Worldcoin security audit shows safe biometrics handling, limited data collection

A security assessment by Trail of Bits says Worldcoin’s software for biometrics collection with its orb devices is sound from a data protection and privacy perspective.

Trail of Bits also provided the third-party security analysis of biometric digital voting platform Voatz back in 2020.

The Worldcoin security audit report found the orb collects little personally identifiable information, and safely handles the iris biometric code, which is the only piece of PII that leaves the orb.

Tools for Humanity asked Trail of Bits to assess a series of claims about its software. The Worldcoin developer claims that “For the default opt-out signup flow, no personally identifiable information (PII) except the iris code is collected by the orb;” and that “For the non-default opt-in signup flow, PII is handled securely by the orb.” Further, they say “The Orb does not extract any sensitive data from a user’s device” and “The user’s iris code is handled securely.”

The assessment was carried out by three security researchers, who put in a total of six weeks of engineering review, according to a blog post from Worldcoin.

The security researchers identified four possible attack vectors, along with “unconfirmed concerns” that led Worldcoin to update some code.

However, the researchers say their “analysis did not uncover vulnerabilities in the Orb’s code that can be directly exploited in relation to the Project Goals as described.”

Worldcoin’s security audit follows a series of questions from data privacy regulators, with recent examples in Spain and South Korea. Whether they will find the answers it provides satisfy their concerns remains to be seen.

The projects the company refers to as “Wave0” of its Community Grants Program are getting some exposure, meanwhile, in the form of another blog post describing half of the 28 grantees. Several of the projects relate to blockchain voting, in particular for decentralized autonomous organizations (DAOs). Others address monetizing spending data, integrating multi-party computation and visualization of World ID public keys.

Article Topics

biometric data  |  biometrics  |  data collection  |  iris biometrics  |  multi-party computation  |  Tools for Humanity  |  World  |  World ID Orb