Worldcoin launched to much fanfare on Monday—but Ethereum's Vitalik Buterin has identified four "major issues" with the project's design.
Founded by Sam Altman—the CEO of OpenAI—the company is offering a "digital passport" that allows owners to prove they're human, and not a bot. This is achieved through the use of Orbs, machines that scan a person's eyeball to create a World ID.
In a lengthy new blog post, Buterin argues that an effective, reliable proof-of-personhood system, like Worldcoin, "seems very valuable," but warns there are big risks in the race to develop one.
The Ethereum co-founder's first concern relates to privacy—and the act of scanning someone's iris. Buterin fears this could capture much more data than meets the eye, including a person's sex, ethnicity and even certain medical conditions.
Perhaps Buterin's most practical argument concerns accessibility—and how likely it's going to be that everyone who wants a World ID can get one.
The latest figures from Worldcoin suggest 1,500 Orbs will be available in 35 global cities as the year progresses—helping the total number of weekly registrations surge from 40,000 people a week to 200,000.
Overall, it estimates that two million have already signed up for a World ID.
Suggesting that sign-ups could plateau quickly, Buterin wrote: "While there are billions of smartphones, there are only a few hundred Orbs. Even with much higher-scale distributed manufacturing, it would be hard to get to a world where there's an Orb within five kilometers of everyone."
If Orbs do become prolific, he believes the headaches wouldn't stop here. He pointed out that there's nothing to stop a government from banning Orbs in their country—or using this technology to coerce citizens.
Buterin issues centralization, security concerns
Buterin's third concern centers on centralization—a pejorative for crypto projects the world over.
In his blog, he points out that Orbs are hardware devices where backdoors could be installed into the system—allowing malicious manufacturers to create many bogus human identities.
"If even one Orb manufacturer is malicious or hacked, it can generate an unlimited number of fake iris scan hashes, and give them World IDs," Buterin warned.
While Worldcoin vows to perform regular audits on Orbs to ensure they are built correctly, Buterin is calling for the project to ensure that World IDs generated with different manufacturers are distinguishable from one another. He believes this could weed out malicious activity, adding: "If we see the North Korean government going around and forcing people to scan their eyeballs, those Orbs and any accounts produced by them could be immediately retroactively disabled."
Finally, he warned about security—but stressed this affects all proof-of-personhood systems and not just Worldcoin.
He believes an "unlimited amount of identities" could be generated if Orbs mistakenly approve the irises of AI-generated photographs or 3D prints of fake people. There's also a danger of someone selling on or renting their World ID to someone else—or losing it after a phone hacking.
Buterin argues that, while there could be some solutions to all of his concerns, Worldcoin may need to team up with other proof-of-personhood projects that score more highly on decentralization, accessibility, and protection against fake users.
He concluded by stressing he believes a world without proof-of-personhood also has dangers—and said building a robust system won't be easy nor quick.
"I definitely do not envy the people attempting the task, and it will likely take years to find a formula that works," he said.
Worldcoin did not immediately respond to Decrypt’s request for comment.