The World ID Orb And The Question Of What Defines A Person

Among the daily churn of ‘Web 3.0’, blockchains and cryptocurrency messaging, there is generally very little that feels genuinely interesting or unique enough to pay attention to. The same was true for OpenAI CEO Sam Altman’s Ethereum blockchain-based Worldcoin when it was launched in 2021 while promising many of the same things as Bitcoin and others have for years. However, with the recent introduction of the World ID protocol by Tools for Humanity (TfH) – the company founded for Worldcoin by Mr. Altman – suddenly the interest of the general public was piqued.

Defined by TfH as a ‘privacy-first decentralized identity protocol’ World ID is supposed to be the end-all, be-all of authentication protocols. Part of it is an ominous-looking orb contraption that performs iris scans to enroll new participants. Not only do participants get ‘free’ Worldcoins if they sign up for a World ID enrollment this way, TfH also promises that this authentication protocol can uniquely identify any person without requiring them to submit any personal data, only requiring a scan of your irises.

Essentially, this would make World ID a unique ID for every person alive today and in the future, providing much more security while preventing identity theft. This naturally raises many questions about the feasibility of using iris recognition, as well as the potential for abuse and the impact of ocular surgery and diseases. Basically, can you reduce proof of personhood to an individual’s eyes, and should you?

Observe The Happy Fun Orb

Although one may question initially the size and heft of the World ID Orb, there is quite a bit of hardware packed into it, for good reason as we’ll see in a moment.  A teardown of the device shows the optics and PCBs. Most of the processing capacity is provided by an Nvidia Jetson Xavier NX system-on-module (SoM), with power for the entire system provided by a nearly 100 Wh, swappable battery pack, composed of 8 single 18650 Li-ion cells.

Exploded view of the World ID Orb (Credit: Worldcoin)
Exploded view of the World ID Orb (Credit: Worldcoin)

This is enough to use the Orb in a portable fashion without having to stay near a power source. The rest of the device’s heft comes from the big telephoto lens and mirror system including gimbal system. This allows for a hapless volunteer’s eyes to be captured without requiring them to press their eyes right up to the sensor.

The main imaging system of the Orb consists of a telephoto lens and 2D gimbal mirror system, a global shutter camera sensor and an optical filter. (Credit: Worldcoin)
The main imaging system of the Orb consists of a telephoto lens and 2D gimbal mirror system, a global shutter camera sensor and an optical filter. (Credit: Worldcoin)

This optical system reveals a commonality among iris scanners, in that they generally do not use the visual spectrum, but rather multi-spectral, near-infrared radiation to discern as many details in the iris as possible. The front PCB of the Orb reveals the final sensors, including a thermal camera. Much of this seems to be related to the anti-tampering measures mentioned by the available documentation, as well as ensuring that a live person is in front of the sensors.

The front PCB with the illumination LEDs and other sensors visible. (Credit: Worldcoin)
The front PCB with the illumination LEDs and other sensors visible. (Credit: Worldcoin)

Most of this hardware is open source, with design files available on the Worldcoin GitHub account. However, this does not include the anti-tamper systems, and requires the use of Autodesk’s Eagle software to use the project files. Creating your own Orb is thus only partially possible, but allows for some insights into the design behind it. Incidentally, although each Orb is Internet-connected, the iris scans are said to not be sent to the World ID servers, but rather stay on the Orb.

Here the iris scans are processed into an ‘iris code’ which is supposed to uniquely identify the irises of the individual, without being reversible. Whether or not this is the case is a question which security researchers have no doubt already thrown themselves at with sheer abandon. This is of course not the question which we seek to answer here, which is whether a person’s eyes – or rather their retinas – can be directly correlated with personhood.

Measure Of A Person

Despite TfH equating each unique human being with a ‘person’ as well as personhood with its Proof of Personhood take, it shouldn’t take more than a casual glance to realize that the definition of ‘personhood‘ is at best a contentious one, even without the discussion on non-human personhood. What is perhaps commendable here is that TfH attempts to be as inclusive as possible, which is how they arrived at the conclusion that a person (as in a human being) is most uniquely defined (for now) through biometrics, of which the iris is the most unique because of the high level of entropy in its structure.

At face value this is technically correct, as without more invasive scanning techniques, the iris has the advantages of being quite static in its structure, while also being well-protected unlike fingerprints, while still being easy to scan. Yet, iris recognition has similar flaws as other types of biometrics in that they can be fairly easily faked, with the Chaos Computer Club in 2017 demonstrating the circumventing of the iris recognition feature in the Samsung Galaxy S8  with a photograph of the eye plus a contact lens to get the curvature.

The Electronic Frontier Foundation (EFF) touches upon many of the issues with iris recognition, with the acknowledgement that iris recognition can be used for surveillance as well with much better results than facial recognition. Similarly, high-resolution images of irises are easy to get merely by photographing the victim with a suitable camera, which makes faking these biometrics quite easy. In the end, widespread iris-based biometrics will invite increasingly more sophisticated attempts to both fool scanners and to prevent said fooling.

If copying and wearing someone’s irises makes you effectively into that person for the system, it would seem to be a spurious correlation at best.

No Iris No Service

Beyond the majority of humans who are living their lives with two unmodified, healthy Mk-1 eyeballs, there are many individuals who either have opted to abandon their original irises for cosmetic reasons, or who suffered a genetic, traumatic or medical condition leading to partial or complete loss of the iris or its functions, regardless of whether this affects the rest of the eye as well. Even something as routine as cataract surgery can affect an iris, as detailed by Ishan Nigam et al. (2019) in a cohort study among cataract surgery patients which found a significant drop in iris scan matches, much as had been found in 2004 already by Roberto Roizenblatt and colleagues.

Detail of the eye with the iris and surrounding structures visible. (Source: Gray's Anatomy, plate 883)
Detail of the eye with the iris and surrounding structures visible. (Source: Gray’s Anatomy, plate 883)

Although the iris is a quite static structure – generally speaking – it is important to understand that it is not a solid structure, but rather it consists of intricate structures which provide diaphragm-like functionality for the eye, as well as aperture control via embedded muscles (the iris sphincter and dilator muscles). In total, the iris itself consists of six layers, from front to back:

  • anterior limiting layer
  • stroma
  • sphincter muscle
  • dilator muscle
  • anterior pigment epithelium
  • posterior pigment epithelium

Most of what we can see directly of the iris when observing the eye is the stroma of iris. This is a fibrovascular layer, which as the name suggests consists of fibrous tissue interlaced with blood vessels, as well as nerves. It is this lacework of fibers that in a sense forms the unique pattern much like a person’s fingerprints. The color of the iris is the result of an intricate optical interaction between the (dark) pigmentation in the stroma as well as the epithelium, in addition to their textures, fibrous structures and blood vessels. It is this complex structure of interlaced structures which make that the iris has such a high level of entropy, and also why the amount of pupil dilation affects the result of an iris scan.

As alluded to earlier, however, there are many conditions which affect the iris, with some of them summarized by the American Academy of Ophthalmologists. Of these, inflammation of the uvea (uveitis) of which the iris is also a component is a common condition that can severely damage the eye, including the iris (iritis). One of the most common causes of uveitis that affects the iris is the herpes simplex virus (HSV, causing Herpes Simplex Uveitis), usually during reoccurrences of HSV.

For those who have congenital, traumatic or other types of damage to the iris, the use of prosthetic iris devices (Artificial Iris, or AI) are an option. Such an AI covers part of the functionality of a natural iris, enabling something approaching normal vision, but naturally rendering them impervious to iris recognition, as an AI is very different from the biological version. These AIs are often the only option after botched cosmetic iris surgery (warning, graphical content) as well, which would preclude the use of iris recognition whether said cosmetic iris surgery is successful or not.

Squishy Brains

As much as we’d like to use biometrics like a fingerprint, iris- or retinal scan as an absolute part of who we are, the fact of the matter remains that the only part of our bodies which is intrinsically tied to us as an individual is our brain. Swap some brains about between bodies, and you’d still be ‘you’, just slightly confused while you figure out the details of a new body. This is perhaps the fundamental flaw with biometrics: until we can directly scan brain structures (non-fatally, natch), every other form of biometrics will at most be an approximation of what true biometric authentication would entail.

Even our brains can and will change over time due to neuroplasticity, diseases, trauma, etc. Despite this, our overarching sense of ‘self’ and the memories which we carry with us, are firmly encoded in the squishy tissues of this amazing organ, thus forming our unique personalities, shaping our dreams and desires, and making us into the person we are today. Yet until the day comes that someone presents an Orb that can literally scan human brains, scanning irises is a passable, imperfect, approximation.

67 thoughts on “The World ID Orb And The Question Of What Defines A Person

  1. Something you have (fingerprint, iris) should never replace something you know for security.

    This is a finite amount of information, computers should not be allowed to determine what an individual is based on a small amount of falsifiable data.

    1. Something you are should never be used to identify you as a person, because of the right to be forgotten. If your identity is tied to a factor that you can’t possibly change, then you may be forever stigmatized or haunted by other people.

      1. >right to be forgotten

        You are a big lol man. What about car registration plates? If EU is so excited about privacy then why doesn’t its goverment allow people to have dynamically generated numbers? That way someone could not be tracked by milions of bilions of cameras located on every building. Fortunately I live in Grodno, Belarus and we don’t have Big Brother nanny state here.

          1. The right to be forgotten isn’t the same as GDPR. It’s a general principle, which the regulation is attempting to implement, where it’s understood as the right to have your information removed from online databases. That’s one way of doing it.

            Another name for the same principle is the “right to vanish”, i.e. even if records or information on your name continue to exist, YOU can disappear, so that whoever you interact with later won’t know to link your person to those earlier records.

        1. The point is, a person should be able to change identity if needed, such as for protecting victims of crimes or witnesses, political dissidents etc. from public persecution, or even ex-criminals who have served their time and done the punishment already.

          This is possible now. You can change your legal identity to stop people from looking you up in all sorts of registries, and it has nothing to do with GDPR. You can change your name, your social security number, move to a different address, drive a different car… you can’t change your iris pattern or your DNA, so if those are used for official legal identification then you can never run away from people who want to harass you or exclude you based on your person or your past opinions and actions that have nothing to do with today.

          1. All you have to do is look at the present social media, where people dig up anything and everything you’ve said 20-30 years ago, in and out of context, and use it in attempts to destroy your public image – simply because you disagree with them.

          2. There are registries of name changes dude.

            It complicates things, but only by one level of indirection. Granted if you’re a rat living in federal witness protection, your name isn’t on the registry. But for normal people, no.

            There is no ‘right to be forgotten’. That’s not how rights work. Rights are things you have, not things you can force others to do. Politicians be damned. The EU law is just them saying ‘keep your databases outside the EU’.

            Social media? Nobodies fault they overshare. If you don’t sprinkle disinfo into your posts, I don’t know what to tell you.

          3. >Rights are things you have, not things you can force others to do

            Same difference. E.g. right to representation in a trial (the right to a lawyer). In order to have things, other people must change their behavior to make it so.

            The right to be forgotten is rather saying that other people should stop collecting and keeping data about you.

          4. You might have the ‘right’ to a shyster, but if you want a not useless one, you better be able to pay.

            Counterexample: Nobody will buy you a gun, even though everybody on earth has a right to self defense.

          5. Also: No matter what the EU says, ‘they’ will continue to collect all data you make available. Best to put a decent amount of disinfo into all streams.

            What are they going to do?
            Waggle their wigs at us?

  2. There are two sides to this equation.

    On the one side, a properly implemented unique ID for every person would allow anyone to build capital, essentially store up the value of their labor for future needs. Examples of this would be savings accounts, IRAs, real estate ownership, property ownership (cars, boats), and so on.

    On the other side, if everyone is required to use the system it provides a single-point for authoritarian control. As an example of *that*, consider that people donating to the Canadian trucker protests got their bank accounts frozen, and Nigel Farage’s bank dropped him as a customer apparently for his social media postings.

    And with a moment’s thought everyone should realize that this will not be anonymous, any more than your SSN is anonymous. Credit corporations will simply correlate the “non reversible” unique ID with your activity and infer everything else. For example, when your cell phone spends more than 8 hours at a specific address each day, you can infer the user’s home address. When your car spends about 8 hours weekdays at a specific address, then you can infer the user’s workplace address.

    And this breach of information is one-way: bad actors know all about you, the victim, but you have no way of finding out who the bad actors are who do bad things to you.

    Everyone should take a moment to do a thought problem of what they would do if locked out of their bank accounts (all of them), because US courts regularly do this to put pressure on defendants.

    I don’t know what the right solution is, but having a single ID for every individual in the world is a recipe for authoritarian disaster.

    1. You are correct. But, too “nice” by trying to post positives about it. There is no need for this system at all. It is not a benefit for individuals. There are no positives.

      Organizations that expose themselves to possible fraud have already taken into account that cost as a part of their doing business – thus, we can currently access our accounts online as well as build up capital as you say, without this system.

      So, why do we need this new ID system? We don’t.

      It only benefits organizations that desire to control people.

      1. You really nailed it, there are zero positives here, none. There is nothing this does that you couldn’t do with a unique number or any of countless far less invasive systems. This is beyond “Brave New World” or “Orwellian”. This seems like another attempt to attack cryptocurrency really.

    2. >what they would do if locked out of their bank accounts (all of them)

      Given the frailty of digital ID and money services, the lack of any real backup options that exists now, I already have a bug-out fund in cash for that very purpose.

      All I have to do is lose my phone and whoops, half a dozen identity services stop working. I’ll be locked out of my email, my online bank, my online ID, my cards stop working… and there’s nowhere I can go, nobody I can physically meet to fix it, because the support is all online and depends on the very same online IDs to access. It will be a real s**tshow if it ever happens, but with cash in hand and a driver’s license in the other, I can at least buy a new phone and a pre-paid sim card, then start calling the bank…

      1. That is why we don’t do use our phones for any of those purposes (email, bank, id, pay bills) . It is a ‘lock in’ that we don’t want to face. No thank you. Might be convenient, but not worth it in MHO.

        World Id Orb. Bad idea. For countries like North Korea, China, the powers that be may think it a good idea….

        1. No bank here offers the old paper password lists anymore. None. It’s all digital, and the ID app runs on a tablet or a phone.

          Sure, they offer this widget that looks like a calculator, but that has its own problems, like the fact that I no longer know where mine is after a decade of not needing it, I don’t remember its PIN code, and it’s probably out of battery and doesn’t work. It’s all welded shut so you can’t even swap the battery – you have to order a new one, which is done in the online bank, which needs the ID…. doh!

          1. Password for what? We go to the bank to get money out or put money in. A teller does the work :) . Why complicate it with user names and passwords. A statement comes in the mail as it should every month. Whether credit union or bank. A phone doesn’t enter into equation at all. Simple. Of course debit card has a pin to use (memorize that). Credit card send statements and you send in a check in to pay … Simple. Fool proof. World with out a phone tether. In fact when I retire, I am thinking of ‘losing’ the phone. Just bleeds your pocket book. Ie. Only have one around for the occasional text, phone call, picture.

            I don’t understand why people want this ‘lock in’ whether putting there eggs in the cloud and a phone. And pay constantly pay for the supposed privilege! Doesn’t make sense to me.

          2. We don’t. The branch office is empty and has no money in it. You have to book time so the teller would appear, and they give you the stink if you try to bring cash. Something about money laundering – methinks they just don’t want to provide the service.

          3. >you send in a check in to pay

            That’s another thing – since they opened the mail service for competition, the delivery times have stretched to weeks and bills and statements have started to expire in transit. The law says they have to deliver within 7 days and have a minimum of 14 days to pay, but presently it takes up to 14 days for the mail to arrive, so I’ve had to shift to all online payments to avoid the late payment fees.

      2. Good luck buying a phone with cash. Who buys phones in cash except criminals?! :P

        Also, why do your cards stop working if you lose your phone? Just type your PIN in. Or do you have an extra system where you are? Or digital-only cards?

        The problem here is things too many things to one device, which is why it may be wise not to tie your bank to your phone. My bank keeps trying to get me to move to an app for authentication codes, but I’m happy with the separate code generator dongle thing.

        1. Same here, Bank of America keeps “demanding” I install their stupid app and sign up for Zelle. Apparently they can’t comprehend that some people cannot and MUST NOT (sup RFC2119) use their phones as a banking device, and have to only use cash and/or physical plastic cards for paying for things… and that’s not even getting into how BofA “rounds up” small in-person credit card transactions to $20 and takes the remainder as a “microtransaction discouragement fee”. Dude, not even airports make me pay $20 for a bottle of water and a candy bar, I’m using cash-only for vending machines.

          The only reason I put up with their nonsense is, I can’t change banks (most of the other big names have done even shadier stuff – sup Wells Fargo – and the local credit unions can only be used within my state, plus even if I did switch banks, I’d end up with about 1/3 of the credit limit on my card because the only reason my credit history is “eligible” for the limit it’s at is because I accrued it at the same bank I’m using; apparently banks downplay credit history accrued at other banks).

          1. Can you provide details on the BoA $20 rounding fee? The only partial match I was able to find was a practice of rounding up to 1 dollar and transferring the difference to the user’s saving account.

        2. >Good luck buying a phone with cash.

          I’ve had no trouble – the phone by itself without a SIM is just a piece of electronics you can buy from anywhere. I can go to a supermarket and buy a phone like I was buying a loaf of bread – why would they care if I pay with cash?

          Pre-paid SIM cards are the same – no ID requirement.

        3. >Also, why do your cards stop working if you lose your phone?

          Because of NFC payments. The bank detects “suspicious activity” and tries to contact you, but can’t because you don’t have your phone, so they lock up payments until you log in and tell them it’s fine – which you can’t do without your phone app.

          1. And the stupid thing is, you could still call your bank and tell them you lost your phone, but the person on the phone needs to get some sort of positive ID that you are who you claim to be – and simply reading them your SSID won’t do anymore…

            I had to deal with this stupidity when the law changed and they started requiring new digital chip social security cards. To request one using the online form, you needed a valid ID, but all the valid ID’s I had were just invalidated by the law and my passport had expired – so I had to physically go to the police station to be identified as me and answer the twenty questions…

    3. I can find no evidence supporting your claim that donors to the Canadian trucker protests had their bank accounts frozen. I do find where protesters, organizers, and participants had accounts frozen, as well as the accounts with GoFundMe and GiveSendGo which held the donations, but nothing regarding the donor’s accounts at all. I looked, because (leaving aside the issue of or reasonings behind suppressing protest for the moment) it would be an especially egregious overreach for the government to punish those who are exercising their free speech through donations (another issue which can be left for later, eg the difference between a person or a corporation and speech, donations). If you have an article you can link to showing that the donors’ accounts were frozen, I’d love to see it.

      1. If you are worried about free speech suppression, then this might be helpful.

        I did a quick search and found this overview of a committee hearing on whose bank accounts were being closed :

        In that hearing, the Finance Deputy Minister would not go into details about whose donor accounts specifically they closed, but said they would be ones that made donations after Feb 15, but none from before.

        And, this article states that they had the right to do so, but would not release details :

        In both cases, they clearly had the power and the will to do so, but would not go into details about whose accounts they shutdown.

        So, the answer appears to be “yes” – Canada gave itself those powers to shutdown bank accounts, even the bank accounts of donors.

    4. So we want to use an image of our eye to store all of our money. Then when our eye is damaged, or we get old and have cataracts or glaucoma we loose everything. Do you forfeit your fortune when you die? The only good thing about it is that it getting robbed of your eyeball won’t let the thieves use it steal your account. Hopefully they know that before ripping your eyeball out of your head.

      What happens when you get a software update and your eye scan no longer works?

      I would like to invent a bit coin system where only I am able to recover all the lost bit coins. I’ve often wondered if you lost your wallet, or the device your wallet was installed on, where does the money go?

    5. > And with a moment’s thought everyone should realize that this will not be anonymous, any more than your SSN is anonymous.

      Unless verifiers receive zero-knowledge proof of personhood, *not* the unique id, as the white paper states in the 2nd paragraph.

  3. I’m gonna be very contrarian here.

    Duh. Just don’t have an authoritarian government. Have a good government. You can’t do that because everyone is so greedy and corrupt? Duh, then make everyone good. You won’t need trustless technologies then. You could happily trust your government and use the government-issued id for everything. Peak efficiency and quality of life coming with trusted centralization.

    Islam solves this. Islam makes the individual good, and thus makes the state good, and removes this division of the two. The state happens to be just a part of community, with no member of it being any different than their brothers-in-religion.

    1. You could equally argue that communism has the same goal. However, people are not inherently good. There will always be someone who wants more than their brethren. Whether they lie about their political or religious ideals to get it is moot.

      A single-point identity check is such a bad idea, I can’t believe anyone is even remotely entertaining it.

      1. Very few people are intentionally bad, people just have different ideas of what “good” means, and can justify every kind of atrocity by these greater purposes.

        Standard greed and selfishness is actually easier to deal with than people who think they’re doing you a service by throwing you under the bus. In the middle ages, people believed they were saving the souls of the witches they were burning…

        1. Personal utilitarianism:
          The outcome with the most utility for me personally (not society) is the moral and ethical one.

          It is an immoral and unethical act to let a sucker keep his money.

      2. That was never the intended goal of communism. All the economic theory was just a fig leaf and was proven wrong several times, and the proof is in the fact that they just continue plugging along anyway. Communism is about power and crushing your enemies, just like everything else.

        1. The economic theory was partially right, partially wrong, but where it really went off the tracks is in the notion of what counts as “people”.

          As in, according to Marx, people are not individuals but products of the interrelations of society – so when you distribute the means of production “back to the people”, what it means is you give everything to the state, because it represents the totality of society. When something is “owned by the workers”, it is really just owned by the state and the actual workers just work there. Obviously under such a system, all power and wealth is absolutely concentrated in the few who claim to represent the state.

    2. Christianity answers that we can’t just “be good”. We can be forgiven and we can change, but we always remain flawed by sin, and capable of both great good and evil.

      By I agree, not having a bad government is a good start.

  4. Yay! Too many standards! Let’s build a new one to replace them all!

    Can’t even be bothered to find the XKCD link.

    Plus everything that’s wrong with biometrics. And a single controlling entity who can’t even be voted out.

  5. They’re putting a lot of faith in the anti-tamper measures of hardware that will be completely out of WorldCoin’s custody.

    Somehow their threat model assumes that that’s safer than trusting government-issued IDs.

  6. Seeing the photos of people in lines reaching around the block waiting to use this thing is absolutely baffling. Is it a bunch of hired crowds to simulate engagement? There’s no way this stuff is driving such enthusiastic adoption yet, and it just plain smells funny.

    1. It would appear that it is the promise of ‘free Worldcoins’ is the main drive behind these sign-ups, especially in impoverished regions. I mean, who doesn’t like free money? This does seem to belie the altruistic tones behind World ID, of course.

  7. 1. Instead of iris, it could be DNA. Think film Gattaca.
    2. They want easy method of authenticating your login location/time and then link to every data point about you.
    Anonymity vanishes.
    Where is the benefit to an individual?
    3. CBDC and all its woes. No thanks.
    4. Some may also say who cares, anonymity vanished a while ago, what with birth certificates, social security numbers, drivers license numbers, passports, license plate readers, CCTV cameras, ring doorbell cameras, Tesla 9 cameras in each car, correlation/inferring of missing data points, etc.

  8. This sort of thing is far too useful for dictators. When payments are linked to identity, especially with centralised databases but even without them, it is all to easy for a totalitarian state (and much of the west is headed that way now) to convert the whole country in to a covert concentration camp. No need for barbed wire, they can just decline all purchases dissidents try to make. This is a tool of tyranny and must be stopped. Pay cash, use VPNs/Tor, defy government and corporate orders, and never let the bast*rds scan your iris.

  9. We really should move to Anonymous P2P internet.
    Anonymous Meshnet both wired and wireless is the future.
    Only centralized internet scammers refuse to acknowledge that backed by ads internet is dead, and it was never ever make financial or any technical reason to exist in the first place at all.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.