February 11, 2025
Blockchain

https://www.xataka.com/privacidad/que-firma-que-cede-really-adolescente-when-deja-que-worldcoin-le-escanee-iris

  • February 21, 2024
  • 0

A walk through any of the main shopping malls in major Spanish cities has a common stop: checking out why hundreds of people, mostly very young, are lining

https://www.xataka.com/privacidad/que-firma-que-cede-really-adolescente-when-deja-que-worldcoin-le-escanee-iris

A walk through any of the main shopping malls in major Spanish cities has a common stop: checking out why hundreds of people, mostly very young, are lining up in front of stalls containing only some mysterious chrome spheres. They are the ones who allow Worldcoin to scan your iris in exchange for a cryptocurrency worth tens of euros.

At its peak three months ago there were 10,000 weekly registrations. Today there are almost 400,000 verified users in Spain. And with this explosion came this: Increasing concerns about the impact on our privacy, Including complaints to AEPD.

We went to Worldcoin’s privacy and data processing policy to find out exactly what its users are agreeing to.

From image to image to chop and unknowns about the future

When a user agrees to have their iris scanned, they are not signing a physical document but giving digital permission for the company to collect biometric information from their iris. Worldcoin ensures that the iris image is stored in each sphere’s RAM memory so that it is instantly discarded as soon as it is converted into a sphere. to chop This allows them to create a unique identifier for each person from the iris image. Basic cryptography with a solid foundation.

This approach, based on the process Worldcoin claims to follow, prevents an attacker from accessing already stored iris images, but the question remains. What happens if you take control of the spheres without detecting the company? and whether this would allow it to collect scans from that point, including images of the irises.

Worldcoin Sphere

Worldcoin Globe. Image: Worldcoin.

In case of information theft from Worldcoin, Here’s what the attackers would get: to chopnot the image of every user’s iris. HE to chop is a simple combination of characters (for example, something like __LKJmneERkYnV-9SddH7XMfsP-EXXK). This is how the sphere system, based on Daugman’s algorithm, transforms something identifiable, recognizable and human-attributable (a detailed image of the iris) into something anonymized. Worldcoin ensures that it is not possible to reverse and transform information. to chop in the original iris.

But we don’t know what might happen in the long run and whether there is a way to control it. to chop It corresponds to the iris of a particular person. Later It would be impossible to separate that person from that identity..

If someone steals our password or credit card number it could cause serious damage, but these are data we can change. What we cannot change is our iris. Can this biometric data be used to impersonate a person in any system that uses this authentication method? It is a risk that exists in the long term.

another way fraud. Although at one point it seemed counterintuitive to us that someone could spoof the phone number they were calling from, it has become possible for anyone with certain knowledge. And so the phone scams were successful, resulting in their life savings ending up in someone else’s pocket.

Who can guarantee that our iris’s biometric information will not allow identity theft within a few years if an attacker gains access to the database or the sphere itself doing the scanning?

Moreover, Worldcoin combines this to chop with the user’s personal information. Especially your mobile phone numberIn a country like Spain, it is something that is linked to the identity of its owner. And the company stores this aggregated data.

We were able to confirm this thanks to one of the people who allowed Worldcoin to scan their irises. He did this in the summer of 2023 and asked the company for information it had kept about him; this is a claim that should be addressed under GDPR liability.

This is the pixelated PDF of the user data Worldcoin provides you:

Worldcoin PDF

Picture provided.

Finally, in your biometric data consent form Worldcoin clearly states that the information we provide to you may be shared with third parties.. This ensures that third parties store information securely and prohibit other companies from using it for their own purposes, as well as ensuring that it is handled in a manner consistent with their commitment to our privacy.

Good will accompanied by some precautions as a guarantee, but ultimately adds potential attack vectorsBecause the trust we need to have in Worldcoin for our biometric information is also added to the trust we need to have in other companies we do not know.

The types of companies Worldcoin says it may share data with include cloud services, cybersecurity, software or database developers, and infrastructure.

It is also worth mentioning this. to chop What is created from our iris cannot be erased once we create it. We can exit the application, but that code will remain there until Worldcoin requests it.

Moreover, Worldcoin is legally protected against inaccuracies and information theft in its system.. On the one hand, he acknowledges that the spheres can give false positives and recognize people whose irises have never been scanned there as registered users.

On the other hand, he also explains: tokens Since the use of the service may be subject to attacks and theft. This service is where WorldID, an authentication mechanism through eye scanning, resides.

Risks accepted but not assumed

The company also clearly states in its terms and conditions: In case of theft, no compensation or refund will be given to users. It is caused by a bug or software weakness.

Some regulators in certain countries, such as France, have already announced investigations into Worldcoin. In Spain, AEPD confirmed that it had received some complaints regarding data processing and that these were under analysis.

There are other sensitive precedents. As published by MIT Technology Review Following an investigation in 2022, the company used “deceptive” marketing practices and collected more data than it admitted. The fact that it began operating in developing countries, where many of their residents have specific income needs, did not help alleviate doubts.

One of these countries was Kenya, where this service quickly became popular and some globe operators took advantage of this service. use this allowed them to create multiple identities for the same person. This occurred before the country’s government suspended all operations.

Worldcoin has built its WorldID and iris scanning system to maximize security and comply with privacy regulations, but It is not exempt from risks that the company itself recognizes and protects against in its legal texts. Regardless of the consequences, it will be each user’s responsibility to evaluate whether it is worth facing these potential risks for the payment received.

These risks are accompanied by proof of identity based on biometric information that we cannot change or discard, unlike a password to a web service or a phone number that can ultimately be changed: our iris.

Featured image | v2osk on Unsplash

in Xataka | In return I scanned my iris tokens free: Worldcoin shows the way for those waiting for us with digital identity

Source: Xataka

Leave a Reply

Your email address will not be published. Required fields are marked *