FB pixel

Worldcoin security audit shows safe biometrics handling, limited data collection

Worldcoin security audit shows safe biometrics handling, limited data collection
 

A security assessment by Trail of Bits says Worldcoin’s software for biometrics collection with its orb devices is sound from a data protection and privacy perspective.

Trail of Bits also provided the third-party security analysis of biometric digital voting platform Voatz back in 2020.

The Worldcoin security audit report found the orb collects little personally identifiable information, and safely handles the iris biometric code, which is the only piece of PII that leaves the orb.

Tools for Humanity asked Trail of Bits to assess a series of claims about its software. The Worldcoin developer claims that “For the default opt-out signup flow, no personally identifiable information (PII) except the iris code is collected by the orb;” and that “For the non-default opt-in signup flow, PII is handled securely by the orb.” Further, they say “The Orb does not extract any sensitive data from a user’s device” and “The user’s iris code is handled securely.”

The assessment was carried out by three security researchers, who put in a total of six weeks of engineering review, according to a blog post from Worldcoin.

The security researchers identified four possible attack vectors, along with “unconfirmed concerns” that led Worldcoin to update some code.

However, the researchers say their “analysis did not uncover vulnerabilities in the Orb’s code that can be directly exploited in relation to the Project Goals as described.”

Worldcoin’s security audit follows a series of questions from data privacy regulators, with recent examples in Spain and South Korea. Whether they will find the answers it provides satisfy their concerns remains to be seen.

The projects the company refers to as “Wave0” of its Community Grants Program are getting some exposure, meanwhile, in the form of another blog post describing half of the 28 grantees. Several of the projects relate to blockchain voting, in particular for decentralized autonomous organizations (DAOs). Others address monetizing spending data, integrating multi-party computation and visualization of World ID public keys.

Related Posts

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

Report explores efforts to curb environmental risks posed by identity documents

In the past couple of years, the identity industry has been involved in efforts to shift away from the use…

 

Malta opposition party demands minister’s resignation over ID card fraud scandal

Malta’s Green Party, ADPD, has intensified its demands for the resignation of a Maltese government minister following revelations of a…

 

Philippines’ central bank enters arbitration over failed ID card project

After the Philippines’ central bank decided to cancel its contract with identification system company AllCard Inc. (ACI) to produce the…

 

Visa biometrics provider VFS in talks to sell minority stake to Temasek

A significant minority stake of about 20 percent in the Blackstone-owned digital services outsourcing company VFS Global might be sold…

 

UK Virgin Islands launch digital transformation tender

Tourist hotspots Thailand, Sri Lanka, the Seychelles and the Virgin Islands are not just offering beaches and sunshine, they are…

 

UK govt encourages digital identity providers to join DIATF registry

The UK government has published guidance on entering the register for digital identity and attribute services. The register represents a…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events