Important facts:
-
The change comes just days after potential threats to the orbs emerged.
-
With Personal Escrow, WorldCoin promises to deliver a data package to every user.
Cryptocurrency project WorldCoin announced today that it will stop storing and encrypting users’ biometric data in its orbs or iris scanners. And this ensures that now people’s information will be protected directly by each individual themselves.
This is the Personal Custody Protocol, which establishes that the information processed in the orb is used to generate the iris code during user verification, Will be on people’s devices, not on scanners, This information includes images, metadata, and other derivatives.
According to Worldcoin, this now allows to “control the flow of this data” not only in verification, but also in any “future use”. so it told In a press release.
“This helps ensure that everyone can learn about WorldCoin before deciding whether they want to share their information to help improve the project,” the company says.
WorldCoin noted that the implementation of personal custody at this time follows the recommendation made by privacy experts. When World ID 2.0 is launched in December 2023. So based on that, it allows to unlock use cases for the World ID, the so-called digital passport, by enabling facial authentication for high-security applications.
“With facial authentication, you can verify at any time that you are the same person who received your World ID by verifying in an orb. The important thing is that it works locally on your device, without taking your data out of your phone,” Worldcoin says.
How does this work?
As Worldcoin explained in a statement, Personal Custody consists of four key components: the user’s mobile phone or device, the orb, a data packet with images, and a temporary backend storage.
Generally, users’ mobile phones generate public and private keys to encrypt data, and then transfer the public key to the backend. From there, additional keys are generated for data that requires double encryption. The public keys are then sent to the orb.
During verification, that is, when the person scans his or her iris, Orb World creates the images required to verify the ID. Once this is done, the device creates individual data packets, encrypts them, signs them to guarantee authenticity and security, And finally sends them to the backend.
As a final step, Encrypted data packets are downloaded to users’ phonesBefore being deleted from the backend.
According to Worldcoin, the end result of this process is a collection of encrypted data packets. Which resides exclusively on the users’ device.
“Your information is deleted from Orb once it is sent to your device, and the use of double encryption within the end-to-end encryption envelope is a security measure to protect the privacy and confidentiality of your device. A compromise must be reached,” Worldcoin says.
audit response
With the implementation of personal custody, the WorldCoin cryptocurrency project addresses a recommendation made by auditors from analytics company Trail of Bits, who identified significant potential privacy risks in the project.
As reported by CriptoNoticias, the analytical firm determined that, if the main developers of WorldCoin decide to, the private information of users can be stored indefinitely In the orbs’ RAM memory.
So far this is not the case, because for this you have to activate the swap space in the RAM memory of the iris scanner. However, the warning comes in the face of growing demand for the project and dozens of lines of people across the world Waiting to give my biometric data to this company.
Similarly, personal custody protocols are known to be in place a few days after Spain It was decided to take the project out of the country And asked them to stop using biometric data of Spaniards, due to concerns about the privacy and security of users’ personal information in that country.
The Spanish Data Protection Agency (AEPD) issued a precautionary measure with WorldCoin, which responded with an appeal. Such an appeal was later rejected by the National Court, which confirmed AEPD’s concerns and required WorldCoin to refrain from using private data of Spaniards.
