Worldcoin makes core components of iris biometric imaging software open source

Worldcoin has taken a step towards transparency by open-sourcing the software component of its Orb biometric device. This move allows for external verification of the company’s data privacy claims and provides experts with the ability to examine how the Orb captures images, processes biometric data, and transfers it to the World App.

Such an infrastructure will promote a community-driven audit process, wherein an independent verification and public reporting of findings will contribute to the assurance of Orb’s adherence to the protocols governing data privacy and security.

An important component of the Orb’s software, the do_signup function within the orb-core repository, is now available for study. This function outlines the technological mechanisms behind each World ID verification process, including image capture, biometric processing, and secure data submission.

Although the software can generate high-quality eye and face images, the company admits to encountering challenges when integrating the autofocus system. Their Rust-based software uses a feedback controller, which has a neural network to determine real-time sharpness estimates.

During the subsequent biometric stage of image processing, custom neural networks and Gabor filter implementation are accessed through Python interfaces. The software initially verifies that the images have not been tampered with or artificially developed.

Next, the Iris Recognition System (IRIS), a software created by Tools for Humanity and subsequently released as open source by Worldcoin, is employed to analyze the eye images.

The Rust programming language has been optimized to minimize the negative impact of frequent reloading of components such as IRIS and other models. This is achieved through a design, inspired by the Android Zygote process.

Worldcoin says that the software’s implementation on the Orb protects users’ control over their data through advanced security mechanisms. These mechanisms include signing with Orb’s private key and encrypting with the user’s public key.

A dedicated secure element within the Orb carries out the signing process, which is cryptographically paired with the Nvidia Jetson platform during manufacturing. The encryption process uses a sealed box to guarantee that only the intended recipient can decrypt the transmitted biometric data, the company says in a blog post.

The privacy claims of the Orb’s architecture were audited by Trail of Bits, a security research firm.

According to Worldcoin, certain aspects of the orb-core and orb-secure-element contain sensitive code that has been forked for public use. Their strategy for reducing the necessity of these forks is to gradually open-source the software components, which will enable them to develop all non-sensitive parts of the software in an open manner.

Efforts like these, the company says, contribute to the larger goal of prioritizing user privacy, data security, and transparent governance.

Article Topics

biometrics  |  data privacy  |  iris biometrics  |  open source  |  research and development  |  Tools for Humanity  |  World  |  World ID Orb