📰 Table Of Contents
Worldcoin’s Iris-Scanning Orb Technology Audit
Worldcoin recently underwent a third-party audit by Trail of Bits to evaluate its iris-scanning Orb technology. The audit focused on privacy and functionality aspects of the Orb’s software.
Overview of the Audit
- The audit by Trail of Bits was commissioned by Tools for Humanity (TFH) and the Worldcoin Foundation.
- It delved into how Worldcoin’s Orb devices handle and secure user data.
- Findings revealed that the devices do not store personal information, except for encrypted iris codes used for verification.
Privacy Measures of Worldcoin Orb
TFH provided technical guidelines for the audit, emphasizing the following:
- The Orb collects only the user’s iris code during the default opt-out signup process.
- No personally identifiable information (PII) is stored or transferred, except for the iris code.
- For users opting for a data-inclusive signup, any PII saved is encrypted and inaccessible for decryption by the Orb.
- The Orb does not extract sensitive information from the user’s device, only data encapsulated within a QR code is collected.
Security Measures for Handling Iris Codes
The audit confirmed the following security measures related to the handling of a user’s iris code:
- The iris code is not persistently stored on the Orb and is transmitted securely to pre-approved servers.
- It is sent in a single request to the backend, secured by end-to-end encryption.
Conclusion by Trail of Bits
Trail of Bits stated that no vulnerabilities were found in the Orb’s code that directly compromise the project goals. Any identified concerns have been addressed in the updated code.
Ian is a cryptocurrency enthusiast blending humor with professionalism. With an engineering background and a storyteller's heart, he simplifies the blockchain world with sharp analysis and a touch of wit. At Cryptowire, he brings his unique perspective to make digital financial innovation accessible to all.
