Preventing such attacks is one of the main reasons why custom hardware is required. For more info, search for "spoof" in this section of the whitepaper:
Each Orb has a private signing key that's generated + stored inside a secure element. For more info, search for "secure element" in the following sections of the whitepaper:
Worldcoin | Berlin & San Francisco | Onsite & Remote | Full Time | Embedded Systems | IoT Software | Cloud Security | https://worldcoin.org/
Worldcoin is a new, collectively-owned global currency that will be distributed fairly to as many people as possible. Worldcoin is built on top of the Ethereum blockchain, and is focused on decentralizing trust, preserving privacy, and scaling globally.
People can claim their free share of Worldcoin by signing up with an Orb, our custom hardware device that confirms that each new person is unique to the network. A privacy-preserving signup process is possible through a novel combination of biometrics, machine learning, and zero-knowledge cryptography.
In addition to being widely inclusive, the Worldcoin network will support the first scalable "Proof-of-Personhood," a critical primitive for the emerging Web3 ecosystem.
Worldcoin | Berlin & San Francisco | Onsite & Remote | Full Time | Embedded Systems | IoT Software | Cloud Security | https://worldcoin.org
Worldcoin is a new, collectively-owned global currency that will be distributed fairly to as many people as possible. Worldcoin is built on top of the Ethereum blockchain, and is focused on decentralizing trust, preserving privacy, and scaling globally.
People can claim their free share of Worldcoin by signing up with an Orb, our custom hardware device that confirms that each new person is unique to the network. This privacy-preserving signup process is possible through a novel combination of biometrics, machine learning, and zero-knowledge cryptography.
In addition to being widely inclusive, the Worldcoin network will support the first scalable Proof-of-Personhood, a critical primitive for the emerging Web3 ecosystem.
I think it's the idea of collecting them in the first place that most people are uncomfortable with. It's still a lot of trust to put in the hands of a private company. It reminds of the whole brouhaha with Apple and their CSAM privacy measures.
The wallet and iris hash are never linked. The privacy properties of a Worldcoin wallet are identical to an Ethereum wallet (i.e. pseudonymous until you doxx yourself).
Worldcoin does not use your biometric information as a password or private key. It's used to distribute unique identifiers, one per person. The Orb can't be used to recover private keys.
