Sam Altman, former head of premier tech startup incubator Y Combinator, is starting his own cryptocurrency. The token will be called worldcoin and, according to new reporting by Bloomberg, you have to let the project scan your retina print to use the system.
Yeah, spoiler alert, it’s not great.
The core motivation for the Worldcoin project seems admirable: Altman says he was inspired by the concept of universal basic income (UBI), and wanted to use cryptocurrency to distribute funds equitably worldwide. The whole eyeball-scanning thing is Worldcoin’s solution to connecting real-world identities to system accounts reliably, so that no one can claim multiple accounts.
There’s also something to like about the basic idea. Early in the coronavirus pandemic, I wrote at length about the absurd slowness of the U.S. relief-check distribution, and advocated for some sort of federally managed direct payment system for use in future emergencies.
So why not do the same thing on a global scale, in a way that doesn’t involve government systems? That’s appealing not just out of government-agnostic principle, but because there are plenty of stateless or undocumented people in the world who wouldn’t be able to access a government-based direct payments system.
Based on what we know so far, Altman and the Worldcoin team seem to have hit on a way to make this appealing premise seem utterly dystopian. Users who want a Worldcoin account will have to register by scanning their unique retina pattern with an “orb” device that in its current form is the size of a basketball and costs $5,000 to make, according to Bloomberg.
This points to serious practical problems with the company’s plans, but let’s start with the larger issue – privacy. The thing about a retina print is that you can’t change it, so once it’s compromised that form of identity verification is invalid for you, forever. That makes it spectacularly and inherently risky for a private company to gather this kind of biometric data about everyone on Earth. Frankly, there’s a strong argument that it should be illegal until we have better data regulations in place (yes, I’m looking at you, Clear).
(Side note: If you’re starting a company that harvests data from people’s eyeballs in ways that could threaten privacy, don’t refer to your scanning device as an “orb.” It strongly implies the Eye of Sauron, Foucault’s Panopticon, the Saudi Intelligence Orb, Saruman’s palantir, and the for-profit spy firm named after it. In short, it’s creepy as hell. Sam, you can send my comms consulting fee via CoinDesk.)
Now, to its credit, Worldcoin has already said it won’t store iris scans as raw data, instead converting images into a “unique numerical code,” according to Bloomberg, and deleting source data. I take that to indicate some kind of hashing, similar to the transaction-batch hashes that link Bitcoin blocks.
But that leaves too many open questions. Most specifically, if Worldcoin moves its retina scans to a central server for hashing, it’s still far too risky to be justifiable, because data could be intercepted or stolen in the process. On-device hashing shouldn’t be incredibly computationally intensive, and the size and cost of the Worldcoin “orb” suggests that may be the plan. But it also seems likely that the device would be internet-connected, which would still leave it potentially vulnerable.
Let’s move on to the practical problems. Even if Worldcoin gets the cost and size of its scanner way down, the necessity of any device at all is a massive barrier to connecting billions of unbanked people around the world to the financial system. Who’s going to do the work of lugging a delicate metal basketball into the far reaches of the Serengeti to make sure everyone gets their worldcoin? How many of those devices would need to be deployed, with how many operators, to reach even a fraction of the world’s population in any sort of reasonable time frame?
More importantly, why is this worth doing when all of those people can simply create a Bitcoin wallet themselves, without having to trust some skinny American not to sell their eyeball-print to the highest bidder?
Of course, opening a bitcoin wallet doesn’t get you free money from Sam Altman, but the presence of a financial incentive is, if anything, more troubling: the Worldcoin proposal appears dangerously similar to bribing the global poor to compromise their privacy. Worldcoin says it’s necessary to prevent people from registering multiple times and defrauding the system, presumably by claiming multiple instances of the UBI payments Altman wants to enable. But that doesn’t come remotely close to justifying risking 8 billion people’s biometric data, with potentially serious lifelong consequences if it leaks even once.
There’s much more that could be said about Worldcoin, including that attaching real-world identities runs counter to the basic use cases for blockchain architecture, and that it could amount to an attack on Bitcoin. There’s also already a crypto called worldcoin (WDC), which is creating some issues: that totally unrelated and near-dead project has been pumping on speculator confusion over the Altman news. Altman’s worldcoin has not launched yet.
So, there are concerns. To be fair, Bloomberg broke the news about Altman’s Worldcoin before the company planned to exit stealth mode, so a lot could (and hopefully will) change before launch. But it’s hard to look at these ideas and hold out much hope the end product will be anything but extremely worrisome.