Worldcoin is redefining digital identity authentication by using human iris as the primary biometric identifier. However, Sam Altman's company, now simply called World (WLD), is drawing attention from individuals and governments.
According to Shady El Damaty, co-founder of crypto company Holonym and zero-knowledge cryptography expert, the centralized infrastructure of the Worldcoin network is particularly vulnerable to data breaches and misuse. Considering the project's global scope, the consequences of such violations could be fatal.
Universal Digital Identity
As artificial intelligence continues to blur the boundaries between humans and technology, Altman's recent project has advanced this concept to the next stage.
Launched by OpenAI CEO in July 2023, Worldcoin has bold goals. It aims to scan every eye on the planet and build a universal digital identity for humanity.
At its center is World ID, a digital identity generated by scanning the user's iris, which they call an "orb".
"Worldcoin is the first example of a company... with an explicit mission to document everyone with a cryptographically immutable link. This is the connection between the cryptographic hash of your eye and... your biometric," El Damaty told Beincrypto.
In exchange for this biometric authentication, users receive WLD tokens, the native cryptocurrency of World. These tokens serve as an incentive and fundamental component for participating in the global network.
This initiative is certainly innovative. But it is also very risky.
Why the Iris... Worldcoin Network's Biometric Selection
World's launch has been met with skeptical eyes.
Users have generally become accustomed to biometric authentication. For example, fingerprints for passport scanning or facial recognition for smartphone unlocking. However, scanning eyes to create a digital identity heightened the feeling of living in a simulated reality.
"(World) chose the iris. It has sufficient entropy to make forced decryption difficult. They could have chosen fingerprints, but did not because fingerprints can be easily modified. Fingerprints can be easily burned or another fingerprint used. In contrast, eyes are very difficult to change," El Damaty explained.
World's choice of specific biometric aligns with its stated purpose.
As artificial intelligence rapidly advances, this initiative provides a trust layer for a post-AI world.
Orbs are available in 46 countries. Find one near you, and join the real human network today. pic.twitter.com/5K4aSbvDwT
— World (@worldcoin) July 10, 2025
This mission is often expressed as creating "proof of humanity". It is preparation for an era when distinguishing between AI bots and real humans becomes increasingly complex.
"In the future, it may be difficult to know who you are interacting with in both the digital and physical worlds. As robotics and automation continue to advance," El Damaty added. "With OpenAI, I think they quickly realized that the most valuable commodity in the world is not currency or any asset, but authenticity."
The purpose may seem noble enough, but the way the World network performs this is facing criticism. This stems from fundamental differences of opinion about what digital identity should include, leading to a philosophical divide.
Single vs. Pluralistic Identity Systems
Worldcoin's "one iris scan belongs to one identity" system implements a single identity. Experts criticize this approach as increasing security risks.
In a recent blog post, Ethereum co-founder Vitalik Buterin warned that such a single, universally linked identity threatens online privacy and individual freedom. He expressed concerns that even with advanced privacy tools, having one identity attribute per person creates multiple security risks.
"That's the true risk. If someone takes a photo of your eye, they can identify who you are and what you've done on-chain using all publicly available information or even dark web information," El Damaty told Beincrypto.
This approach also contrasts with the cypherpunk spirit that birthed Bitcoin, which emphasizes anonymity. Critics argue that World represents a philosophical shift away from this privacy-first tradition, permanently labeling individuals.
Does digital ID have risks even if it's ZK-wrapped?https://t.co/rye1q5G90G
— vitalik.eth (@VitalikButerin) June 28, 2025
A specific point of concern for Buterin and others is World's nullifier. This cryptographic mechanism ensures each person can only sign up once. However, this feature itself provides significant vulnerabilities.
In response to these risks, El Damaty advocates for a pluralistic identity system with multiple online identities for different purposes. This prevents sensitive real-world information from being inextricably linked to a single, globally unique ID.
"The iris code should not be connected to the same amount of information that could be used to access voting records, social security benefits, or other critical information. If leaked, it would compromise real-world identity," he added.
This tension also forms the background of direct conflicts between World and national governments.
Worldcoin Data, a Government Trap?
The global scope of the World network directly challenges the right of nations to define their citizens' identities. This raises an important question: What would happen if foreign governments demand the biometric data of their citizens collected by this company?
Tools for Humanity, Worldcoin's parent company, can use distributed infrastructure as a defense mechanism and claim that data exists across multiple countries. However, El Damati believes this defense is unstable.
"[Worldcoin] also has infrastructure in the United States, which will be subject to US government authority. The US can say, 'We will send the management to jail if they do not hand over all logs coming from the central server where we are unplugging and coordinating the entire network.'"
This vulnerability makes Worldcoin's vast biometric database a potential target for governments. El Damati pointed to precedents like the 2018 Cloud Act, which allows US law enforcement to compel US-based tech companies to provide data, even if stored overseas.
Many countries have taken immediate and strong regulatory actions without waiting for such a hypothetical scenario to unfold.
Multiple Countries, Reasons for Banning Worldcoin
The international community's reaction to Worldcoin's initiative has been overwhelmingly hostile.
Countries like Spain, Portugal, Kenya, and Indonesia have imposed bans or initiated investigations into World's operations, raising concerns about data processing, transparency, and age verification.
El Damati emphasized significant transparency issues. As a private company, Worldcoin's financial and operational details are not fully disclosed for public review. This allows them to strategically present their activities to the world.
This opacity contributes to existing global skepticism.
"I do not think governments will suddenly change overnight and say, 'Okay, we will allow this US company run by one of the most powerful people in the Silicon Valley world to track all our citizens and provide them with cryptocurrency tokens,'" El Damati said.
Without detailed clarity, many countries are wary of entrusting such fundamental identity information to private companies perceived as operating outside established legal and ethical norms.
