The project aims to scan all the world’s eyeballs
People queue up to have their irises scanned at an outdoor sign-up event for Worldcoin in Indonesia.
In a college classroom in the Indian city of Bangalore last August, Moiz Ahmed held up a volleyball-size chrome globe with a glass-covered opening at its center. Ahmed explained to the students that if they had their irises scanned with the device, known as the Orb, they would be rewarded with 25 Worldcoins, a soon-to-be released cryptocurrency. The scan, he said, was to make sure they hadn’t signed up before. That’s because Worldcoin, the company behind the project, wants to create the most widely and evenly distributed cryptocurrency ever by giving every person on the planet the same small allocation of coins.
Some listeners were enthusiastic, considering the meteoric rise in value that cryptocurrencies like Bitcoin since they launched. “I found it to be a very unique opportunity,” said Diksha Rustagi. “You can probably earn a lot from Worldcoin in the future.” Others were more cautious, including a woman who goes by Chaitra R, who hung at the back of the classroom as her fellow students signed up. “I have a lot of doubts,” she said. “We would like to know how it’s going to help us.”
Those doubts may be warranted. The 5-minute pitch from Ahmed, a contractor hired to recruit users, focused on Worldcoin’s potential as a digital currency, but the project’s goals have morphed considerably since its inception. Over the past year, the company has developed a system for third parties to leverage its massive registry of “unique humans” for a host of identity-focused applications.
Worldcoin CEO Alex Blania says the company’s technology could solve one of the Web’s thorniest problems—how to prevent fake identities from distorting online activity, without compromising people’s privacy. Potential applications include tackling fake profiles on social media, distributing a global universal basic income (UBI), and empowering new forms of digital democracy.
But Worldcoin’s biometric-centered approach is facing considerable pushback. The nature of its technology and the lack of clarity about how it will be used are fueling concerns around privacy, security, and transparency. Questions are also being raised over whether Worldcoin’s products can live up to its ambitious goals.
So far, Worldcoin has signed up more than 700,000 users in some 25 countries, including Chile, France, and Kenya. In 2023 it plans to fully launch the project and hopes to scale up its user base rapidly. Many people will be watching the company during this make-or-break year to see how these events will unfold. Will Worldcoin succeed in reimagining digital identity, or will it collapse, like so many buzzy cryptocurrencies that have come before?
In early 2020, Blania started working with Worldcoin cofounders Sam Altman, former president of the legendary Silicon Valley incubator Y Combinator, and Max Novendstern, who previously worked at the financial-technology company Wave. The question driving them was a simple one, Blania says. What would happen if they gave every person on the planet an equal share of a new cryptocurrency?
Their thesis was that the network effects would make the coin far more useful than previous cryptocurrencies—the more people who hold it, the easier it would be to send and receive payments with it. It could also boost financial inclusion for millions around the world without access to traditional banking, says Blania. And, if the coins increase in value (as have other cryptocurrencies like Bitcoin and Ethereum), that trend could help redistribute global wealth.
Most ambitiously, the founders envisaged Worldcoin as a global distribution network for UBI—a radical approach to social welfare in which every citizen receives regular cash payments to cover their basic needs. The idea has become popular in Silicon Valley as an antidote to the job-destroying effects of automation, and it has been tried out in locations including California, Finland, and Kenya. When the Worldcoin project was unveiled in October 2021, Altman told Wired that the coin could one day be used to fairly distribute the enormous profits generated by advanced artificial intelligence systems.
The founders envisaged Worldcoin as a global distribution network for universal basic income.
To ensure even distribution of coins, Worldcoin needed a sign-up process that guaranteed that each person could register only once. Blania says the team didn’t want to tie the cryptocurrency to government IDs due to privacy risks, and they eventually decided that only biometric iris scans could scale into the billions. Given the sensitivity of biometric data, the team knew that privacy protections had to be paramount. Their solution is a protocol based on Proof-of-Personhood (PoP)—a complex combination of custom hardware, machine learning, cryptography, and blockchain technology that Blania says can assign everyone a unique digital identity with complete anonymity.
The Orb is central to this approach. Behind its gleaming surface is a custom optical system that captures high-definition iris scans. To sign up for Worldcoin, enrollees download the company’s app onto their smartphones, where it creates a pair of linked cryptographic keys: a shareable public key and a private key that remains hidden on the user’s device. The public key is used to generate a QR code that the Orb reads before scanning users’ irises. The company says it has invested considerable effort into making Orbs resistant to spoofing sign-ups with modified or fake irises.
The scan is then converted into a string of numbers known as a hash via a one-way function, which makes it nearly impossible to re-create the image even if the hash is compromised. The Orb sends the iris hash and a hash of the user’s public key to Worldcoin’s servers in a signed message. The system checks the iris hash against a database to see if the person has signed up before, and if not, it’s added to the list. The public-key hash is added to a registry on the company’s blockchain.
The process for claiming the user’s free Worldcoins relies on a cryptographic technique known as a zero-knowledge proof (ZKP), which lets a user prove knowledge of a secret without revealing it. The app’s wallet uses an open-source protocol to generate a ZKP showing that the holder’s private key is linked to a public-key hash on the blockchain, without revealing which one. That way, Worldcoin won’t know which public key is associated with which wallet address. Once this linkage is verified by the company’s servers, the tokens are sent to the wallet. The ZKP also includes a string of numbers unique to each user called a nullifier, which shows if they’ve tried to claim their coins before without revealing their identity.
It didn’t take long for Worldcoin to realize that its identity system could have broader applications. According to Blania, the first to spot the potential was Chris Dixon, a partner at the venture capital firm Andreessen Horowitz, which led the first investment round in Worldcoin. Blania says that about seven months after the team started work on the project, he told them, “This is super interesting tech, but I think you don’t understand what a big deal it actually is.”
On today’s Internet, most activities flow through centralized platforms like Amazon, Facebook, and PayPal. Blockchain technology could theory remove these middlemen, instead using a decentralized networks of volunteers to regulate such functions as online payments, social media, ride-sharing platforms, and many other types of services—a vision for the future of the Internet dubbed Web3.
Worldcoin’s biggest challenge may not be the functionality of its technology, but questions of trust.
But decentralization also enables new kinds of manipulation, including sybil attacks, named after the 1973 book Sybil, about a woman with multiple personalities. The anonymity of the Internet means it’s easy to create multiple identities that let attackers gain disproportionate influence over decentralized networks. That’s why cryptocurrencies today require members to carry out complex mathematical puzzles or stake large chunks of their money if they want to contribute to core activities like verifying transactions. But that means control of these networks often boils down to how many high-powered computer chips you can afford or how much crypto you hold.
Worldcoin will manage two different processes: signing up users and letting them claim the promised amount of the cryptocurrency as a reward for signing up. Signing up involves scanning users’ irises and keeping records that connect those scans with their digital wallets. Claiming a reward requires verification that the user has indeed signed up, which can be done in a way that doesn’t reveal any information about the user other than that they are signed up.Worldcoin
A method to ensure that every member of a network has just one identity could solve the sybil problem in a much more equitable way. And a unique digital ID could have applications beyond Web3, says Tiago Sada, head of product at Worldcoin, such as preventing bot armies on social media, replacing credit-card or government-ID verification to access online services, or even facilitating democratic governance over the Web. Toward the end of last year, Sada says, Worldcoin started work on a new product called World ID—a software-development kit that lets third parties accept ZKPs of “unique humanness” from Worldcoin users.
“A widely adopted PoP changes the nature of the Internet completely,” says Sada. “Once you have sybil resistance, this idea of a unique person [on a blockchain], then it just gives you an order of magnitude more things you can do.”
Despite the startup’s growing focus on World ID, Blania insists its ambitions for the Worldcoin cryptocurrency haven’t diminished. “There is no token that has more than 100 million users,” he says. Worldcoin could have billions. “And really no one knows what the explosion of innovation will be if that actually happens.”
But the coin has yet to be released—those who sign up get an IOU, not actual cryptocurrency—and the company has released few details on how it will work. “They haven’t shared anything regarding what their currency model or their economic model is going to be,” says Anna Stone, who leads commercial strategy for a nonprofit called Good Dollar. “It’s just not yet clear how individual users will benefit.”
Good Dollar distributes small amounts of its own cryptocurrency to anyone who signs up, as a form of UBI. Stone says the project has focused on creating a sustainable stream of UBI for claimants, while Worldcoin seems to be committing far more resources to developing its PoP protocol than the currency itself. “Offering people free crypto is a powerful lead-generation tactic,” she says. “But getting people into your system and getting people using your currency as a currency are two quite different challenges.”
“It’s really hard to revoke and reissue your iris.” – Jon Callas
Leading UBI proponent Karl Widerquist, a professor of philosophy at Georgetown University–Qatar, says he’s skeptical of the potential of cryptocurrencies for boosting financial inclusion or enabling UBI. He says their inherently volatile prices make them unsuitable as currency. But Worldcoin’s one-time distribution seems even less likely to succeed, he says, because most people around the world are so poor that they spend everything they have right away. “The majority of people in the world are going to have none of this currency very quickly.”
The company’s vision for Worldcoin has also shifted as the importance of World ID has grown. While the company can’t dictate what the token will be used for, Sven Seuken, Worldcoin’s head of economics, says it is now positioning the coin as a governance token that gives users a stake in a blockchain-based type of entity called a decentralized autonomous organization (DAO). The company has ambitions to slowly transfer governance of its protocol to a DAO that’s controlled by users, with voting rights linked to their Worldcoin holdings. Tokens would act less as a payment method and more like shares in a company that manages the World ID platform.
This pivot wasn’t reflected in the pitch at the college in Bangalore, where enrollees were sold on the potential of a fast, cheap way to transfer money around the world. Seuken admits the company needs to update its public communications around the benefits of signing up, but he says explaining World ID’s value at this stage of adoption is challenging. “Convincing users initially to sign up by pitching World ID, this would be a really hard sell,” he says.
Informed consent is important, though, says Jon Callas, director of public-interest technology at the Electronic Frontier Foundation. It’s problematic, he says, if users don’t realize they’re signing up for a global identity system, especially one that involves biometrics, which are a uniquely sensitive form of authentication. “It’s really hard to revoke and reissue your iris,” says Callas.
While ZKPs provide strong mathematical guarantees of privacy, implementation mistakes can leave gaps that attackers can exploit, says Martin Albrecht, a professor of information security at Royal Holloway, University of London. In 2020, researchers bypassed ZKPs that had been used to anonymize transactions in the privacy-focused cryptocurrency Zcash by exploiting their knowledge that the time taken to generate a proof correlated to the content of transaction data (specifically, the transaction amount).
Worldcoin’s head of blockchain, Remco Bloemen, says that even if the company’s ZKPs were cracked, there wouldn’t be a leak of biometric information, as the ZPKs aren’t connected to users’ iris hashes and are based only on their private keys. But Albrecht says revealing a user’s private key is still a significant problem as it would let you impersonate them. “Once you know someone’s private key, it’s game over,” he says.
Glen Weyl, an economist at Microsoft Research, says that worries about Worldcoin’s threats to privacy are overblown, given that the biometrics aren’t linked to anything. But Worldcoin’s stringent privacy protections have introduced a critical weakness, he adds. Because biometric authentication is a one-time process, there is no ongoing link between users and their World IDs. “You’ve just found a way to generate a key, and that key can be sold or disposed of in any way people want,” he says. “They have no framework, in any sense, for making sure these wallets are tied to the people who received them, other than their trust relationship with the people that they’ve hired to do the recruiting.”
A young woman has her irises scanned at a sign-up event in Bangalore, India. It’s no accident that the scanning device, called the Orb, resembles a giant eyeball. Edd Gent
Without an ongoing link between World ID and the underlying biometrics, it’s impossible to audit the registry of users, says Santiago Siri, board member of a competing digital identity system called Proof of Humanity (PoH). That’s why PoH has built its registry of unique humans by getting people to upload videos of themselves that others can challenge if the videos seem fake. Siri concedes that the approach is hard to scale and has significant privacy challenges, but he says the ability to audit a system is critical for its trustworthiness. “How can I verify that of those 750,000 [Worldcoin] identities, 700,000 are not fake, or controlled by Andreessen Horowitz?” he says. “No one will be able to verify that, not even the Worldcoin people.”
It’s also questionable how useful the concept of “unique humanness” really is outside of niche cryptocentric applications, says Kaliya Young, an identity researcher and activist. Identity plays a broader role in everyday life, she says: “I care what your university degrees are, where you were born, how much money you make, all sorts of attributes that PoP doesn’t solve for.”
Worldcoin’s biggest challenge may not be the functionality of its technology but questions of trust. The central goal of blockchains is to avoid relying on centralized authorities, but by using complex, custom hardware to recruit users, the company is setting itself up as a powerful arbiter of digital identity. “Worldcoin posits that everyone in the world should have their eyeball scanned by them and they should be the decider of who’s a unique human,” says Young. “Please explain to me how that’s not ultracentralized.”
What’s more, Microsoft’s Weyl says, the company’s reliance on the “creepy all-seeing eye” of the Orb may create problematic associations. According to Weyl, projects like Worldcoin may give people “a sense of a dystopian future” rather than one that is “hopeful and inclusive.”
In the end, the success of Worldcoin’s ambitious 2023 goals may boil down to a question of narrative. The company is peddling a message of financial inclusion and wealth distribution while critics raise concerns around privacy and transparency. It remains to be seen whether the world will truly buy into Worldcoin.
Edd Gent is a freelance science and technology writer based in Bangalore, India. His writing focuses on emerging technologies across computing, engineering, energy and bioscience. He's on Twitter at @EddytheGent and email at edd dot gent at outlook dot com. His PGP fingerprint is ABB8 6BB3 3E69 C4A7 EC91 611B 5C12 193D 5DFC C01B. His public key is here. DM for Signal info.
This telehealth tech could ease overcrowding at care facilities
Kathy Pretz is editor in chief for The Institute, which covers all aspects of IEEE, its members, and the technology they're involved in. She has a bachelor's degree in applied communication from Rider University, in Lawrenceville, N.J., and holds a master's degree in corporate and public communication from Monmouth University, in West Long Branch, N.J.
This is the proposed design of the wearable that can measure vital signs such as heart rate, skin temperature, and blood pressure.
The health-monitoring bracelet that Pramuka Sooriyapatabandige designed can measure vital signs such as heart rate, skin temperature, blood pressure, and blood oxygen saturation. What’s more, the device should be inexpensive to manufacture and could be made in his native country of Sri Lanka, where access to health care can be difficult. The bracelet recently won first place in the IEEE Telehealth Virtual Pitch Competition student category.
The IEEE student member says he was inspired to develop the multipurpose health-monitoring bracelet (MHMB) because noncommunicable, chronic diseases such as cancer and heart disease account for 70 percent of deaths worldwide, and more than three-quarters of them occur in developing countries including Sri Lanka. The South Asian country is in the midst of an economic crisis, and its health care system is struggling, according to a U.N. report.
“When I started this research project, I did not have a clear idea of the problems with health care,” says Sooriyapatabandige, who earned a bachelor’s degree in electrical and electronics engineering this year from the University of Jaffna, in Thirunelvely, Sri Lanka. “After participating in the competition, I got access to so much material on remote health monitoring. I got to see how much work is being carried out, the types of research going on, and the trends. Developing countries barely make use of any of this information, and I think there’s a lot we can do in this field.”
People with chronic conditions such as heart disease and cancer have their vital signs checked regularly. But scheduling an examination with a doctor can be challenging, especially for people living in developing countries and other areas where there’s a shortage of health care professionals. Appointments can be difficult to get, and travel to a medical facility can take a long time. One solution is to use telemedicine to monitor patients remotely.
Clinics make up the backbone of Sri Lanka’s health care system. To avoid overcrowding, people may visit a clinic only on the day they have been assigned, Sooriyapatabandige says. If monitoring vital signs could be done remotely, he says, it would reduce the number of people at the facilities and free up the medical staff to treat those with more serious conditions.
“Strengthening primary health care with a comprehensive, community-based, and family-focused technology solution could be the key for addressing the existing health issues in Sri Lanka,” he says. “Home-based monitoring of essential health parameters is important, and current technologies can address the need.”
The prototype of the multipurpose health-monitoring bracelet (MHMB) includes sensors to measure vital signs and uses photoplethysmography to measure heart rate. Pramuka Sooriyapatabandige
The MHMB is designed to be part of a centralized, remote monitoring system. The battery-powered wearable includes sensors to measure vital signs. It uses photoplethysmography to measure heart rate and includes the capability to obtain single-lead measurements. The bracelet doesn’t have a display and requires only minimal attention from the user.
It cost about US $100 to develop the prototype, Sooriyapatabandige says.
The wearable connects to the cloud via Wi-Fi. Medical staff can access the patient’s data from the monitoring system or from an app. Patients can download the app on their phone to view the history of their readings.
“Home-based monitoring of essential health parameters is important, and current technologies can address the need.”
The bracelet also can be connected to blood pressure monitors, glucometers, and other medical devices. Sooriyapatabandige says that because the MHMB can connect to the tools, the bracelet’s capabilities are not limited to only the measurements that can be made at the wrist. It also makes the bracelet a central node, or hub, for the remote patient-monitoring system, which provides connectivity so other devices can access the platform.
The ability to link to the other tools is not offered by any other such wearable, Sooriyapatabandige says.
The system can be used in mass-casualty scenarios, he says, such as checking natural disaster victims’ vitals, as well as other situations in which there are significant challenges in scaling up medical services.
Sooriyapatabandige didn’t develop the MHMB on his own. He worked on the design with classmate Nilojkanth Loganathan and the project’s supervisor, Ragupathyraj Valluvan, a lecturer in electrical and electronic engineering at the University of Jaffna. Sooriyapatabandige also had assistance from Rajendra Surenthirakumaran , dean of the university’s medicine faculty, and Sivasothy Shanmugalingam, founder of DotsHook, a telecommunications company in Brittany, France.
Sooriyapatabandige and the team are now developing a version of the bracelet for clinical trials. The university is filing a patent application with the National Intellectual Property Office of Sri Lanka.
Sooriyapatabandige says he plans to continue working in the biomedical field. He is looking into Ph.D. programs in embedded systems development, primarily those related to biomedical applications.
The IEEE Standards Association (IEEE SA) held the pitch competition this year to seek out telehealth innovations. The contest was overseen by the IEEE SA Healthcare and Life Sciences Practice and the IEEE SA Transforming the Telehealth Paradigm Industry Connections program.
Entries had to be affordable and easy to use, and they had to protect users’ privacy. They also needed to use inexpensive materials, be scalable, operate with other medical applications, and comply with regional regulatory policies. Submissions came from more than 106 countries.
After winning the competition, Sooriyapatabandige is set to work with a local IEEE Special Interest Group on Humanitarian Technology to test the prototype.
He was a guest speaker in Season 4’s third episode of theIEEE Re-Think Health podcast. In addition, he presented his project at the IEEE Standards Association’s Transforming the Telehealth Paradigm event.
“New and improved methods, such as remote patient monitoring, bring about numerous advantages and benefits,” he says. “In order to ensure that most of the world gets to enjoy these benefits, it is essential to encourage more people and organizations to get involved in these initiatives. Our project and the IEEE SA Telehealth competition are both focused on achieving the most out of these technologies as early as possible and making them available to everyone everywhere.”
Sooriyapatabandige joined IEEE in 2018. He served as secretary of his university’s IEEE Robotics and Automation Society’s student chapter. He organized several events and collaborated with other IEEE societies.
Those opportunities, he says, helped him enhance his leadership and organizational skills: “I got to experience aspects of the different IEEE societies and then identify what was best for me and where my passion lies. IEEE also gave me numerous opportunities, including this competition, to enhance my knowledge and skills as well as to network with professionals and experts.”
In this presentation we will build the case for component-based requirements management
This is a sponsored article brought to you by 321 Gang.
To fully support Requirements Management (RM) best practices, a tool needs to support traceability, versioning, reuse, and Product Line Engineering (PLE). This is especially true when designing large complex systems or systems that follow standards and regulations. Most modern requirement tools do a decent job of capturing requirements and related metadata. Some tools also support rudimentary mechanisms for baselining and traceability capabilities (“linking” requirements). The earlier versions of IBM DOORS Next supported a rich configurable traceability and even a rudimentary form of reuse. DOORS Next became a complete solution for managing requirements a few years ago when IBM invented and implemented Global Configuration Management (GCM) as part of its Engineering Lifecycle Management (ELM, formerly known as Collaborative Lifecycle Management or simply CLM) suite of integrated tools. On the surface, it seems that GCM just provides versioning capability, but it is so much more than that. GCM arms product/system development organizations with support for advanced requirement reuse, traceability that supports versioning, release management and variant management. It is also possible to manage collections of related Application Lifecycle Management (ALM) and Systems Engineering artifacts in a single configuration.
Global Configuration Management – The Game Changer for Requirements Management
In this presentation we will build the case for component-based requirements management, illustrate Global Configuration Management concepts, and focus on various Component Usage Patterns within the context of GCM 7.0.2 and IBM’s Engineering Lifecycle (ELM) suite of tools.
Watch on-demand webinar now →
Before GCM, Project Areas were the only containers available for organizing data. Project Areas could support only one stream of development. Enabling application local Configuration Management (CM) and GCM allows for the use of Components. Components are contained within Project Areas and provide more granular containers for organizing artifacts and new configuration management constructs; streams, baselines, and change sets at the local and global levels. Components can be used to organize requirements either functionally, logically, physically, or using some combination of the three. A stream identifies the latest version of a modifiable configuration of every artifact housed in a component. The stream automatically updates the configuration as new versions of artifacts are created in the context of the stream. The multiple stream capability in components equips teams the tools needed to seamlessly manage multiple releases or variants within a single component.
GCM arms product/system development organizations with support for advanced requirement reuse, traceability that supports versioning, release management, and variant management.
Prior to GCM support, the associations between Project Areas would enable traceability between single version of ALM artifacts. With GCM, virtual networks of components can be constructed allowing for traceability between artifacts across components – between requirements components and between artifacts across other ALM domains (software, change management, testing, modeling, product parts, etc.).
321 Gang has defined common usage patterns for working with components and their streams. These patterns include Variant Development, Parallel Release Management, Simple Single Stream Development, and others. The GCM capability for virtual networks and the use of some of these patterns provide a foundation to support PLE.
The 321 Gang has put together a short webinar also titled Global Configuration Management: A Game Changer for Requirements Management, that expands on the topics discussed here. During the webinar we build a case for component-based requirements management, illustrate Global Configuration Management concepts, and introduce common GCM usage patterns using ELM suite of tools. Watch this on-demand webinar now.