Worldcoin's Orb Software Clears Third-Party Audit Amid Privacy Controversy
Summary:
Worldcoin, a human identity verification project, has received a software audit that found no exploitable vulnerabilities, according to a report set to be fully released on March 14. Amid privacy concerns regarding iris-scan data, cybersecurity firm Trail of Bits conducted the audit and offered enhancement recommendations that Worldcoin has implemented. The authenticity verification tool continues to face debate over privacy practices, notably from Spain's Data Protection Agency, which has issued an injunction requiring further examination of the project's adherence to data protection laws.
Worldcoin, a human identity verification project, has successfully undergone a third-party examination of its Orb software, according to a draft report dated March 14 viewed by Cointelegraph. The review was conducted by Trail of Bits which found no direct exploitable vulnerabilities related to the project's objectives, said the document. The full report by Trail of Bits is due to be released on March 14, as confirmed by an email from Worldcoin. With Worldcoin, individuals can confirm they are human by registering via phone number, email, or an iris scan performed by a device known as an "Orb". This process gives the user a "World ID" that serves as proof of their humanness. The project was initiated by Sam Altman, also a co-founder of OpenAI, the company behind ChatGPT. Altman confessed that Worldcoin was a response to concerns about AI bots potentially impersonating humans convincingly. Critics concerned with privacy have expressed disapproval towards Worldcoin due to the potential danger of iris-scan leakage to hackers or government bodies, which could expose a person's activities associated with their World ID. Trail of Bits started its evaluation on August 14, 2023, as per the Worldcoin report. The firm was provided with version 3.1.10 of the software, frozen for review on July 8, 2023, while the active version at the time of reporting was 4.0.34. The auditors reportedly spent six weeks probing for software vulnerabilities, considering various ways a hacker could gain access to an iris scan. However, the investigators reported that no such exploitable issues were detected in the Orb's code. The report holds that extraction of the iris code from Orb would require control over one of the trusted certificates. Enhancement recommendations were made by the auditors which included strengthening the signup process and replacing the ZBar, a QR code scanning library, with a rust version, to avoid potential "memory safety" leaks. Both recommendations were put into effect by the Worldcoin team. The worldcoin privacy practice debate is set to linger. On March 6, the Spanish Data Protection Agency (AEPD) imposed an injunction on the project, citing the need to examine claims of Worldcoin breaching data protection legislations. In retort, Worldcoin denied the violations and accused the Spanish government of circumventing EU law by issuing the injunction.
Published At
3/14/2024 5:04:36 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.