The latest stunt, in crypto environment and with the stupidest pretext that can be, comes from the company Worldcoin.
In a nutshell, Sam Altman, under the pretext of promoting the use and dissemination of cryptocurrencies, offers free crypto (safe?) in exchange for scanning the iris.
Unlike any crowdfunding, WorldCoin does not ask for tokens to be purchased in exchange for a certain amount of fiat currency to fund the project.
The project is already up and running, in fact people around the world are already at work, who through a tool called Orb, scan the iris of the eye and transfer a certain number of tokens to their wallet.
Simple, Altman asserts that in this way the tokens are not given two or more times to the same person and therefore it cannot be a bot that performs the request procedures.
Following the graph below we can say that the project is well built and safe, in fact in addition to not having any connection between the user and the encoding of the iris, and between the encoding of the iris and the wallet, the data is safe.
In addition, the "raw" biometric data, once the Irishash is obtained, is destroyed.
The whole thing makes use of a public blockchain, Ethereum, so we should be totally safe?
Validation of transactions would be through iris hashing and linking to the wallet through a zero-knowledge proof (ZKP). A bit like what happens in lightning network validations.
In fact, this all takes place on an Ethereum layer 2 network to offer scalability and low transaction costs.
In practice once acquired the hash of one's iris to confirm "Human Uniqueness", this would become a unique digital signature, once implemented in the system to obtain tokens for free.
Sensational project and nothing short of foolproof, if we analyze some points:
- Public blockchain, Ethereum
- Hacker-proof security (ZKP)
- Low transaction costs
A true idyll.
But Facebook is also free and we "trust" it with many things in our lives. Of course we can say what we want that no one could actually verify "Human Uniqueness", but in the meantime we write down the most basic things.
First name, last name, some preferences... actually, no, we don't put those.
After a few Google searches, it just so happens that the first ads that come up on our Facebook home page are the things we searched for....
Even though we used an alias to register the ads come up; so, at an algorithmic level, links are being made.
In Worldcoin and all good, all perfect and above all safe, but ...
But let's try to go further: the construction of the Orb (the hardware that scans the iris and creates the hash) certainly had costs, we do not seek a quantification, but there are sure costs.
Operators going around the world will have a cost.
All of these costs will have to be incurred, but the tokens are given away for free.
This is where the question arises for me: but is my data really destroyed?
Objectively, when you close a Lightning channel, all records made are lost, because they are not recorded.
The IrisHash, however, must be preserved, at least to have a feedback of "Human Uniqueness" and not give away 2 times the tokens.
Who can guarantee us that the algorithm with which the irisHash is calculated is not reversible and therefore obtain the biometric data of departure?
If this were the case, it would be sufficient to sell at a high price the IrishHash with the conversion algorithm and here is that the iris-subject matching is soon made: how many of us, to access the credit institutions have made a scan of the iris to enter?
Simply, since the preparatory phase is carried out through QrCode created by the smartphone, to have the "Human Uniqueness" just use the fingerprint sensor of the smartphone, without scanning any iris, let alone create biometric hashes.
I made my mind, and you?