FB pixel

Worldcoin security audit shows safe biometrics handling, limited data collection

Worldcoin security audit shows safe biometrics handling, limited data collection
 

A security assessment by Trail of Bits says Worldcoin’s software for biometrics collection with its orb devices is sound from a data protection and privacy perspective.

Trail of Bits also provided the third-party security analysis of biometric digital voting platform Voatz back in 2020.

The Worldcoin security audit report found the orb collects little personally identifiable information, and safely handles the iris biometric code, which is the only piece of PII that leaves the orb.

Tools for Humanity asked Trail of Bits to assess a series of claims about its software. The Worldcoin developer claims that “For the default opt-out signup flow, no personally identifiable information (PII) except the iris code is collected by the orb;” and that “For the non-default opt-in signup flow, PII is handled securely by the orb.” Further, they say “The Orb does not extract any sensitive data from a user’s device” and “The user’s iris code is handled securely.”

The assessment was carried out by three security researchers, who put in a total of six weeks of engineering review, according to a blog post from Worldcoin.

The security researchers identified four possible attack vectors, along with “unconfirmed concerns” that led Worldcoin to update some code.

However, the researchers say their “analysis did not uncover vulnerabilities in the Orb’s code that can be directly exploited in relation to the Project Goals as described.”

Worldcoin’s security audit follows a series of questions from data privacy regulators, with recent examples in Spain and South Korea. Whether they will find the answers it provides satisfy their concerns remains to be seen.

The projects the company refers to as “Wave0” of its Community Grants Program are getting some exposure, meanwhile, in the form of another blog post describing half of the 28 grantees. Several of the projects relate to blockchain voting, in particular for decentralized autonomous organizations (DAOs). Others address monetizing spending data, integrating multi-party computation and visualization of World ID public keys.

Related Posts

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

Entrust updates card issuance software, lands ecommerce onboarding deal

Entrust has released two new products, including one in partnership with European payment platform Lemonway, which offers payment processing for…

 

Japan’s DNP sets eyes on Asia-Pacific cross-border digital credentials

Global printing giant Dai Nippon Printing (DNP) is getting into the digital identity business. And not only that: The 150-year-old…

 

Germany still not ready to launch DeutschlandID

Germany’s little-known federal digital identity BundID still seems to be struggling to find popularity. According to the federal government, only…

 

Voxx asset review delays quarterly filing

A regulatory notice from Voxx International says the firm needs extra time to work out the fine details of its…

 

RealSense spinning out from Intel with biometrics expansion plans

The RealSense 3D camera division of Intel was never completely shuttered, and the company is now spinning it off into…

 

Malaysia digital ID deadline looms, pressure on to resolve delays

Malaysia’s digital minister has addressed the ongoing delay in rolling out the country’s MyDigital ID initiative and second 5G network….

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events