privacyguides/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-07-01 17:22:39 +00:00
Code Issues Activity

style(blog): Fix typos (#3041)

Browse Source 
Signed-off-by: Jonah Aragon <jonah@privacyguides.org>
Co-authored-by: redoomed1 <redoomed1@privacyguides.org>
This commit is contained in:
Em
2025-05-20 15:53:15 +00:00
committed by GitHub
parent c99e405b6f
commit fb3b662136
1 changed files with 22 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
blog/posts/sam-altman-wants-your-eyeball.md
View File

@ -36,7 +36,7 @@ The World App is an everything app, providing users with a *World ID*, that can
The scan is then filtered and hashed to create a unique identifier that is stored as a so-called "proof of personhood" on the *World Network*, a blockchain-based protocol.
The World App itself contains a collection of "Mini Apps", where users can manage their cryptocurrencies, chat together, play games, receive their pay check even, and ultimately live their whole life within the closed "verified" ecosystem of the app.
The World App itself contains a collection of "Mini Apps", where users can manage their cryptocurrencies, chat together, play games, receive their paychecks even, and ultimately live their whole life within the closed "verified" ecosystem of the app.
For a company constantly praising decentralization, it sure looks like they want to make sure they are the center of it all.
@ -54,7 +54,7 @@ If they succeed in convincing enough people, many of us could soon have little c
## World(coin) isn't new, you might have heard of its unethical practices already
The project [claims](https://techcrunch.com/2025/04/30/sam-altmans-world-unveils-a-mobile-verification-device/) to have onboarded 26 million people already, including 12 millions "users" who are verified (had their biometric data collected).
The project [claims](https://techcrunch.com/2025/04/30/sam-altmans-world-unveils-a-mobile-verification-device/) to have onboarded 26 million people already, including 12 million "users" who are verified (had their biometric data collected).
These "users" are largely located in Latin America, Africa, and Asia. This is because the company started testing for its project there a few years ago, in regions where people often have fewer legal protections.
@ -68,15 +68,15 @@ So much so that [Kenya suspended the company's operations](https://techcrunch.co
Some people who signed up never received the promised money. Some officials were bribed to give the impression to participants these operations were official and supported by the government.
As Ruswandi, one of the person targeted by this early campaign [remarked](https://www.technologyreview.com/2022/04/06/1048981/worldcoin-cryptocurrency-biometrics-web3/): "why did Worldcoin target lower-income communities in the first place, instead of crypto enthusiasts or communities?"
As Ruswandi, one of the persons targeted by this early campaign [remarked](https://www.technologyreview.com/2022/04/06/1048981/worldcoin-cryptocurrency-biometrics-web3/): "why did Worldcoin target lower-income communities in the first place, instead of crypto enthusiasts or communities?"
Exploiting people in situation of poverty in order to test a biometric identification technology isn't a great way to start a project developed by a company called "Tools for Humanity".
Exploiting people in situations of poverty in order to test a biometric identification technology isn't a great way to start a project developed by a company called "Tools for Humanity".
## Creating the problem, selling the solution
Why developing such a technology in the first place?
Why develop such a technology in the first place?
Sam Altman himself have [expressed concern](https://www.wired.com/story/sam-altman-orb-eyeball-scan-launch-us/) about the problem this alleged solution solves: the avalanche of fake accounts and pretend persons online caused by the new AI tools unleashed everywhere.
Sam Altman himself has [expressed concern](https://www.wired.com/story/sam-altman-orb-eyeball-scan-launch-us/) about the problem this alleged solution solves: the avalanche of fake accounts and pretend persons online caused by the new AI tools unleashed everywhere.
The proposed use of a "proof of personhood" claims to solve this problem by allocating a unique identifier to each human, a personal code supposedly impossible to duplicate or cheat. Of course, this has [already been proven wrong](https://gizmodo.com/worldcoin-black-market-iris-data-identity-orb-1850454037).
@ -108,7 +108,7 @@ If every social media account becomes tied to a unique biometric-based identifie
Further, if only one account is allowed by "verified human", then no one can create separate accounts for their work life and personal life anymore. Creating separate accounts for separate purposes is an excellent privacy-preserving practice.
Even if the identifier isn't tied to a legal name directly, accounts on different platforms using the same identifier could potentially get liked together. To be fair, it does seem Tools for Humanity worked to prevent different platforms from having access to the same code, but how well will this hold the test of time? Will platforms increasingly escalate privacy-invasive requests from this point, like they often do?
Even if the identifier isn't tied to a legal name directly, accounts on different platforms using the same identifier could potentially get linked together. To be fair, it does seem Tools for Humanity worked to prevent different platforms from having access to the same code, but how well will this hold the test of time? Will platforms increasingly escalate privacy-invasive requests from this point, like they often do?
**Pseudonymity saves lives.** It is an essential tool for the safety of the most vulnerable online. Killing pseudonymity by requiring unique biometric identification could endanger millions.
@ -156,13 +156,13 @@ As whistleblower [Edward Snowden rightfully pointed out](https://x.com/Snowden/s
### Questionable reassurance about local data
One of the biggest reassurance relates to the claim that sensitive biometric data (Image Data) is only stored locally. But this isn't completely accurate either, and there seems to be conflicting information about it from the company's own documentation.
One of the biggest reassurances relates to the claim that sensitive biometric data (Image Data) is only stored locally. But this isn't completely accurate either, and there seems to be conflicting information about it from the company's own documentation.
The World [white paper](https://whitepaper.world.org/#enrollment-process) specifies that:
"The Orb verifies that it sees a human, runs local fraud prevention checks, and takes pictures of both irises. The iris images are converted on the Orb hardware into the iris code. Raw biometric data does not leave the device (unless explicitly approved by the user for training purposes)."
However, according to the [Biometric Data Consent Form](https://world.org/legal/biometric-data-consent-form) users have to sign prior to data collection, if a user needs a fully verified World ID, inevitably this sensitive biometric data will be sent to their phone, therefore leaving the Orb.
However, according to the [Biometric Data Consent Form](https://world.org/legal/biometric-data-consent-form) users have to sign prior to data collection, if a user needs a fully verified World ID. Inevitably this sensitive biometric data will be sent to their phone, therefore leaving the Orb.
After a user agrees to the form, they can keep the option for *Data Custody* disabled to have their biometric data deleted from the Orb "later", and have it uploaded to their phone (with all the risk that this entails).
@ -170,7 +170,7 @@ The other option users have is to enable Data Custody (if allowed in the user's
This means the Orb inevitably sends this sensitive data to a mobile device. Then, this data is only as secure as the mobile device is. Which isn't so reassuring.
The documentation does maintain this biometric data is sent as an "end-to-end encrypted data bundle", but this doesn't mean the data never leaves the Orb, it just means it leaves it while encrypted (which is really just the basics), and copies it to the user's device.
The documentation does maintain this biometric data is sent as an "end-to-end encrypted data bundle", but this doesn't mean the data never leaves the Orb. It just means it leaves it while encrypted (which is really just the basics), and copies it to the user's device.
Furthermore, future users are *strongly* incentivized to share their Image Data with Tools for Humanity, for algorithm improvement purposes. Pressure to opt in is even presented as a *convenience* option, because it would be cumbersome to have to come over for another scan after every update.
@ -202,13 +202,13 @@ If this happens, many regretful users might find themselves in [the same shoes a
Additionally, the Face Authentication section of the white paper [describes](https://whitepaper.world.org/#face-authentication) a process where encrypted facial biometrics collected from the Orb are used for authentication in the World App.
Even if this data is stored on-device, it is still biometric data getting collected by the Orb then processed by the phone app. There is no question this is sensitive and personal biometric data, and it is indeed kept outside the orb.
Even if this data is stored on-device, it is still biometric data getting collected by the Orb then processed by the phone app. There is no question this is sensitive and personal biometric data, and it is indeed kept outside the Orb.
Tools for Humanity lacks consistency in the various claims and statements found through its documentation and promotion material. It becomes difficult to know which version to trust, and if it is to be trusted at all.
### No deletion on the blockchain
Tools for Humanity's Privacy Policy declares that the company will delete all account data (when laws allow it) one month after it is closed, this is good. They also state they will delete entirely any inactive account after 2 years, and this is actually a great policy.
Tools for Humanity's Privacy Policy declares that the company will delete all account data (when laws allow it) one month after it is closed (this is good). They also state they will delete entirely any inactive account after 2 years, and this is actually a great policy.
But what happens to the World ID, transactions, and other data stored on the blockchain?
@ -246,7 +246,7 @@ The Orb itself is also an important potential attack surface. With Tools for Hum
Despite all its privacy promotion material, the World project has failed to convince privacy commissioners around the world of their supposedly good intentions. Perhaps in this case actions speak louder than words, and privacy commissioners aren't so gullible.
With the expansion the project plans this year, we can expect even more experts will examine the company's claims and challenge its "privacy-preserving" assumptions
With the expansion the project plans this year, we can expect even more experts will examine the company's claims and challenge its "privacy-preserving" assumptions.
There are many reasons to remain skeptical about these promises of privacy. Indeed, numerous countries have already suspended, fined, or called for investigation on the company's (mal)practices.
@ -266,17 +266,17 @@ The World project tried again to appeal the decision, in vain.
### Kenya and Indonesia suspended its operations
In 2023, Kenya, one of the first country where Worldcoin was available, [suspended](https://techcrunch.com/2023/08/02/kenya-suspends-worldcoin-scans-over-security-privacy-and-financial-concerns/) Worldcoin's operations citing concerns over the "authenticity and legality" of its activities related to privacy, security, and financial services.
In 2023, Kenya, one of the first countries where Worldcoin was available, [suspended](https://techcrunch.com/2023/08/02/kenya-suspends-worldcoin-scans-over-security-privacy-and-financial-concerns/) Worldcoin's operations citing concerns over the "authenticity and legality" of its activities related to privacy, security, and financial services.
The worse part is, months before the Office of the Data Protection Commissioner (ODPC) of the country had ordered Tools for Humanity to stop collecting personal information from its citizens. The company simply [ignored the ODPC order](https://techcrunch.com/2023/08/15/worldcoin-in-kenya/) and continued to collect biometric data from Kenyans. It only stopped after Kenya's ministry of interior and administration gave the suspension order later on.
The worse part is that months before, the Office of the Data Protection Commissioner (ODPC) of the country had ordered Tools for Humanity to stop collecting personal information from its citizens. The company simply [ignored the ODPC order](https://techcrunch.com/2023/08/15/worldcoin-in-kenya/) and continued to collect biometric data from Kenyans. It only stopped after Kenya's ministry of interior and administration gave the suspension order later on.
This again is quite far from the behavior of a company who genuinely values privacy.
More recently on May 4th 2025, Indonesia also [suspended](https://en.antaranews.com/news/353861/indonesia-suspends-worldcoin-world-id-operations-over-public-concerns) the World project's operation in the country over concerns related to user privacy and security. The Ministry of Communication and Digital will be summoning the project's local operators to clarify the operations and determine potential violation of the Indonesia's electronic system regulation.
More recently on May 4th, 2025, Indonesia also [suspended](https://en.antaranews.com/news/353861/indonesia-suspends-worldcoin-world-id-operations-over-public-concerns) the World project's operation in the country over concerns related to user privacy and security. The Ministry of Communication and Digital will be summoning the project's local operators to clarify the operations and determine potential violation of the Indonesia's electronic system regulation.
### German regulator ordered GDPR compliance following investigation
In December 2024, the German regulator, the Bavarian State Office for Data Protection Supervision (BayLDA), [issued an order](https://decrypt.co/298090/german-watchdog-cracks-down-on-worldcoin-over-biometric-data) to obligate proving deletion procedures that comply with the GDPR within one month. Additionally, the BayLDA ordered the complete deletion of certain data records that were previously collected without sufficient legal basis.
In December 2024, the German regulator, the Bavarian State Office for Data Protection Supervision (BayLDA), [issued an order](https://decrypt.co/298090/german-watchdog-cracks-down-on-worldcoin-over-biometric-data) to obligate providing deletion procedures that comply with the GDPR within one month. Additionally, the BayLDA ordered the complete deletion of certain data records that were previously collected without sufficient legal basis.
Again, the World Foundation is fighting the order and will [appeal](https://cointelegraph.com/news/german-watchdog-order-worldcoin-delete-data) the decision. The company tries to argue the data collected was "anonymized", a common strategy to try evading GDPR compliance, which does not regulate anonymized data.
@ -290,7 +290,7 @@ There is no doubt more countries and regions will follow with similar investigat
### In the United States, the app is restricted in some states
Even in the US where the company is headquartered, the app is [restricted](https://www.wired.com/story/sam-altman-orb-eyeball-scan-launch-us/) in some states. The announcement for its event this month carried a warning the World is “not available for distribution via World App to people, companies or organizations who are residents of, or are located or incorporated in the State of New York or other restricted territories.”
Even in the US where the company is headquartered, the app is [restricted](https://www.wired.com/story/sam-altman-orb-eyeball-scan-launch-us/) in some states. The announcement for its event this month carried a warning that the World is “not available for distribution via World App to people, companies or organizations who are residents of, or are located or incorporated in the State of New York or other restricted territories.”
We can also expect the project will encounter roadblocks in states that have passed [regulations specific to the collection of biometric data](https://www.huschblackwell.com/2024-state-biometric-privacy-law-tracker). This includes states like Illinois, Texas, Washington, and Colorado.
@ -316,7 +316,7 @@ The amount of money invested in the project means there will be an incredible pr
The well-known dating app Tinder has already partnered with World ID to verify the age of users in Japan. If this experiment works well, and if users comply without objection, this could be soon mandatory for *all* dating apps.
Let's not stop at dating apps, the World project has already announced last week they will also be working with Razer to verify humanity of online gamers. How far can this go in the age of age verification? Will every online games with mature content soon require a World ID to play?
Let's not stop at dating apps. The World project has already announced last week they will also be working with Razer to verify humanity of online gamers. How far can this go in the age of age verification? Will every online games with mature content soon require a World ID to play?
What about social media? Tools for Humanity's team have insisted the age of AI made us incapable of detecting if we are interacting with bots online. Therefore, they must valiantly come to our rescue to verify our humanity scanning our eyeballs (which bots tragically lack). What if this human verification is expanded to all our social media accounts? Certainly, regulators pushing for authoritarian age verification online would be delighted by such a product.
@ -324,7 +324,7 @@ Then, it comes for our money. The everything app of course offers payment and mo
Imagine a single app, owned by a single for-profit corporation, that collects and processes all the data from all your transactions online, all your communications online, that you absolutely have to continue using for your other social media accounts, your gaming life, and your dating life.
There could soon be no way to escape the grasp of World's everything app. Actually, [some governments](https://www.theregister.com/2025/05/04/sam_altman_startup_world/) (Taiwan and Malesia) have already started using it for official services, because why not.
There could soon be no way to escape the grasp of World's everything app. Actually, [some governments](https://www.theregister.com/2025/05/04/sam_altman_startup_world/) (Taiwan and Malaysia) have already started using it for official services, because why not.
**The ways this could degenerate fast into full dystopia are infinite**, and very real.
@ -364,7 +364,7 @@ Even if this process was perfectly secure and perfectly private (which it is def
This isn't limited to Tools for Humanity, although the way the company tries to advertise itself as a privacy-first organization makes it even more important to scrutinize.
But anyone else with a similar approach to biometric data collection for verifying humanity or age or legal names should be on our radar. Moreover, if it's a for-profit corporation with the power to impose this technology on us everywhere in the world.
But anyone else with a similar approach to biometric data collection for verifying humanity or age or legal names should be on our radar. Moreover if it's a for-profit corporation with the power to impose this technology on us everywhere in the world.
One company should never have such power.
@ -372,7 +372,7 @@ Further, biometric data should never be used for trivial purposes like "proof of
The premise itself is flawed from the start to respect privacy rights.
While the problem of proving identify can still be an important one to solve in *some* context, the solution to this can never be monopolized by for-profit corporations.
While the problem of proving identity can still be an important one to solve in *some* context, the solution to this can never be monopolized by for-profit corporations.
Regardless of Tools for Humanity's intentions and efforts to convince us to trust them, any similar technology is just another step towards a global system of mass surveillance, where ultimately privacy rights and human rights are lost.