Worldcoin Ensures Privacy and Security of Orb Technology with Third-Party Audit
Worldcoin has taken steps to address privacy concerns surrounding its iris-scanning Orb technology by commissioning a third-party audit. The audit, conducted by Trail of Bits, focused on assessing the privacy and functionality aspects of the Orb’s software. The results of the audit have been released in a recent report by Tools for Humanity (TFH) and the Worldcoin Foundation.
The Purpose of the Audit
The audit aimed to investigate how Worldcoin’s Orb devices handle and secure user data, specifically focusing on privacy-related issues. TFH provided several technical claims to guide the audit process, with an emphasis on the software version as of July 8, 2023.
Data Collection and Storage
During the default opt-out signup process, the Orb only collects the user’s iris code. It does not store or transfer any personally identifiable information (PII) other than this code. The goal is to ensure that no PII is written to the device’s storage or uploaded from it, except for the encrypted iris code.
If users choose a more data-inclusive signup flow, any PII saved on the device’s SSD is encrypted asymmetrically, making it inaccessible for decryption by the Orb itself. The audit confirmed that the Orb does not pull sensitive information from a user’s device; it only collects data encapsulated within a QR code scanned by the device.
Security Measures for Iris Codes
The handling of a user’s iris code was thoroughly scrutinized for security purposes. The audit confirmed that the iris code is not stored persistently on the Orb and is transmitted in a single request to a backend server. Furthermore, it can only be sent to pre-approved servers secured by end-to-end encryption.
Trail of Bits’ Findings
According to Trail of Bits, the audit did not uncover any vulnerabilities in the Orb’s code that could be directly exploited in relation to the project goals. Although the review identified some unconfirmed concerns that theoretically could affect the project goals, the affected code has been updated since then. Overall, the audit did not identify any instances where the project goals would be compromised.
Hot Take: Worldcoin Takes Privacy Seriously
Worldcoin’s commitment to ensuring privacy and security is evident through its proactive approach of commissioning a third-party audit for its Orb technology. The findings of the audit provide reassurance that user data is handled with utmost care and that the Orb’s software meets high standards of privacy and functionality.
By
By
By
By