FB pixel

Worldcoin security audit shows safe biometrics handling, limited data collection

Worldcoin security audit shows safe biometrics handling, limited data collection
 

A security assessment by Trail of Bits says Worldcoin’s software for biometrics collection with its orb devices is sound from a data protection and privacy perspective.

Trail of Bits also provided the third-party security analysis of biometric digital voting platform Voatz back in 2020.

The Worldcoin security audit report found the orb collects little personally identifiable information, and safely handles the iris biometric code, which is the only piece of PII that leaves the orb.

Tools for Humanity asked Trail of Bits to assess a series of claims about its software. The Worldcoin developer claims that “For the default opt-out signup flow, no personally identifiable information (PII) except the iris code is collected by the orb;” and that “For the non-default opt-in signup flow, PII is handled securely by the orb.” Further, they say “The Orb does not extract any sensitive data from a user’s device” and “The user’s iris code is handled securely.”

The assessment was carried out by three security researchers, who put in a total of six weeks of engineering review, according to a blog post from Worldcoin.

The security researchers identified four possible attack vectors, along with “unconfirmed concerns” that led Worldcoin to update some code.

However, the researchers say their “analysis did not uncover vulnerabilities in the Orb’s code that can be directly exploited in relation to the Project Goals as described.”

Worldcoin’s security audit follows a series of questions from data privacy regulators, with recent examples in Spain and South Korea. Whether they will find the answers it provides satisfy their concerns remains to be seen.

The projects the company refers to as “Wave0” of its Community Grants Program are getting some exposure, meanwhile, in the form of another blog post describing half of the 28 grantees. Several of the projects relate to blockchain voting, in particular for decentralized autonomous organizations (DAOs). Others address monetizing spending data, integrating multi-party computation and visualization of World ID public keys.

Related Posts

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Mitek: quarterlies, annuals, SEC actions

April 4, 2024 – Mitek is getting back on track with its financial reporting, which may be more reflective of the…

 

Jamaica parliament soon to receive draft digital ID regulation for scrutiny

Plans are being finalized to send the draft regulation on Jamaica’s digital ID program to the country’s parliament for examination…

 

US launches PKI system to make mobile driver’s licenses interoperable, easy to use

The Digital Trust Service being set up by the American Association of Motor Vehicle Administrators (AAMVA) to ease the use…

 

Worldcoin reaches 10 million users, could face $1m fine in Argentina

It is the best of times and the worst of times for Worldcoin. The iris biometrics, digital ID and cryptocurrency…

 

Concerns over national ID card requirements for upcoming polls in Malawi, South Sudan

Malawi and South Sudan are set to hold general elections soon and national ID cards could prove to be a…

 

Under-display facial recognition possible with quantum-inspired computational chemistry

Under-display cameras and facial recognition are in high demand as consumers yearn for smartphones with a bezel-free display. Through quantum-inspired…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events