Privado ID CPO weighs in

Worldcoin, the ambitious brainchild of Open AI CEO Sam Altman and two partners, has been plagued by controversy since its launch in late July of last year.

The idea was simple: establish a global digital identity system, introduce a global currency (in this case the Worldcoin token (WLD)), and develop World App, a universal wallet that uses World ID to facilitate payments.

When the project was launched, initial reactions were divided. On the one hand, privacy advocates and regulators in various jurisdictions argued that collecting biometric data on such a large scale carried many risks. On the other hand, the project managed to attract more than 2 million users who signed up for digital IDs in its early implementation stages.

Regulatory pressure has led Worldcoin to implement its Secure Multi-Party Computation system, which encrypts scanned iris data into secret shares to be distributed among multiple parties, in an effort to address concerns about data centralization.

At the time of publication, the project was banned in some countries, and its data collection practices were being investigated in others.

Despite mixed reactions, the project had 119 ‘orbs’ (a spherical device that scans a user’s iris) in 18 countries in its first few months, and now plans to increase that number to 1500 globally. Meanwhile, the World App has grown to over 10 million users.

While Worldcoin’s approach to decentralized identity looks promising, there is ongoing debate over whether it truly addresses the game’s broader problems.

Sebastian Rodriguez, chief product officer at decentralized identity platform Privado ID, told crypto.news that while Worldcoin’s use of cryptographic techniques is commendable, broader issues like governance and transparency remain unresolved.

What do you think about Worldcoin’s biometric data collection efforts?

Worldcoin recently announced that it will be deleting all biometric data and distributing it across an MPC network. This technically eliminates one of the biggest concerns about data density. Worldcoin also uses invalidation to protect the user from cross-application tracking, so technically speaking, we find the new Worldcoin approach to be technically secure.

Do you see any shortcomings in the project’s current approach to security?

Security is more complex than its technical component; it is a feature of the entire solution (technology, people, processes, and power structures). In our view, Worldcoin uses many of the correct cryptographic principles to ensure privacy and security, but they do not follow the principles of decentralization and transparency that most Web3 projects embrace. They have made an effort to open source much of their technology (including hardware to a certain extent), but the governance of the project, its long-term goals, and its token economics are still a concern.

Essentially, their model only works when they have a monopoly on proof of uniqueness – a type of credential that can only be provided by a single provider (when based on non-standard biometric templates). It is not based on national identity documents (which would allow multiple Authentication providers) but on a non-standard biometric hash database controlled by a single private organization.

Worldcoin claims that Secure Multi-Party Computation will increase data privacy and security by distributing biometric data across multiple parties. Do you believe this approach can effectively address ethical concerns?

No. Technical security should never stop the ethical debate around the implications of a unique identifier that cannot be changed in my lifetime. It is an identifier that I cannot deny having; I can be forced to provide; and I cannot change. The implications are profound and, in some cases, dangerous.

Despite the controversy, Worldcoin has attracted considerable interest. What do you think makes it appealing?

Every tokenized project is open to speculation, and Worldcoin is no different. They are also associated with Sam Altman and OpenAI, which I think has a “winner” aura that simultaneously attracts discussion and investor interest. There is a sense that OpenAI is investing in a problem (synthetic identities) that is both ethically reprehensible and economically attractive.

Can the security and efficiency of authentication systems be increased while minimizing reliance on biometric data?

Biometrics are at the heart of all identity systems, including National IDs and Passports. It’s not about the technology, it’s about who the source of trust is and how central it is. We believe governments should play this role and with projects like EUDI [the European Unitons’s digital identity solution] will become more accessible to many citizens. Some alternatives are based on trust networks (social graphs, p2p surety, etc.), but none of these have achieved mass adoption so far.

Based on your experience at Privado ID, what are the key points you pay attention to when creating identity solutions that comply with international data protection standards?

We advocate for open ecosystems of interoperability. Centralizing everything in a single identity provider is always tempting (faster, easier, simpler) – but we need to allow for a healthy open ecosystem of competing, local identity providers that avoid concentration of power, provide choice and alternatives, and also adapt to local regulations. For example – it’s very tempting to add Age Verification to our Google or Apple accounts and have the verification done by our phones or email accounts. But that would give these companies huge databases of every place we use those credentials. They probably won’t fully comply with every local regulation on the subject. It’s better to have an ecosystem of Age Verification providers with interoperable credentials.

How does Privado ID approach the challenge of creating open ecosystems and providing interoperable credentials within its platform?

We want to provide the foundational infrastructure to build and support open ecosystems of interoperable credentials. We are not in the business of providing these credentials – we aim to provide identity providers and users with the best channels to exchange and monetize credentials in the most privacy-preserving way and with the best user and developer experience. We see ourselves as a marketplace for trusted data where consumers (applications) and providers (credential issuers) can connect, integrate, and do business while respecting user privacy and consent.