Like any other non-coin crypto tech, Worldcoin doesn't do what it set out to do because it doesn't solve the oracle problem. If you trust their orb, it generates a wallet for you - but anyone, human or otherwise - can use that wallet. There's a black market in China for these identities already [1] and of course the response from Worldcoin was there's nothing they can do - because there's nothing they can do.
So this is just any other coin with extra steps, and the extra layer of trusting Sam Altman with your eyeballs to generate secret keys?
It's funny how, in the end, the ultimate and perhaps only proof of personhood is being a person, engaged in the world. Sort of how the ultimate decentralized currency is encompassed in the global market of rising and falling economic powers. The oracle problem is a problem because there are no oracles. There is only the test of time. Or something along that line.
> the ultimate and perhaps only proof of personhood is being a person, engaged in the world
I buy this.
Daniel Suarez had a very similar idea, although he referred to it as the bot problem[0]. I believe this approach of identities withstanding "the test of time" solves the oracle problem but at the cost of a delayed solution. Initially you have lots and lots of bots and Sybil attacks are common. Then after a while, identities/nyms that exist and interact with the world increase in trustworthiness. Trustworthy identities will eventually be stolen or sold to bad actors, but like fake identities today they will be expensive.
My identity on hackernews is over 11 years old. Creating such an identity with the comment history, connection to a true name, and content over 11 years would be very expensive. Likely more expensive that a fake passport.
For instance Islamic State terrorists were buying counterfeit passports allowing them to enter the EU for 15,000 USD [1].
The major downside of such a system is that isolated people or people with few resources would be at a major disadvantage and we would essentially be replicating much of inequality of the credit score system.
[1]: "One such network, run by an Uzbek with extremist links living in Turkey, is now selling high-quality fake passports for up to $15,000 (£11,132) purporting to be from various countries. In at least 10 cases the Guardian is aware of, people who illegally crossed the Syrian border into Turkey have used his products to depart through Istanbul airport.", https://www.theguardian.com/world/2022/jan/31/revealed-how-f...
Keybase was sort of trying to do this with social proof, though it's reliance on a centralized provider (keybase itself) made it brittle.
I think you can get there with something like Urbit IDs that are easy to ban. If IDs are not infinite you can some protection against abuse - pairing that with some proof-of-humanity and you can get closer, but there are still issues of someone doing the proof and then selling their ID to a bot. At least if it's easy to ban you can try to make that not economical. Doubly true if the IDs have a non-zero (but low) cost.
The problem isn't trivial though - it's not obvious what will work best and it'll likely always be somewhat of an arms race, especially if you want to keep privacy.
> Keybase was sort of trying to do this with social proof, though it's reliance on a centralized provider (keybase itself) made it brittle.
I think something like this could've worked, which is why I was so sad over its demise. I think Keybase (like the MIT PGP keyring, which it is sort of a fancier version of) was predicated on the idea that it's much easier to build a centralized keyring and then decentralize it once it's widely adopted than to build a decentralized keyring from the ground up.
> My identity on hackernews is over 11 years old. Creating such an identity with the comment history, connection to a true name, and content over 11 years would be very expensive. Likely more expensive that a fake passport.
Many users here are far more insightful than ChatGPT. You might get some OK comments with ChatGPT and a stray upvote here and there, but I think you're more likely to get banned if you employ ChatGPT to write your HN comments at any significant volume.
Not that everyone writes great comments, all the time, but I'm arguing you probably won't break into the 1000s of HN karma if you try to automate it (because you'll probably get shadowbanned first)
Even that's a bit of a crapshoot. I have a Reddit account that's over 15 years old. I have a Neopets account that's over 20. I can't get into either of them, a consequence of (my abuse of) poor UX design. (What's the fake birth date I chose in 2000? Who knows! Was taking advantage of Reddit's account-juicing tactic of not requiring an email worth losing a decade-old identity to hackers? Probably not!)
I've tried to recover them, and faced a (perhaps justified) customer support brick wall. Was Neopets to anticipate Millennial nostalgia (and our preteen willingness to circumvent COPPA) in their sign-up processes a generation ago? How obligated is Reddit to investigate someone's claim to any single account?
But without those accounts, I'm two closer to being a digital non-entity, for significant portions of my life.
As proof of the original publication date, not only is it in the Wayback Machine, but it's also cited in several academic papers and books. It's great that someone is actually doing it, but I'm also kind of ticked they didn't cite this essay as prior art in their patent application.
>My identity on hackernews is over 11 years old. Creating such an identity with the comment history, connection to a true name, and content over 11 years would be very expensive. Likely more expensive that a fake passport.
You can buy very old accounts on any platform for very cheap. Like under $100 for a 10 year account on a popular platform cheap. Most platforms offer comment editing, and most people don't archive everyone else's profiles nor do they have access to the database to check for consistent changes.
Meaning that if we use your account for example, if someone bought it from you (or it was hacked after inactivity and you don't care for it, etc), they could easily rewrite what they need to paint the picture that your user isn't actually about using your real name, but a pseudonym. Most aren't going to care about this that far anyways, as usernames are easily ignored on most sites, same with comment histories. Just indicating how easy it is to rewrite both of those aspects.
The only platforms where this would be difficult are platforms that already partake in substantial identity verification like Facebook.
On HN you can only edit comments until they're 2h old, only delete them until somebody responds. Editing history as you've described would require admin privileges. Good luck getting that for $100.
This assumes that platforms never change policies and that admin privileges are expensive and impenetrable. Neither are true, as we've already witnessed multiple times now across various platforms.
No, it doesn't. I'm not speaking of "platforms." I'm speaking of exactly one platform that has an extremely small admin crew. Buying your way to a rewritten history on HN is highly implausible. Hacking, perhaps, but I'd expect that this community has been rattling those doors for the platform's entire existence.
Such a fake passport is not the same as a complete fake identity. There is more to that than a passport and a lot of it you categorically cannot fake.
A fake passport can trick some people some of the time but not all people all of the time. As such those $15k do not represent a full fake identity. Your history of enhancing with the state in some way, paying taxes, requesting a new passport, getting your drivers license, whatever, serves as defense in depth.
States are pretty good at this, actually.
Also, you account is worthless. Hard or impossible to replicate, sure, but if there is no buyer it‘s worth zero.
I never realized that painting was at the LA county museum of art until I was standing face to face with it. It felt ironic to have one level of meta removed. I was thinking "this is "this is not a pipe""
I strongly second latexr's recommendation of Scott McCloud's "Understanding Comics", and the spread he linked to above. Scott McCloud is the Marshall Mcluhan of Comic Art.
It's a speech by the author Robert Anton Wilson discussing the work of Alfred Korzybski, who helped to explain and popularize the map/territory distinction and how it relates to the philosophy of science.
I'm a huge fan of Wilson and Korzybski, the ideas Wilson discusses in this lecture definitely changed my life and the way that I think about science, but even I would caution that it's not all that relevant to the discussion here.
Words are tools of communication, but they are also tools of deception and obfuscation. They never represent reality correctly, but they can be useful.
There is a chain of complexity where subatomic wavicles assemble into atoms, molecules, self-reproducing molecules, cells, multicellular life, specialized multicellular life, different clades of life, and on up to forms of intelligence and self-awareness.
It is not possible for a human-equivalent intelligence to maintain continuous awareness of all these levels of complexity, and so we operate, much of the time, in abstractions and metaphors that we mistake for being real. We code-switch, consciously and not, through sets of behaviors that pretend that various abstractions are real.
Among these abstractions: a town is a group of buildings and people, but different social abstractions don't have to agree about the contents. So the post office, the street maps, the police and the real estate agents can all be simultaneously in disagreement about the house where the author lives in terms of their mappings of "towns" and "jurisdictions", yet all agree on the street address and which building they mean.
When you can't do something because it's illegal, you can do it, but you know that various social institutions will attempt to inflict various consequences on you if they become aware of your action in the appropriate ways. But most of the time you just say "I can't" and fall back on "I shouldn't".
There's a lot more, but it's about the same: we build lots of maps, we don't agree on them, but we keep acting as though they were real even though we know that they aren't. When someone is invested enough in their current map, they can become very upset with someone who points out that it's fictional.
Interesting that you raise the connection to schizotypal thinking. I recently learned there is a quite explicit connection between excessively instrumental, abstraction-obsessed thinking and schizophrenia. I recommend looking into the work of Iain McGilchrist if you want to learn more. A brief sample: https://www.youtube.com/watch?v=jkfMnaLpU7s
> The oracle problem is a problem because there are no oracles
To expand on this and correct your first statement, physical engagement can't be a proof of personhood either.
There can never be a proof of personhood, or if someone is a human or not, or if someone is conscious, etc.
It's more practically applicable than it sounds. Think conjoined twins (sharing a brain), disabled people, people in coma, long memory loss and all other edge cases.
In the end, even that is an approximation. We want to limit our services to "humans" because humans can spend money, and humans can only put so much content into our services (spamming limited versus a bot), and humans want to talk to humans, maybe humans only want to date humans, etc.
But if there was a bot that was well behaved (for whatever that means for a given service), and somehow legitimately viewed ads, and could legitimately decide to buy something with real money from an ad, there's a lot of sites that would no longer want to ban that particular bot. Now they need to distinguish between that bot and the other "bad" bots. In general, if a bot can "behave well" we don't necessarily want to kick them out just for being bots.
In the end, the more bots become like humans and humans through things like the Mechanical Turk become more like bots, service providers will be required to very carefully think through what it is they actually want to demand of their users. Splitting people into "human" and "bot" is already only an approximation on the grounds that there's plenty of humans services don't want around, and there's already some bots that services are fine with (e.g., some helpful reddit bots), so that split isn't going to be good enough. The process of thinking through what is really desirable at a much higher level of detail will be fun to watch, and there will be a lot of different answers for different services.
For your service maybe certain humans don’t qualify and maybe certain bots qualify. However, the matter at hand and WC purpose is proof of humanhood in particular.
>perhaps only proof of personhood is being a person, engaged in the world.
Not even. People have been having double-lives for a lot longer than we've had the Internet. The difference is that in physical space it's a lot harder to do so, because you can only be in one place at one time and you have to move from place to place rather than teleporting. So if you want to catch someone in the act of, say, voting twice, you just need to trace their movements.
That being said, there are also plenty of situations in which we consider having multiple identities online to be a good thing. Facebook's "real name" policy - forcing everyone to tie themselves to a government issued legal name instead of just a consistent one - was and is cancer. The whole industry of V-Tubers literally runs on talent living a double life and a healthy dose of kayfabe. And we don't yell at character actors because Robert Downey Jr. is also Iron Man.
Anonymity is considered a vital bedrock of liberal values. But so is voting, and this is where being able to create additional identities becomes a problem very quickly.
Wikipedia has an interesting problem of "ripened socks" where people will register multiple accounts and keep them in reserve, specifically to defeat accusations of sock puppeting. This can be detected, but it's murky - are you actually a sock puppet, or do you just lurk Wikipedia a lot[0]? You could probably even go further and split your editing history across multiple sock puppets. Statistical analysis might be able to reveal that, say, two accounts tend to edit the same set of articles, but that would also have a high false positive rate and disenfranchise other editors.
The underlying base assumptions of the crypto crowd is a sort of extreme para-identitarianism. Anti-identitarianism in its extreme would be something like Japanese-style imageboards[1], with their obsession over anonymous posting. Identitarianism would be Facebook's real name policy. Paraidentitarianism instead wants identity to be a side effect of resource scarcity. An identity like a signing key is non-scarce, I can just make more keys, so you cannot hold elections by simply counting the signing keys. But the money in your Bitcoin wallet is a paraidentity: it is provable scarcity, and thus can be bent into a sort of identity, at the expense of disenfranchising everyone who has not bought into the system. In fact, crypto hucksters explicitly threaten people who do not buy their coins of being left out of their future utopia.
What an interesting thought. Maybe the increasing amount of entities I get to interact with that do less and less to bring that prove goes to show how relatively unimportant being human will be.
The existing finance system is largely reputation based, with a light side of contract enforcement and a heavy dose of middlemen. It mostly works, but one of the biggest advantage of crypto stuff is removing the need for reputation and trust.
Except it doesn’t. That’s exactly what we’ve learned over the last decade. It never did either of those things. What it did is that it clouded reputation and trust just about enough to trick people into the illusion of a “trustless” system. There is no such thing. In the end you trust the coders trusted by the people who use the apps implementing the blockchain. There’s no tangible difference to trusting the coders trusted by the banks you use. Yes, with some cryptocurrencies they’re not associated directly with a centralised organisation. But that will absolutely change over time if the cryptocurrency ever becomes relevant to the big corporations of the world. Just as the WWW in practice now is controlled by Google and Apple.
The point of selling the idea that a cryptocurrency is “trustless” is to trick you into trusting it just long enough to pull off a Ponzi-scheme or rug-pull. And yes, that goes for Bitcoin too.
> one of the biggest advantage of crypto stuff is removing the need for reputation and trust.
I don't think it does that, though, at least when used as a currency. The irreversibility of crypto transactions means that you have to have some trust that the person you're dealing with will be willing to make things right when erroneous transactions happen.
When people say "trust" in the context of Bitcoin, it's about not having to trust a middle man, e.g. PayPal, who are notorious for capriciously locking you out of your account and stealing your money, or denying service to marginalized populations.
It doesn't mean you can't get ripped off by the party you're transacting with directly, but neither does cash, unless you pay for some kind of insurance. Which you can also do with cryptocurrency.
Credit cards come with a form insurance built in, but that doesn't mean you're not paying for it (they charge fees), including when you trust your counterparty and don't want to pay extra for insurance on a low-risk transaction.
> When people say "trust" in the context of Bitcoin, it's about not having to trust a middle man
That's all fine if you're a cryptocurrency guy, but in terms of what ordinary people mean by "trust", I don't see how cryptocurrency removes "the need for reputation and trust." You still need those things.
> neither does cash
True. Which is why cash also has a need for reputation and trust.
All I'm asserting is that the need to trust people is not eliminated by using cryptocurrency. How is my assertion wrong?
Someone says that TLS secures your credit card number when buying things online. Which it does.
You say that it doesn't do that, because someone could break into your house and install a hidden camera to capture you entering in your credit card number and it doesn't prevent that.
But you use other things to prevent that. That isn't the kind of security that TLS claims to provide.
And notably, there aren't a lot of alternatives to the kind of trust that blockchains would allow you to avoid placing in the likes of PayPal.
> The irreversibility of crypto transactions means that you have to have some trust that the person you're dealing with will be willing to make things right when erroneous transactions happen.
The cypherpunk answer to this dilemma is that revertability of transactions under some circumstances is a service that, if it is desired (for quite some applications of cryptocurrencies, it is), should be build in a layer above the "bare-metal" blockchain.
I often see in software dev this idea of solving a problem by just offloading the problem onto another team/customer.
I guess crypto is fundamentally that. Trust, fraud, identity, insurance, are all very complex things that require massive institutions to manage successfully. But these crypto organizations are always just, shrug "yeah that's not our problem. Whatcha gonna do?"
I guess that is the core principle to begin with. But it's interesting to watch it in action. "Oh that big ball of wax? We don't address it. Not our problem."
With most crypto projects it's actively worse because they tell their users that "trust, fraud, identity etc don't matter because we have a blockchain!".
The rare few which are pretty upfront in saying that in exchange for their strong privacy guarantees the user is fully responsible for everything, are the only ones with any real utility (eg Monero).
Wait, the biometric information are only used for the creation of the wallet, not the later usage? Then isn't this scam? What is the actual value of using biometric for this?
I mean the root comment pretty much already explained it. It is literally impossible for Worldcoin to actually perform its stated purpose, therefore it's a scam.
> Separately, I strongly suspect that your idea of worldcoin's "stated purpose" is not something they have ever stated.
I encourage you to read their whitepaper, where they state that world id is indeed a proof of personhood. The allegation in this thread is that it fails at proving that someone is a unique person, and it cannot possibly due so because of the oracle problem. Therefore it is a scam.
"proof of personhood" is something of a term of art which worldcoin did not invent. They are not literally claiming they can prove, in a mathematical sense, personhood. What would that even mean? See for example this, which seems to have originated the term in 2017: https://berkeley-defi.github.io/assets/material/Proof%20of%2...
"proof of personhood" was created in contrast to "proof of work" and "proof of stake". If you want to get technical "proof of work" is also not a mathematical proof, it is more of an argument of work, since it's possible to get lucky and find a low hash without doing all the work. The word "proof" is not doing what you think it is doing.
There are a couple other "proof of personhood" protocols and none of them mathematically prove personhood, because that is obviously impossible, some of them are listed at the beginning of this post: https://vitalik.eth.limo/general/2023/07/24/biometric.html
That it actually freakin' works at doing the thing it's trying to do (providing a currency with a guarantee that each account is controlled by one person)
I don't believe they have ever promised that. One person = one account is not at all how the system is designed. It is definitely never mentioned or promised here: https://whitepaper.worldcoin.org/ and it is contrary to the system outlined in that document.
That whitepaper doesn't explicitly say "one person = one account", but it seems to be a really basic feature of the system:
- They clearly don't want accounts that don't belong to a person ("Keep the Bots Out" is an explicit goal).
- They also don't want one person with more than one account (World ID is intended to solve the problem of governance by ensuring that each person gets only one vote).
Methinks you're committing the etymological fallacy. Crypto is not cryptography. Crypto is a specific subset of cryptography, quite far removed (in purpose, if not in technology) from normal cryptography.
Why does that make it a scam? "Scam" implies some kind of fraud or lie, I don't believe worldcoin has ever claimed biometrics were required for later usage.
The value of the biometric is in ensuring a ~ more fair ~ airdrop. With bitcoin the people who discovered it first and who were able to run miners received an outsized reward, and consequently the distribution of bitcoin is extremely unequal. The usage of biometrics doesn't _completely_ solve this problem, there is still a pool of insiders who have an outsized amount of wld, but a very large number of people will be able to walk up to an orb to claim some wld and they will all receive roughly equal amounts. The initial distribution of wld will be much more fair than the initial distribution of any other token or currency I know of. That is the value of the biometric.
> The initial distribution of wld will be much more fair than the initial distribution of any other token or currency I know of. That is the value of the biometric.
And how is this not a lie when it's so easy to game? It's only shifting the distribution from people who were running a computer early to people who buy biometrics early, steal biometrics or find ways to fake biometrics. And even worse, if you were once robbed of your biometrics in that system, you have lost it forever as I understand it? Is there even any way to get back what was robbed from you?
And just out of curiosity, does this system handle collisions of biometrics? Or is it just assuming and hopes for none to happen?
I disagree that it's so easy to game but maybe you know more than me?
I'm not sure what you mean by buying biometrics early, stealing them seems very uneconomical, and faking them is an engineering challenge which seems quite difficult.
> And even worse, if you were once robbed of your biometrics in that system, you have lost it forever as I understand it? Is there even any way to get back what was robbed from you?
The biometric is only used for the airdrop. It is possible to create a wallet and send and receive transactions without ever visiting an orb. The only thing the biometric does is send an initial amount of WLD to your wallet and ensure that you can only receive that initial amount once.
If someone steals your wallet there is no getting it back, it is not linked to your identity it is just a private key. I'm not really sure what it means in this context to steal your biometrics?
> And just out of curiosity, does this system handle collisions of biometrics? Or is it just assuming and hopes for none to happen?
This is territory I don't know very well. I believe irises were chosen specifically because they were not invasive and they contain enough entropy that the chance of collisions is quite small. I don't know if it has enough entropy that they can be sure there are no collisions or if it has enough entropy that the expected number of collisions was tolerably low.
It seems you didn't read the article, it specifically talks about people are already buying accounts for $30 or less to be able to make accounts in areas where you're not allowed to register.
Describing it like this makes it sound very much like a ponzi scheme. When you buy into WLD, you're effectively giving money to current WLD holders, with the hope that more suckers will buy in and do the same for you.
You don't know what a ponzi scheme is. You're describing speculative markets, which have always existed, and must exist for any sort of economic stability to occur.
Does it? What prevents a factory owner from having all of his employees grab an orb, scan their irises, claim their coin, and then hand over their wallets to him as a condition of employment?
Assuming this thing actually works and won't accept irises grown in a vat or someone scanning a chimpanzee, it at least rate-limits you to creating new wallets with new coin at the rate at which you can find and coerce other humans, but it doesn't actually guarantee the 1:1 mapping of wallet:human or an equal initial distribution of coin.
All it's doing is shifting the balance of power from people who command many machines to people who command many other people. It's like reverting industrialism back to feudalism, a digital replay of the same mistake made by every communist revolution of the 20th century.
I said and I meant "more fair". We both agree this will not be a perfectly fair airdrop. Anything not perfect is feudalism?
> What prevents a factory owner from having all of his employees grab an orb, scan their irises, claim their coin, and then hand over their wallets to him as a condition of employment?
The airdrop is gated in multiple places. Everybody needs to visit an orb to claim worldcoin but the set of active orbs is managed by worldcoin and when one of them acts suspiciously the orb can be deactivated, among other counter-measures. A set of wallets all owned by distinct people will act differently than a set of wallets controlled by one person.
This is obviously not perfect, some fraud will occur. It is still a more fair initial distribution than any other currency I know of.
Most criticisms of worldcoin completely misunderstand/misrepresent how it works but this one does not. The GP is correctly pointing out that the iris hash is only necessary for receiving some of the initial airdrop. It is completely true that once a wallet is generated (and you don't even need to visit an orb to create a wallet) anyone who possesses the private key, human or robot, can send transactions using that wallet. Receiving some of the initial airdrop really does require trusting worldcoin that they are telling the truth and not saving images of your iris.
Is it possible for people to understand how it works and to still oppose it being broadly adopted in your opinion? Can you please clarify what exactly others are not understanding or misrepresenting?
It is of course possible to understand it and still be opposed. That's what makes it so frustrating that seemingly all of the negative coverage is ill-informed; I would love to read some informed criticism!
Just some simple examples:
> Imagine that your digital identity has been lost in some way — shut down by authorities for non-compliance, or otherwise blocked. With traditional cash — and other cryptocurrencies — you can always make a new wallet and stash some fresh coins in it. But this isn’t Minority Report, and you can’t get a new iris from your neighborhood surgeon.
You don't need to walk up to an Orb to create a wallet. You can own and transact worldcoin without ever showing your iris to an orb.
> When your immutable digital identity is locked — imagine merchants who won’t take your coins from you without a digital signature announcing your World ID — it’s over for you. No old account. No new account. No soup for you. You just lost your digital personhood.
This is also possible... with every other form of payment? Imagine merchants who refuse to accept cash. Once the government locks your credit card you're out of luck. Imagine a world where you have to sign in with google before you can pay for anything (why is the worldid dystoia apparently so easy to imagine, while the google one seems silly?). Once the government locks your google account you're out of luck. A dystopia has _many_ levers to pull and refusing to deploy worldcoin is not have any impact on the success of that dystopia.
There is really so much that it's not possible to clarify "exactly" what others aren't getting in a single comment, there are a dozen different misconceptions, if you have specific concerns I'm curious to hear them and attempt to reply to them.
The company behind Worldcoin are making fairly bold claims about the capabilities of their cryptocurrency and “proof of humanity” project. I think it is important to fully evaluate these claims and not take them on face value.
From worldcoin.org
> could drastically increase economic opportunity, scale a reliable solution for distinguishing humans from AI online while preserving privacy, enable global democratic processes, and eventually show a potential path to AI-funded UBI.
This breaks down into 3 claims:
1. Be able to identify humans from AI online in a privacy preserving manner
2. Provide a platform for global democratic processes
3. Provide a universal basic income.
If we cannot agree that these claims are Worldcoin’s main goals then I am afraid Worldcoin is going to need to update their website as I do not see how it could be interpreted any other way in the language they use.
So now that we have their claims we can begin to look at some concerns. Starting with the ones you provided:
> You don't need to walk up to an Orb to create a wallet. You can own and transact worldcoin without ever showing your iris to an orb.
If this is possible, they why is the orb necessary and how can Worldcoin provide the guarantee that everyone using their wallet and blockchain is in fact a person? If UBI and voting are to happen using this as the platform, not needing verification via their iris scanning mechanism calls into question how they can claim to prove that each world id maps to one and only one unique human. If anyone can create an account without verification and transact using Worldcoin then voting and fair distribution of UBI cannot happen the way they describe.
The second concern is something that can happen in the non-crypto space. But if this is a valid concern of the current system, replacing it with something like Worldcoin doesn’t resolve that concern. We would have that same problem. So if we are to replace the current system with a new one, why would we willingly carry over these kind of issues if it were possible to not do so?
Now on to my concerns. I am not an expert in cryptographic mathematics and the nature of zero-knowledge proofs. So I will accept the following:
1. Iris Hash generation is cryptographically unique, privacy preserving, and the database of Iris hashes will be deleted.
2. Iris Hash to World Id is generated in a sufficiently zero-knowledge proof way that makes it so an Iris Hash cannot be used to identify any one specific World Id.
3. World Id to Wallet Private Key is also generated in a sufficiently zero-knowledge proof way that makes it so an Wallet’s private key cannot be used to identify any one specific World Id.
With those assumptions, I have the following concerns:
1. Has the company behind Worldcoin allowed for 3rd party audits? Code reviews, attestation of the zero-knowledge proofs, and other standard security audits we would expect of a global biometrics hardware company?
If they haven’t, and we cannot independently verify any of their claims, they really cannot be trusted. The Worldcoin company has a financial incentive in becoming the global identity solution. Saying they are safe from any vulnerabilities, privacy issues, or flaws in implementation is not good enough for me.
2. Sybil attacks. What has Worldcoin done to prevent sybil attacks? If I can modify the appearance of my iris with the use of a contact lense, and any other biometric data they would collect, can they identify me as the same person? Are chimpanzees inhuman enough to not be allowed to verify? Can attacking the orb operator by completing a sybil attack be enough to perform a denial of service attack against Worldcoin? If my goal is to prevent people from accessing the UBI or voting process then if this attack is possible, as an attacker, I win if my fake personas go undetected and I can collect the UBI and vote fraudulently or if my attack is detected but this compromises the identities of anybody scanned using that orb thus invalidating their accounts or preventing people from accessing accounts by being scanned for the first time as a replacement orb for that area is needed.
3. Which leads to the orbs. If you or I am unable to build our own orbs and join them to the network, then any claims of decentralization is invalid. Of only official orbs are allowed, if they cannot be examined to verify behavior then we cannot trust them either (ties into the audit issues).
I could go on with more but at least based on my surface level understanding of Worldcoin and their operations, I can see several attacks that if this is widely implemented as the global ubi and voting system would be untenable.
If there is no account recovery system, the average person could easily be denied access to participating in society by a simple mistake on their part, let alone any targeted denial of service style attack. And if there is an account recovery process then that is a vector that can be attacked today.
Putting all the world’s eggs in one basket makes this system a nonstarter. Claiming that they don’t want to do that means the language on their website and rhetoric they use in interviews are lies or misinformation of some kind so why should we trust them?
On a general plane why do we even care to identify a (non) person?
We should care whether the peer has some "skin in the game". For example a Bitcoin wallet with some Satoshis locked in a multi-signature smart contract would probably insure that. This approach would automatically ensure a free and robust digital identity and secure communication via secret/public key of that wallet.
If some rules need to be imposed - they could be managed through the smart contract plus some type of an oracle - here I second your thought. Though in this approach (with bitcoin wallet as identity) it is easy to fund the proper process in a transparent and balanced way because the funds are there already.
I mean technically the system is proof-of-eyeball rather than proof-of-identity, so you also need to trust any opportunistic criminals in your zip code that have access to spoons.
It looks like the airdrop gives you something like 25 WLD, or $50. I don't know what the actual numbers are but it seems to be around this order of magnitude. Your hypothetical spoon-wielding lunatic would be risking serious consequences in order to earn $50; that doesn't seem like a particularly strong incentive.
cripple beggars in calcutta, for example, earn approx 30 cents per day and organized criminals maim and manage them in order to extract this amount.
you're confident they wouldn't use a spoon to take 160 days worth of income? and comparing to non-cripple beggars, it's about a full year of income. that sounds like substantial incentive to me.
Even more ghastly, it seems like the criminals could use the spoons to convert non-cripple beggars into cripple beggars. That way they both get a one-time payment and a source of recurring revenue.
I understand your point, but why the separation of coin vs. non-coin tech? Meaning that the only real guarantee of cryptocurrency is prevention of double-spend rather than a confirmed unique identity?
Blockchains can extend the guarantees of the blockchain only to concepts that can be completely represented on-chain, which basically meant just coins. They don't have to interface with the real world so aren't subject issues at the boundary. At least that's one way of looking at it. As soon as you start trying to represent things that actually exist in the real world authoritatively, it breaks down - because the authoritative representation is actually off chain, i.e reality. In this case your identity is the authoritative representation, not the key you present.
This is really well said. I’ve been trying to articulate this point for a long time. I think the boundary is between things that are temporal or bounded by real time and space vs things that are time independent and state based. Oracles always suffer from this problem even if the authoritative representation is another digital thing. For example the whole NFT url swapping thing. Similarly this comes up in version control a lot when your code depends on things that are unversioned, the commit state may be idempotent but the application is not.
To me the problem should be modelled similar to what we have now:
Some institutions (private or public) giving an ok or not ok on the keys. And platforms choosing which institutions to trust. At some point we may have platform choosing all governments+trustworthy institutions
You could make things like a "smart contract" returns your money (or triggers an investigation) if after 48 hours you report an issue with your account or transaction. Of course this would mean some change on the blockchains themselves
And they want to do nothing. That’s a silicon valley thing all along. The negative externalities of these massive scale business models are pushed to society.
The scale and lack of security design is the cause of them. The mass scams on marketplace, the payment fraud, the harassment, the swatting, etc.
If we forced these companies to meet sane standards (especially visible in fintech) and customer service, oh no, they couldn’t do so many stock buybacks anymore, what a tragedy.
Yes, but it also assumes that the orb is perfect, and never hacked or reverse-engineered to generate completely arbitrary quantities of these keys. You're putting an awful lot of trust in this for a 'trustless' system.
There are ways to track which orb originated identities and it would be easy to mass remove a known compromised orb. It would result in some people needing to be rescanned but it would ultimately make this extremely high effort attack vector not very fruitful. Additionally any stolen orb would be immediately remotely blocked so this would take coordination with an orb operator who would also be banned for life
If there are ways to track whose id came from what orb it is completely possible to deanonymize people’s world ids.
And if worldid was ever used for a voting system, wiping out the votes of people who come from a specific area would be incredibly valuable. Attacking people’s identities even for only a few dollars each is a multibillion scam industry today.
TBH it's hard to blame anyone for considering starting new cryptocurrencies. BTC/ETH have stuck around despite everything and remained at non-trivial prices. The "identity verification" step really just turns it into a club to join and that's still marketable in the world of cryptocurrency.
Try to imagine using a computer without any internet access to book an airline ticket. It doesn't really matter how many or which operations your computer can perform, it is not able to book an airline ticket unless there is another computer which can accept that booking and which your computer can talk to. The internet is next to useless for booking ryan air flights until ryan air puts one of their computers onto the internet and gives it authority to issue bookings.
Blockchains are like virtual computers. It is absolutely possible to imagine ryan air deploying a smart contract to ethereum and giving it sufficient authority to issue bookings but until that happens ethereum is next to useless for booking ryan air flights. This is the oracle problem.
Here I've focused on the write-path but "the oracle problem" usually refers to the read-path. Say you have some prediction market where participants can place bets on who the next US president will be. How do you resolve that market? When Congress certifies the election they do not publish that certification onto any blockchain. Maybe some day they will. But for now blockchains have to make do with various hacks which allow them to imperfectly track what is happening in the outside world.
> When Congress certifies the election they do not publish that certification onto any blockchain. Maybe some day they will.
The Oracle problem isn't the fact that this doesn't happen today, it's that it can never happen in a way that is trustable. When Congress (or anyone else) does decide to publish the election results to a blockchain, every dollar bet on the outcome will be a prize to be won by anyone who can subvert the publication process.
That doesn't sound right. Nobody talks about the oracle problem in the context of market makers connecting to nasdaq. You're _never_ sure that your counter-party to some communication is who you think they are. The definition of the oracle problem you propose applies to almost the entirety of the modern world and would come up in conversation all the time.
TLS and other measures make me _very_ sure google.com is resolving to a server controlled by Google. A congress who wanted to do so could vote using hardware wallets and publish signatures and we could be just as sure that the blockchain reflected reality. A congress who wanted to do so [1] could declare that henceforth the answer on the blockchain _is_ reality; ryan air could decide that the ethereum smart contract which manages bookings _is_ reality, then there would be no oracle problem even by your definition.
[1] or maybe it would require a constitutional change
All the existing systems we have to solve this area are trust based systems. You trust your browser and OS to choose the correct CAs to trust, and they are the ones that validate to you that google.com is Google. Whole schtick of crypto folks is about reating trustless systems. It is trivial to add real world information to a blockchain if you have an authority that you trust, the oracle problem is how to do that when you don't.
Even the Congress example for who is president, we literally had a bunch of people certify fake election results last election and try to overthrow the US goverment. No matter how much you scream that one day the blockchain will be the reality, that goes agaisnt every single judicial and political system we have in the world, and if you disagree with it, I hope someday somebody doesn't hack your house away from you, cause then you will learn why all proper property systems have judicial systems with actual human beings running on human logic with power to do fixes.
the implication here is that those powers of the judicial system will always be used to do fixes in your favour. but if that optimism was shared by everyone, blockchains would have never been invented in the first place.
> That doesn't sound right. Nobody talks about the oracle problem in the context of market makers connecting to nasdaq.
I don't follow, one of us is confused about what the other is saying and I'm not sure who. If the Oracle problem were solved tomorrow, one of the first things that would happen is publishing stock prices to ledgers so that derivatives could be implemented in smart contracts, yes?
Anyway, what I'm saying is, whatever real world data you'd like to have on a blockchain ledger, election results or stock prices or sports scores or whatever, the Oracle problem is specifically the fact that you wouldn't be able to trust it if it were there, not the fact that it isn't there yet.
> A congress who wanted to do so [1] could declare that henceforth the answer on the blockchain _is_ reality
This is a workaround - if the value on the ledger is the source of truth, there is no Oracle problem.
The problem of moving information about the real world (stock prices, weather report, did the Knicks win last night) into a crypto ledger so that it can be speculated upon (e.g. a smart contract that only pays out if the Knicks win).
Moving data about within a blockchain is trustless - you don’t need to trust the network to move money. You can set up smart contracts to move money under certain conditions (usually other transactions)
When you want to interface with the real world, say trigger a smart contract on a stock price move - who do you trust to get that data? You’ve reintroduced a trusted authority.
This is the oracle problem. Now, if like me you don’t give a crap and are happy to trust middlemen in your day to day life because I trust banks over random merchants a million times… big whoop. But if you’re a cryptocurrency fetishist it becomes a big deal.
Yes but you’re missing the point that it’s a relatively easy and solved problem to ban accounts and have circles of trust for banned accounts. Because these buyers are constrained in how many accounts they can buy it’s relatively effortless to ban bad actors compared to literally limitless fake personas today.
> There's a black market in China for these identities already
It is built such that eventually, Worldcoin identities can be trivially reclaimed by the iris owner, so the market for these identities will drop to zero once people realize they can just sell their same Worldcoin cred over and over again and some sucker is going to buy it.
Their only goal here is to create an identity registration system where..
1. people don't need money to register
2. people don't need to have special friends to register
This is a sybil resistance mechanism, and no other system today does this. Also, the registration is basically fully anonymous. There is no way for anyone to enumerate everyone who has registered, and there is no way to link a registrant with the wallet activity of a credential holder. Say what you will, but IMO these are some pretty useful mechanics, and there are quite a few applications of this technology that can't be done without something like this.
Designs are mostly open, and plans are for the orbs to be fully open hardware. The iris is hashed into an "iriscode" and the detailed scans are deleted, and never leave the device. Iriscode is then linked via some zero knowledge proof witchcraft to activate a World ID on a new keypair, which is completely dissociated with the iriscode.
If they didn't seem so stupid, you'd think the biometrics collection thing was the point, but I actually think they're just so dumb it's not even that sophisticated a scam.
The tinfoil hat part of me says its like the "identify the stoplights" challenges.
We'll introduce this idea that sounds really tech, and hype. Maybe imply its so difficult that computers could never compete with humans.
We'll say its about improving security, and most humans will get a vague comforting feeling from the idea that there's some security feature, even if they find it kind of annoying to interact with.
Five years later, we say "surprise, it was really about training an eyeball recognition database that we can sell. Just like the image recognition datasets."
I do not even kind of believe these people are dumb.
It’s possible the biometrics are to give the impression that it’s more strongly tied to you individually, even when they state things that make that impossible.
I.e. the fine print says “the key is the only proof of ownership” but the buzz says “digital wallet secured by spy movie tech”.
There are iris scanning stations across the US and there is no way to geographically limit who and what holds WLD. What does not available mean here? Not available on centralized US-based exchanges?
It means Tools for Humanity is neither based in the US nor offering the coin in the US. The US cannot control what that company does in other countries. The US can control what Meta does in the US.
WC isn’t doing any of the traditional shitcoin behavior. They ban discussion about price speculation. There’s no pre-sales. There’s no sales at all until the coin actually launches. One of the major premises of worldcoin is UBI - literally giving money away. I genuinely believe Sam Altman started WC with others for altruistic reasons
It’s a privately minted coin where the founders control the issuance and hold a large majority. It runs on a proof of stake network. The private company has complete control over the coin.
There are a few words about economic opportunity but little explanation, so you can discount that part. They don't seem to believe it beyond UBI distribution, which has the same problems as any distribution today[1]
Their main sell:
> scale a reliable solution for distinguishing humans from AI online while preserving privacy
> Worldcoin consists of a privacy-preserving digital identity (World ID)
> You can now download World App... After visiting an Orb ... you will receive a World ID. This lets you prove you are a real and unique person online while remaining completely private.
This seems to be the sole feature but "distinguish" and "privacy" are fundamentally at odds. Always! If you can identify a person, in any way, they are no longer private. They may be private for a little while, but as soon as User12345 is outed to be Taylor Swift, there's no going back. There's no worldcoin re-roll. Twitter accounts are more anonymous than that - at least if your anon twitter account is unveiled, you can make a new one! In that way uniqueness is anti-privacy. It has to be.
> They don't seem to believe it beyond UBI distribution, which has the same problems as distribution today
Especially since UBI distribution aren't built in any meaningful way on this blockchain. They have some vague notion of one day wanting to use it to provide UBI, but they don't have any idea of what that actually looks like, or when, etc.
They are vaguely gesturing towards the concept of UBI.
In the evangelical setting of the 90's, where TV preachers were openly broadcast over the airwaves, they routinely claimed everything was "the mark of the beast".
Credit cards, Dungeons and Dragons, Pokemon, "new world orders", the United Nations. All of these things were tools of the devil, marking your soul for eternal damnation.
I get the sense they would have had a field day with Worldcoin.
I can hear it now. "The Antichrist is taking control of the global finance system. When you choose to scan your eyes and participate in his world instead of the kingdom of heaven, you surrender your soul to the devil. And that's a place where even Jesus Christ himself cannot save you. Choosing to scan your eyes - that God himself gave you - is swearing allegiance to Lucifer and his armies on this earth. Choosing Worldcoin is making a personal choice of eternal damnation."
I'm going to be pretty pissed if the world lets itself get trapped into a technodystopian hellscape just because they didn't want to admit that those darned Christians over there got even a bit of something correct and therefore we gotta super duper virtue signal against that by slapping the shackles on as quickly as possible. What a dumb way to go that would be.
IME Christianity is as worthless as a broken clock and only correct half as often. Its foundations are so flawed I hesitate to give any credit when they stumble into a correct answer, just as I dislike giving credit to a dice roll.
Worse, acknowledging even an accidental good tends to encourage lazy thinking and reinforce a very harmful system.
And calling them out every time someone tries to throw them a bone doesn't take away from the bad elsewhere -- such as VC grifting shit coins and their panopticon dreams.
If you can identify a person, in any way, they are no longer private.
This is not necessarily applicable. There's cryptography from 20 years ago (e.g. the work of Stefan Brands) that can show that someone has a World ID without revealing which ID it is. If no "username" is ever revealed then it can't be linked to anything.
If the idea is to make "World ID" universal, in that everyone is going to have one, what does attesting that someone has one means? Nothing. Virtually nothing. Everyone either has one or can get one, to attest that they do means nothing of value.
I think the idea is that if you make a botnet of a billion bots you will not have close to a billion "world id"s (is that really what they are called? lol).
Maybe you can find a few thousand on the black market, but that's going to add up fast.
I know nothing really of this worldcoin latest hype. I think that attesting that you have one, without revealing who you are, could maybe be used to attest that you are not a bot? Maybe I misunderstand. Sounds interesting if true tho.
You’re misunderstanding how worldcoin works just like basically everyone who tries to criticize it. There’s no way to tie World IDs together between platforms. A unique ID is generated per platform from your wallet.
If they're all derived from a single source then isn't it possible it could be reversed? Or at least a relationship deduced? Given enough per-platform IDs
There is a certain degree of that for sure. These people really see themselves as “destroyers of worlds” when in fact they are becoming a but amusing in how they try to inflate their importance on the scene.
But the sense of urgency cause by the supposed incoming terror, destitution, and despair seem to indicate these people would almost enjoy seeing it happen. Notice how their marketing doesnt focus as much on the benefits as it does on the drawbacks. It’s as if they _want_ the negatives to come to fruition and some sort of radical change to happen as a result of it.
Maybe i am reading too much into it and giving sam and the other folks at openai too much credit, but the idea that they might be accelerationists is so crazy that it might actually be fact.
Why else would you go above and beyond to build products that you yourself claim can be extremely harmful, they require radical change, other than you wanting for that negative outcome to happen so that you can achieve said change?
Didnt the person say or write somewhere that he wants to solve inequality? And since ai would drastically increase inequality by extracting work from the masses and selling it for the profits of the few at massive scale doesnt it is logical to believe that he’a aiming to prove a point. Speeding things up, cause social upheaval, that leads to social change. The definition of that ideology.
It's something that I noticed a long time ago in various subcultures that focus on preparing for some variant of "end times".
I think that if you've put a ton of time, money, and effort into preparing for a thing to happen, you begin to want that thing to happen (even if unconsciously). If it doesn't, then all that time, money, and effort was wasted.
> Andrej Karpathy, another OpenAI employee [...] “My hope going into Oppenheimer was that it would be a kind of true story ‘Avengers of Science,’” he said in a tweet. “It's still a good movie with lots of gems but the focus was elsewhere.”
These are the type of people building and running OpenAI? We're in a fun ride, seems they're more out of touch than I could have imagined.
I hope that the tech billionaires are simply blundering towards the destruction of society, rather than intentionally trying to do so with something like Effective Accelerationism. That would certainly fit with Hanlon's Razor.
I have a simple theory that tech billionaires are at least partly influenced by the sci-fi of their youth. While some of the older tech billionaires were brought up on utopian sci-fi like Star Trek, with wonderful ideas like the post-scarcity economy, some of the younger tech billionaires
were brought up on the dystopian sci-fi of the 1980s. Unfortunately what seems to be happening is that they may have mistaken dystopia as a blueprint for what to build rather as a warning of what to avoid.
> Unfortunately what seems to be happening is that they may have mistaken dystopia as a blueprint for what to build rather as a warning of what to avoid.
I have felt this too. Young SV valley tech bros seem to be trying to build whatever they saw at the movies. This includes some movies with very bad outcomes unfortunately.
Interesting. I wonder how he would characterize his belief system.
I personally have a very dim view of him, mostly because of Worldcoin (which is how he came onto my radar). His work with OpenAI confirms my unease with his efforts and makes me wonder what his goals actually are.
Altman's belief system is "I deserve more money and power", that simple. There's no generous interpretation of building a 25% pre-mine shitcoin, and hawking it to third world countries through sketchy contractors who are explicitly incentivized to collect biometrics from anyone they can, where the claimed purpose of said shitcoin isn't even a little bit implemented, especially all of this in light of your friend and business partner runs fucking Palentir
It's weird how much of that wiki article (and others I just looked up) trends towards right/alt-right extremism as I have never thought of accelerationism as something fascists would take to. My original understanding of it was that ai/tech will become so advanced that it will take over a lot of the production and labor we currently do to feed, build, and supply the world with resources and when that part is automated, humans would hopefully be freed up to do more with their life. This would have to involve restructuring money, society and how governments and resources are allocated. Ties to UBI and how much people get will have to be solved in a different way since we no longer need to do all the menial work. The time span between ai starting to be able to do all of this (maybe starting soon) and when we finally figure out we don't need to work for money is the terrible part where loss of jobs would eventually cause an upheaval and rethinking of how society needs to be structured and the acceleration that people talk about is trying to speed through this bad part as fast as possible to get to the other side as possible. I guess my idea of it is not at all what others seem to think though? I'm pretty pessimistic the "other side" will actually be a utopia but that would be up to the collective to figure out but it seems like a worthwhile concept on the surface.
Of course, one of the problems with the idea is that it endorses throwing innocent others under the economic bus. It's nice that they want to "speed through" that part -- but it still boils down to advocating harming people who aren't consenting in exchange for the possibility (not guarantee) of something better for later generations.
It's not weird at all if you're familiar with the history of the term, and the currents in mass politics of the 20th century. Everything from the German SDP's (left wing) acceptance of Hitler's rise to power with their quasi-accelerationist "first Hitler, then us" strategy, to the (right wing) OSS/CIA/fascist Strategy of Tension in Italy, to (right wing) boogaloo boys trying to incite race war, to (right wing) evangelical millenarianism around sparking war in Jerusalem to prompt coming of the antichrist.
It does have its beginnings as a concept in Marxist writings. In a way, Marx himself was the first accelerationist (but he seems to have mostly abandoned that thinking towards the end of his life).
There are some pretty scary possible solutions that cover all of climate change, overpopulation, labor and resource scarcity in one fell swoop given AI and a lot of money.
One of the popular strains of it is literally called Kali Yuga Accelerationism, or kali/acc. Which is Nazi mysticism. You should also look into Nick Land. These reactionary freaks love accelerationism
Luckily, YC is experiencing a cultural shift. The likes of PG and Marc Andrewessen, Sam Altman and Peter Thiel were not frowned upon in 2010, not to mention Elon Musk or Zuckerberg.
First, many of them sung a different tune when they were challenging power before becoming established power.
Second, they weren't subject to much public scrutiny as they weren't yet household names until maybe the mid '10s when tech companies took over the market.
I need to correct myself. It should have said Hackernews instead of YC. And it is really the comments here that reflect a cultural shift which i think is interesting.
That's the main idea behind accelerationism from a Landian perspective. That capitalism is just getting started and that it's unstoppable and that it won't transition into socialisim like Marx predicted but rather will encompass more and more of everything and be the vehicle for the next evolution into a cybernetic species. It's the evolution of evolution and it's unstoppable. So get on with it and learn to love it.
Quotes like "it is easier to imagine an end to the world than an end to capitalism" and Mark Fisher's (CCNU and Nick Land, etc)ideas around capitalism realism sort of sum it up.
I don't see that per-se. I think it's more likely that capitalism continues to rapidly advance technology to the point where we truly do evolve evolution. So a certain part of the global population will have access to DNA synthesizers and other biotech and AI and can reproduce a master race of post-humans that will dominate and eventually annihilate Homosapiens. After a few generations of rapid improvement (a singularity where post-humans and AI merge into a single entity) they'll view the rest of the world as we view other primates today and won't have much use for them. If not through intentional genocide then just being unable to compete for ecosystem, etc. Homosapiens will fade away as Neanderthals did.
Capitalism is a system (much more than just an economic system) that allows for selection like this. In a sense a type of market driven Darwinism which chooses how energy is spent developing the tools that allow humans to evolve rapidly into the next thing. That it's natural that Capitalism started with the industrial revolution which marks the beginning of humans evolving tech rapidly. It's almost as if it was inevitable once we reached that stage. To be against it is futile as it's as natural as gravity. And we just keep getting better at it.
Maybe, maybe not - but that's sort of the point. It doesn't really matter since there's no alternative. Accelerationism isn't even a conscience choice per-se - it's a phenomenon that is a product of technological advancement of which Capitalism is the vehicle for. If anything, the only conscious choice is to not resist it as that's ultimately futile since it can't be stopped. Well, unless we went full Teddy K, which I don't think is likely.
This is not a rational response, I admit, but I simply cannot accept that our doom is inevitable and resistance is futile. If that's the case, then what's the point of even waking up tomorrow?
Personally I don’t think nihilism is a great compass. You’re right - what’s the point? But do we need a higher good to beat on? Why not just enjoy the essence of our personal temporal existences and make whatever meaning makes sense to us as individuals?
And I don’t think doom is the right word. I mean yeah, Homosapien as we know it being wiped out but in a way similar to Neanderthal.
Sure, you can regulate and probably should. It’s important that genuine technology is brought to market.
But I posit that it doesn’t really matter. Technology will ultimately prevail. I’m not sure I would call it a dystopia but rather the next step in the evolution of life.
> Capitalism is a system (much more than just an economic system) that allows for selection like this.
You just described capitalism as a kind of suicide pact.
I don't entirely disagree, but limit this critique to unrestricted capitalism. Unrestricted capitalism is a monster that would, if never restrained, basically destroy everything.
Yeah like a creative destruction type thing. I think the point is to destroy whatever this is by the process of evolving evolution via capitalism’s ability to rapidly push forward tech which creates genetic/dna synthesis which evolves into post-humans.
I'm very much into the crypto world and I'm so tired of all of these dumb scams. Even worse that it is backed by yet another scammer named 'Sam'.
I really wish we could focus on things that actually provided value to people. What a waste of time/money/effort. I hope this one dies a quick death. So far, it looks like it will, which is great.
Honest question, is there any cryptocurrency that provides actual value to people? The blockchain can be trivially deanonymized from my understanding. It's difficult to get coins without at any point revealing your identity. So, if you're not in a circle of people who will physically trade coin for cash (or vis-versa) there seems to be no privacy argument.
I just fail to see crypto as anything but a scam - period. It's like physical gold and silver but worse at everything they do. How can one even derive value from a coin like bitcoin where the swings are often worse than the bolivar.
Hopefully that opens some discussion/thought points that we can focus on.
Update: thinking a bit further on your points. My personal concern isn't privacy, my concern is more with decentralization. I don't agree with other people telling me what I can and cannot do with my own funds. It is relatively simple things... If I travel to another country, being limited to carrying $10k cash on a plane, is absurd (why would I need to carry cash anyway?). If I'm in another country, getting access to my funds is often extremely difficult. These are the things that I'd like to see people work on.
I spent 4 years living in Vietnam (and Laos / Cambodia). Never once found an ATM that worked with my card (Chase bank) and everyone I know said that they were limited to about 2m vnd in Vietnam, which is about $85. Never mind having to pay fees on every transaction.
It is absurd to have to get some special card or bank account. It is absurd to be limited to a tiny amount of money, I certainly wouldn't have been able to pay rent that way.
> is there any cryptocurrency that provides actual value to people?
It allows people to bypass laws and regulations around currency exchange. This can be a good thing -- bypassing repressive regimes, making it easier to send funds over national borders, etc. It can also be a bad thing -- evading consumer protections, reducing the ability of nations to manage their economies, etc.
When I was using darknet markets there were people you could mail cash to and then they would send you crypto.
My understanding is Monero is private. So you could also just buy it from a regular exchange. Maybe it has replaced the whole mail people cash thing. Never looked in to it or used it though.
Monero has not be deanonymized from my understanding. Most coins are shitcoins, yes, including Bitcoin, but Monero is at least decent (assuming you actually own your crypto via a hardware wallet).
I've been told I can use USD to buy drugs too. In fact, USD is the number one currency on the planet for nefarious purposes, by an absurd amount.
Monero has a 24h buy/sell volume of only $110m. What do you think the global volume is for drug/nefarious trade?
Using crypto for "bad things" is a rounding error in the grand scheme of things.
Given that Mastercard just stopped allowing debit card usage at Cannabis stores (which makes sense, it is a source of fraud with cashbacks), it seems like there should be a way that people can buy things without having to take on risk by carrying cash into a store.
> Using crypto for "bad things" is a rounding error in the grand scheme of things.
I never said drugs were "bad things". Some of them are, but some of them aren't. I was genuinely pointing out that getting access to certain unfairly prohibited drugs was a positive benefit that some people get from cryptocurrency.
> Given that Mastercard just stopped allowing debit card usage at Cannabis stores (which makes sense, it is a source of fraud with cashbacks), it seems like there should be a way that people can buy things without having to take on risk by carrying cash into a store.
See, there's another illegal drug you might be able to buy with cryptocurrency! My point exactly.
Buying or selling cannabis anywhere in the United States is a federal crime. I’m not sure what the White House has to do with this, unless you’re making a topical joke but that was cocaine.
They won’t, in one side you have those “state sponsored” scams that will milk people’s money and trust, and on the other side you have a happy government because those at very least will keep people from trusting anything than the traditional centralized banks.
I am in the bitcoin world since mid 2010, it was that concept that any freedom and open source enthusiast will love, and it kept going that way until around 2016, gradually getting worse till 2020, then going downhill from there with these scams and Ponzi schemes, dozens of fraudulent coins and business models built around the fact how to scam people and cash out, or used for other means like this meme worldcoin one. Still, I like that you can have a truly decentralized way of funding other than traditional banks, and with some coins providing anonymity is a plus too respecting the user’s privacy.
This is a really tired take. Please provide some substance as to why you think this is a bad project instead of just shitting in it without justification
Assuming new cryptocurrencies aren't scams is a really tired take. Please provide some substance as to why you think this is a good project instead of just defending it without justification.
I don't see any substance in that argument at all - just PR bullshit. There are even contradictions within their own talking points which many other comments have pointed out.
Anyway, you're welcome to your beliefs - but it's fucking obnoxious to take a stance like that and just deflect when someone asks you to defend it.
I think it's interesting to describe the process to establish your identity in the United States if you lost ALL of your identification documents (e.g. in a house fire).
It essentially boils down to:
- Get a bunch of people you know who can verify that you are indeed who you claim to be
- Have them sign legally binding documents that attest that, yes, you are you
- Start building your paper documents all over again
We never really talk about any of this given that it's pretty rare for this to happen to someone but I think it's interesting to point out that it eventually boils down to your IRL social network.
I wish a similar system also existed for account recovery instead of being stonewalled by customer service I might be able to recover some years old accounts
Any decentralized system that uses biometrics for authentication rather than just identification is doomed to fail spectacularly.
Biometrics are like a username NOT like a password.
When a piece of wolrdcoin is inevitably compromised, people have no means of rolling a new iris. The whole thing will come crashing down.
There are so many stupid decisions this team is making. Like, users can opt into the orbs retaining their iris scan for network quality assurance purposes. Would any sane person ever opt into an ATM storing their PIN number for quality assurance? It is an implicit bounty for hacking the orb. And the fact that they seem to need further quality assurance points to the fact that they aren't confident people will have continuous access to their accounts. Best case, I'd imagine anyone who has a catastrophic eye injury would also permanently lose access to their accounts - but I suspect the reality is much worse.
As much as I think Worldcoin is dumb they do get this part right in that they only use the iris scan as a unique identifier to prevent multiple sign ups from the same physical bag of meat^H^H^H^H^H person.
There is still a 1:1 relationship with accounts and people. They have just cut out some extra steps when the original account creator does whatever it is the 3rd party wants them to do manually.
That some people might use their Worldcoin account to do things on behalf of someone else is a different problem from the one OP was referring to.
Huh, I don't understand the intended security benefit of the iris scans at all then.
If the system has value inside of it, inevitably people will figure out how to make synthetic irises that fool the orb, nullifying the sybil attack prevention benefit. Surely someone could get a handful of real iris scans (using the same open source hardware) and generate a huge number of plausible synthetic iris datas.
Is the idea that in the current moment of the tech arms race, if someone steals an iris scan, the capability to synthesize an artificial iris that encodes that scan has not yet been developed?
Have they published a 'solution' to what happens if you are holding worldcoin in an iris-associated account and then:
- your scan data is stolen, ex. fake orb scans you and publishes your iris data on the internet for anyone to use
- someone throws acid in your face, your irises don't scan the same anymore. how does this affect the user's ability to access their wallet?
(is there additional private key management needed to use worldcoin securely? is the iris scanning thing really nothing more than a temporary sybil countermeasure..?)
I don't know what this is and I'm not even going to read the take-down article. If you slap "coin" onto the name of anything, I'll run a mile from it. I just dropped in to say that. bb.
“Worldcoin” sounds ridiculously cringy and pompous like it came from an 80s young adult novel for boys.
It’s kind like how the terrible grammar/spelling in email scams has the side effect of pre-selecting desperate or out of it enough people that ignore red flags.
This is valid criticism and it’s unfortunate that they chose this name for sure. It results in knee jerk reactions from people that don’t understand it and make assumptions
OK, so I gaze into the orb, it generates me a private key, and assigns me a wallet. Now what happens when I leak that private key? Is it all over for me and my money? I obviously can't get another one – you get one World ID per human.
If I recall correctly, the whitepaper talks about using the iris code (generated from your iris image) to associate your private key to your world id. I think one of the purported selling points is that you can recover your identity using an orb and your iris.
I don't think Worldcoin is the solution, but I'm interested in hearing what the rest of you think the solution to the bots-indistiguishable-to-humans problem could look like? Or should we just accept that the times of interacting over internet with strangers you can believe to be humans is over?
The only idea I see is for some certificates handed out by government to citizens and I absolutely hate it even in a democracy.
I haven't heard of, and can't think of, a solution to this problem that doesn't introduce much larger problems. Big picture, I don't think the problem of distinguishing humans from bots online is a big enough deal that we should take hits in other areas to solve it.
The least-harm solution, as far as I can see right now, is to just accept that the internet cannot be made trustworthy in this way. The only way to know for sure the nature of who you're dealing with will be to deal with them in person. Much like it has always been.
Identity online should be optional. If you read comments on a news story about an upcoming election in your country, you should see some that are verifiably a human citizen from your country, separate from everything else. Pay attention to everything else at your discretion.
I think a web that is half identified and half anonymous would work well.
There isn't a single solution to be had because there isn't a single way you interact with strangers online.
Verifying identity is necessarily completely different if you're sending someone an item in exchange for money, or looking to date them for a while, or going into long-term business with them, or maybe just having a discussion where you want to validate that they work where they claim.
We don't need blanket verification of people's identities online. If a bot is posting on a service and is indistinguishable from an interesting human, why shouldn't it stay? "On the internet, nobody knows you're a dog" used to be the Web 1.0 motto.
In Europe there's eIDAS. You install an app on your phone that can be used to identify yourself. This is used to sign documents, payments, single sign on to other apps / websites, etc. During onboarding you will need to verify your identity with the help of the government, banks, or other recognised authorities. Afterwards it's just the app. It works very well.
The thing is that in some cultures people are strongly against ID cards. In the UK for example, for a long time there was a fight against a national identity card. Even though you have to get one (a passport) to travel abroad. Instead they would use electricity bills to prove things like you actually live somewhere. Or the driver license was a pice of paper, with no photo. With fraud as a result.
I think it is based on that in some countries there is less trust in the government than in other countries.
Where I live, Sweden, it is very hard to live without an ID card/passport and starting to get hard without a digital ID.
However, the privacy laws and prevention against abuse is fairly good. Not perfect I am sure but pretty good, compared with the US or even the UK (both places I have lived).
> The only idea I see is for some certificates handed out by government to citizens and I absolutely hate it even in a democracy.
I think this is the answer. Governments already have the infrastructure to verify identities in person, and no other organization is going to build it.
I think your idea of certificates handed out by government is horrifying, but I agree it seems to be the only way to guarantee that you are who you say you are - even though it comes with several potential avenues for abuse.
I think we'll see two "tiers" of internet.
One tier will be for day to day usage for "normal" users - banking, social media, news, etc. A tier that you digital ID will be used to verify you are who you are, and others can be assured that they're talking to the person they say they are - though there are flaws in that system if someone can get a hold of another persons' certificate.
The other tier would be the unverified internet - things like boilerplate/startup communities, activities you don't want your digital ID tied to, something to still allow people to remain semi-anonymous on the internet if choosing to.
Not sure if this will be what actually happens or if governments just slowly decide to force people to use only the verified internet while trying to access the "outernet" (or whatever buzzword they'd use) would be met with scrutiny and potentially criminal charges.
Well hopefully the system could be semi-anonymous. So reddit doesn't get your identity, they are just able to prevent you from making another account (or perhaps limit it to a few accounts per real person). If they are nice, they don't even need to track which accounts belong to the same person.
Of course there is a lot of space for abuse. And it would unfairly lock many/most people out, because services can only accept certificates from the governments they trusts.
Why did we believe that we could build an algorithm that provided trust? We can provide "trust", which is when we narrow the definition to verifying whether mathematical objects have been tampered with, or whether they can be observed without secret keys, but we could always make safes.
A certificate from the government that gets revoked when you commit a crime. Or are accused of a crime. That can track every single thing you so online. All of your speech online, which is most of everyone’s speech, is permanently stored and analyzed.
The government doesn't need to know which services you use and which accounts are yours. The service doesn't need to know who you are, only that you are a unique human.
But yes, as I said, I hate the idea. Was asking for other solutions.
They’re actively developing to prevent this, though already it would require a compromised orb and orb operator, which would get blocked from the chain and all irises scanned since compromise removed from the chain. The bigger hurdle is the scanning of people who are dead or unconscious or animals trying to pass as human
I don't get all the comments, from the worldcoin website:
> Your biometric data is first processed locally on the Orb and then permanently deleted. The only data that remains is your IrisCode. This IrisCode is a set of numbers generated by the Orb and is not linked to your wallet or any of your personal information. As a result, it really tells us — and everyone else — nothing about you. All it does is stop you from being able to sign up again.
> Since you are not required to provide personal information like your name, email address, physical address or phone number, this means that you can easily sign up without us ever knowing anything about you.
If Worldcoin is building a biometric database, that must be the most useless database in the world.
If I understand correctly this is what they want to do eventually (delete the info used to create the iris hash) but isn't actually what they are doing. The impression is that once they have their algorithm "perfect" and never need to retest on source data they'll go back and delete all the data they have stored but who really trusts that will happen?
No state can manage identities without the consent of the individual because individuals have to actively protect and manage their identities and not sell them.
E.g. we protect our social security numbers against identity theft because the economic benefits of having one outweigh selling it. But when there isn't a benefit, then the identity can just be sold.
Solving the identity problem and solving the "good governance" problem are likely the same problem.
I'm glad that while hollywood seems to be completely out of entertaining ideas, real life is producing scenarios where millionaires are having their eyes removed by international criminal organizations to cash in on a one world centrally governed currency. Oh boy.
> But when it comes to sensitive information, promises aren’t enough. And the very people who insist that you trust them are the ones who should command the most suspicion.
It's the age-old rule of thumb: never trust anyone who says "trust me".
Imagine sama had put all this energy, capital, and relationship capital into fusion power, instead of WorldCoin. Beyond Helion.
It would be easier to accept him as someone who is genuinely altruistic. Instead, he turns out to be just another self-serving 'tech' bro.
I write 'tech' because clearly this guy does not actually care about pushing technology forwards for human good -- which is the cause, in my view, of all real technologists. It's about himself, just as it is with the great Technoking.
I've been scrolling this thread for ten minutes and also read through the worldcoin website. Nobody seems to have asked this. If they want this to be a true proof of personhood it needs to work for every person.
We just need to ban crypto in the USA through cutting off their access to dollar transfers and pulling exchange charters. The SEC should have never made it an asset. People who have crypto can still get their money out from overseas institutions and platforms, if not simply use it for what it was originally designed to be - peer to peer; not this "code for dough" paradigm it has become. Crypto had its time and we didn't replace the banks with it, so its true potential is gone now that the financial system has control of it.
In addition, the USA needs to create a single Civilian Social Platform just like we did the highway system. We need to validate people based upon their citizenship, and label people based upon their relative status to actual stakeholders in the nation.
VC shitcoin. Bitcoin is the only real, legitimate cryptocurrency because it's not owned by anyone. People getting into worldcoin are just people trying to get their free $ like a free Temu counpon code.
I don't get how anyone can call something with an eternally-fixed quantity a currency. What's the plan for when it starts appreciating and people stop spending it and start hoarding it?
Why? If any currency is appreciating, people are incentivized to hold it, which has the effect of decreasing supply, and decreasing supply makes the price of something go up, not down.
Everytime I hear of worldcoin I immediately think of onecoin. I wonder if onecoin wouldn't be the name of worldcoin if it weren't for the controversy. Onecoin is a good name though.
I thought keybase was really on to something. It's ashame they sold out. I'm surprised nothing has picked up where it left off in relation to identity declaration/proof.
I'm grateful for worldcoin as it shows the True face of the dystopian ruthless capitalism of Silicon Valley, AÍ companies and all this bullshit that focuses on profit while completely forgets and did regada human wellbeing.
sam altman is a snake. has an opportunity to testify in front of congress and capitalizes on the event by trying to pull the ladder up behind him. gross sam.
Any substantial comment or profound insight? Otherwise you’re ranting in the wind. We’ve seen these things regularly enough. If you think a good argument needs to be made, then make it. Just dropping 2 links without any form of context just makes you look like a shill or a crank; most people are simply going to ignore them. Particularly if one of them is a tweet, or whatever they are called today.
In the end it comes down to the actual implementation. The article states that the data stored is just a hash of the iris scan. From that hash accounts can be created that can be used to verify against that hash to make sure your are an actual person. According to the twitter post multiple accounts can be created and and used for verification independently, so indeed providing some privacy. So the question that remains is can the world id be used to discover these accounts, which would be bad. That question remains unanswered.
There is of course the point that you have to trust Sam Altman that the system works the way it is claimed and no actual biometric data is stored.
>A way to "seed" graph-based reputation systems
Quadratic voting
Pass
>Protection against bots / sybil attacks in social media
>An alternative to captchas for preventing DoS attacks
Hmmm, those are probably the real reasons behind all of that, it is just the bullet-proof way to de-anonymize the internet users, and building a database that can be purchased later for billions by other entities, ones that likes to “end the captchas” aka web environment integrity [1], or the ones who buy it to force serving ads regardless of any ad blockers and having a fully detailed profile about you, or the ones who integrate that identity to their fingerprinting services, or the ones who will use to “fight misinformation” aka opinions doesn’t align with our narrative, or the ones who will integrate it to social media signup process or votes [2], or the ones will add it to their electric cars, and the list goes on I could write a book how’s that a horrible bad evil idea. It’s all power and control game, The article tries to list ways to protect and prevent such cases, but we all know it won’t be applied as the motivation is against that, luring people for the $20 is just the bait, literally a bait.
[2] in the article itself “If proof of personhood is not solved, decentralized governance (including "micro-governance" like votes on social media posts)”
Yeah, the article and this whole comments thread is very intellectually dishonest.
Disclosure: I’m like, 70% optimistic about the project. I don’t believe that the team are lying. Anyway, as with many things, time will tell. I wouldn’t get worked up over it. If it fails it’s pretty inconsequential.
Definitely, it only collected the biometrics of thousands of desperate people into the hands of private people who work with law enforcement agencies everywhere to provide surveillance as a service.
You’re misrepresenting what it’s collecting and you’re part of the problem in this discussion. Worldcoin isn’t storing anything that could be used by any other entity. It doesn’t store biometrics and there isn’t a way to use the store information to know what the iris looked like that generated it.
A hash of a biometric has the exact same negative properties of a biometric data point itself: That it is not concealable, you cannot change it, and that it is tied to you explicitly. Surely you see how a giant database of biometric hashes provides the same usefulness to bad actors as an actual biometric database? It's a unique identifier tied explicitly to your physical body. Anything that hash is tied to can later be trivially de-anonymized.
After collecting everyone's biometric "ID", that database can be helpfully leased to Peter Thiel's (one of the early investors) wonderful surveillance machines, so now when the officer pulls you over "for a broken taillight", their body camera can get a nice view of your iris and buy your entire worldcoin history from say Palentir, for a price of course, and zero warrant.
As I said, you're misunderstanding. The hash can only tell if your iris has been scanned before. It doesn't tie to your identity in any way. And there is no tie between your World ID and the activity on any website that uses an account generated from your World ID, because your wallet makes a new anonymous, private account for each platform.
Thanks for proving my point that virtually all criticisms stem from people misunderstanding or not putting in the effort to learn how it actually works.
>It doesn’t store biometrics and there isn’t a way to use the store information to know what the iris looked like that generated it
You don’t know this for a fact, is it an audited open source project and the security/privacy vouched by some known people in the field? No. It’s just marketing crap
Maybe they are not lying, who knows, but their work can twisted for sure for other unethical results but still legal to do so, after, that team is motivated by money.
If there's anything special about HN participants, it's that many of them are slower than most at recognizing crypto scams. How many blow-ups does one need before adjusting one's priors on the legitimacy and utility of crypto? FTX, Celsius, 3arrows, TerraLuna, Binance, MtGox, etc. The list goes ever on.
I think it's a kind of uncharitable article (surely Sam and the rest of the people involved have spent a ton of time thinking about the problem and the existence of black markets and possibilities for abuse), but
>I don’t know if it’s the best attempt but I understand what it is and what the goals are.
a bad solution can potentially be worse than no solution in this case. A false belief in identity guarantees can facilitate fraud and other manipulation, while "you should never trust anyone or anything, including that there's a 1:1 relationship between public keys and individual humans" at least advises everyone of the risk.
Worldcoin only verifies someone is a real human once, when the identity is created. There is nothing stopping someone from lending or selling their verified identity to a bot.
It already happens. Identity dealers will go to poor areas and buy people's proof of identity for just a few dollars, before selling them on the black market.
A company I used to work for had a massive problem with this. I'd detect a fraudulent user and check their proof of identity, and in retrospect it was obvious these were black market identities. They always fell into clusters, one vendor always sourced their IDs from an area of southern Russia.
Another vendor sourced their IDs from a city in northern China. They weren't trying very hard, you would find a bunch of new users all created on the same day, the users were always retirement age women and the photos would show them all in the same room.
Make a human go to a place for example (though even this has difficulties with fraud). I'm not making any specific claims about world coin other than the goal they're trying to solve makes sense as a goal in a world where bots are increasingly capable of mimicking humans successfully, we want to know when something is human and when it isn't.
Attempting to solve that problem now before it becomes critical makes sense, not every attempt will be good.
A better article than this one would have dug into that problem.
Absolute and utter bullshit, and you know it. Sam Altman is always in for a single person: himself. I have never seen less altruistic, less simple to understand than him [0]. Everything, the world ID, the money, the coins, is just a pretense for a single purpose: that he gets involved in everything whenever the idea of a global ID appears anywhere in the world. Or an ID at all. What's that Alabama, you want to create a state ID ? For the low low price of the GDP of a small african country, you can have access to our World ID database of all Alabama-scanned eyeballs.
[0] Aside from Larry Elison, but there's still debate on whether he's actually human or not.
So this is just any other coin with extra steps, and the extra layer of trusting Sam Altman with your eyeballs to generate secret keys?
[1] https://www.coindesk.com/policy/2023/05/24/black-market-for-...