- Worldcoin has released audit reports after facing criticism over data collection practices
- Security consulting firms Nethermind and Least Authority found and addressed multiple security issues in the Worldcoin protocol
- The coin’s public launch stirred controversy, with some questioning its impact on privacy
Worldcoin, the cryptocurrency project that has gained attention for its ambitious goal of providing free tokens to users who prove they are humans through iris scanning, released its audit reports on July 28. The move comes as the project faces mounting criticism over its data collection practices. The audits were carried out by reputable security consulting firms, Nethermind and Least Authority.
According to Worldcoin’s announcement, Nethermind’s audit revealed 26 security issues with the protocol. Fortunately, during the verification phase, 24 of these issues were identified and subsequently fixed. One issue was mitigated, and another was acknowledged, indicating that the team is aware of it and might be working on a solution.
Meanwhile, the Least Authority’s audit discovered three issues and provided six suggestions for improvement. The Worldcoin team acted promptly on these findings, and all reported issues have either been resolved or have planned resolutions.
Worldcoin first captured the spotlight in 2021. This was when it declared its intention to distribute free tokens to users who verify their humanity. They did this by undergoing iris scans using a device called an “Orb.” The project’s co-founder, Sam Altman, also known for his role in co-founding AI developer OpenAI, explained the motivation behind this initiative. Altman insisted the intention was to address the potential threat of AI bots proliferating on the internet. By providing a means of verifying humanness without compromising privacy, Worldcoin aimed to combat the rise of malicious artificial intelligence.
The Orb, which captures users’ iris scans, only produces a hash of the scan. Moreover, it does not retain any copies of the original data. Despite these safeguards, the project faced immediate criticism upon its public launch on July 25 after nearly two years of development and beta testing. The United Kingdom’s Information Commissioner’s Office (ICO) reportedly considered investigating Worldcoin for potential violations of data protection laws. Likewise, the French data protection agency, the National Commission on Informatics and Liberty, raised questions about the project’s legality.
The launch of Worldcoin sparked a divisive response within the cryptocurrency community. Some viewed it as a worrisome step towards a dystopian future marked by diminished privacy, while others saw it as a necessary measure to safeguard humanity against AI threats.
In light of the criticism, Worldcoin commissioned security audits to address the concerns regarding data security and protection. The reports cover various security aspects, including protection against distributed denial of service attacks. Moreover case-specific implementation errors, proper key storage and management of encryption and signing of keys, data leakage, information integrity, and more. Some issues were found to be related to dependencies on Semaphore and Ethereum. These issues include configurations related to “elliptic curve precompile support or Poseidon hash function configuration.”
Worldcoin’s dedication to addressing the audit findings is commendable, as they have promptly fixed or mitigated the identified issues. Only one security issue remains unresolved at the time of verification. However, its severity is labelled as “undetermined,” and the team has acknowledged it.
As the project progresses, it will be essential for Worldcoin to maintain transparency and accountability to address the concerns raised by critics and regulatory bodies. Striking the right balance between privacy and AI security will be crucial for the acceptance and success of the Worldcoin protocol in cryptocurrency and wider tech communities.