on the blockchain means it is decentralised with no owner, making it publicly accessible.
Public and privately held blockchain databases are not secure databases. World ID is decentralised, making it publicly accessible to everyone including fraudsters. Additionally, the very nature of blockchain means that the data is replicable and lives forever, giving fraudsters enormous databases to hack and all the time they need to further engage in fraudulent activities.
At the same time, World ID also claims it is private but, as it is publicly available, the privacy component is unclear. However, this means that on a certain level, World ID holds the information, requiring everyone to blindly trust that the company has customers’ best interest at heart, which is difficult to grant.
Alternatively, individual companies or government agencies can hold their own data and keep it secure, while allowing companies to provide each other with proof of identity in a fully anonymous way. Thus, if one company is breached, only the data that this company holds becomes exposed, while the rest of the network remains protected. Moreover, there is no need for a cumbersome central repository which adds no value, while exposing its holders to increased privacy risk and GDPR regulation.
Setting aside the fact that World ID is prohibited in many countries due to privacy concerns, its success completely relies on the rate at which people sign up. We have seen that many people simply won’t make the effort to adopt certain new technologies —even when, in past cases, governments mandated such public key signatures.
World ID puts trust completely in the hands of those signing up. The company trusts that citizens of the world are who they say they are at the initial signup. Anyone can go to a center, scan their irises, and create a new identity. According to Forbes, Worldcoin discovered that operators fooled the device into creating multiple signups for the same person. The scam involved waiting until an iris scan was almost complete and then swapping in a different person to stand in front of the Orb as the scan finished.
Then, there is also the question regarding the personnel who runs the centers. What measures are taken to ensure they are not and cannot be corrupted? Currently, false identities can easily be injected into the system. There is already a black market for Worldcoin credentials. World ID’s system puts faith in the integrity of all people involved - the people behind the technology, the people signing up, and those managing Orb stations.
World ID is still in its early stages, and its adoption, impact, and repercussions are still uncertain. However, essential conversations that need to take place regarding identity validation and privacy in the age of generative AI are surfacing. Blockchain, unique identifiers, and digital wallets are not new to the fraud and payment space, and, therefore, we are already familiar with the problems each of them poses. For identity validation technologies and solutions to succeed, seamless implementation without room for tampering, safe storage, and no special effort by end-users is required.
While we cannot rely on users or one private, decentralised company to effectively and safely store identities, we can rely on physical identities that already exist and are stored by thousands of companies worldwide. Our tangible attributes, such as email addresses, phone numbers, and home addresses remain unchanging over time and are already validated by online platforms like marketplace, social platforms, ecommerce, and gaming. By leveraging networks of validated and trusted users, we can overcome ownership, privacy, and adoptability challenges.
Uri Arad, Identiq’s VP of Product, has been fighting fraud and fraudsters for more than a decade, and has seen the fraud and identity challenge from diverse perspectives: product, risk, and R&D. Before Identiq, he was the Head of Analytics and Research at PayPal’s risk department. He holds a Master’s Degree in Computer Science from Tel Aviv University.
Identiq is a private network for identity validation that empowers companies to safely collaborate with each other to validate trusted customers–without sharing any sensitive data or identifiable information. Our peer-to-peer technology helps some of the world's largest companies to identify good customers, fight fraud, and offer better experiences throughout the digital journey.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now