> While Worldcoin may have developed an algorithm that reliably distinguishes unique irises among its test pool, it’s not clear that it will work with a pool orders of magnitude larger.
This is a really key problem. The main application of biometrics today is in cell phones, and for those we operate on the assumption that we're trying to distinguish between the authorized user and a quite small pool of non-authorized people who will have physical access to the device: family members, friends, co-workers, and the occasional thief. This threat profile allows the biometric algorithm to err on the side of usability—it's more important that the algorithm consistently open the phone when shown the user's fingerprint or face than it is that there be no other human being on the planet who could open it.
Worldcoin has a very different threat profile, and it's not obvious to me that is possible to have a usable biometrics system (with an acceptably low false negative rate) that also has absolutely zero risk of hash collisions when the pool of unique people you need to distinguish is the size of the entire planet.
This is essentially the Birthday paradox. You need a quadratically better false match rate to deduplicate than to authenticate.
It’s also why Worldcoin went with Irises (highest entropy among biometrics), custom hardware, custom optics and an in-house trained algorithm.
The Iriscode (if it's the same as Daugman's iriscode) has tested so far to have 249 bits of entropy, or over 10^74 combinations [1]
So even with the birthday paradox you'd need 10^37 people before having a good chance of a collision, which is rather more than we are likely to have in the next few centuries.
Of course, it's possible that there are some subpopulations who don't have this amount of entropy in their irises, most obviously the small number of people who have a birth defect such that they are born without eyes.
This is a really good comment. But of course the problems in authentication and de-duplication are also different in that you care about adversarial false-positives much more once authentication is the goal. As I understand things, Worldcoin claims the retina scans won’t be used to control funds (or other services.) I am skeptical that many of those users will retain their non-biometric wallet credentials long-term, which will leave you with a database of biometric credentials that will have to be used for authentication if you want to use those credentials for anything important in the future.
> the pool of unique people you need to distinguish is the size of the entire planet
Not merely the size of the entire planet. If they hope that this scheme lasts in perpetuity, it will need to distinguish between all individuals who will ever be born.
I'm not sure that matters. I got scanned yesterday. Once you've done the scan they give you a crypto wallet with a private key and I think that's the last time you have to scan. It's only really there to stop me going up a second time to get more free tokens. If someone with the same irises tries to sign up I guess a human will have to decide if they are genuine or a scammer. Not a big deal I think.
I'm not even talking about intentional Sybil attacks, I'm talking about the very real possibility that people get excluded from this system because the system mistakenly identifies them as having already scanned in.
If the goal of this is really as ambitious as they claim, with every single person on the planet getting UBI through it, their biometric system needs to be strict enough to not conflate two people and flexible enough to match the same iris when scanned a second time for verification. I don't believe the tech is there.
Some people take cyberpunk as entertainment, some as a paraody, some as a warning, some as all of the above. And some take it as blue print worth pursueing.
EDIT: The while premise of needing a nin-centralized wax of confirming ones identity is, at its core, deeply un-demicratic. As of bow, government issued documentation confirms anyones identiy. These governments can be democratic, and are. Puting a different system in place, controlled by some tech-billionaire-liberitarian, is as dytopian as it gets. So of course VCs are investing like hell in it.
> The while premise of needing a nin-centralized wax of confirming ones identity is, at its core, deeply un-demicratic. As of bow, government issued documentation confirms anyones identiy. These governments can be democratic, and are. Puting a different system in place, controlled by some tech-billionaire-liberitarian, is as dytopian as it gets.
I deeply hate this line of logic. This exact argument was presented against the Signal messaging app in an Op-Ed in the NYT (https://archive.is/tJoem), to quote from it:
> They are a small group of people who govern these powerful tools, and they are not accountable in the way that, say, a democratically elected government is. Whether law enforcement should tap our phones on the condition that a warrant is obtained is, at the very least, worthy of public discussion. Signal has unilaterally decided for us all.
Boo hoo, math makes it so that governments (yes, even democratic ones) can't tap phones, therefore math (and the technologists who code up this math) are evil and anti-democratic.
For all WorldCoin's faults, merely attempting to offer a decentralized alternative (even if it's not a very good one!) to government proof-of-person solutions is not one of them.
>) can't tap phones, therefore math (and the technologists who code up this math) are evil and anti-democratic.
it's usually much more than that. A lot of those projects founders, including Signal's, are pursuing deeply ideological projects, "it's just math" doesn't really cut it. Many aren't just after providing services that are largely in line with existing values of privacy or what have you. Hell, Moxie wrote an actual anti-democratic treatise whose central premise was:
>"[..]Our critique is of democracy in all its various forms, whether representative or direct. We are not echoing confused cries for more democracy, we are calling for its entire abolition."
These kind of attitudes are often baked into the projects themselves, hence why there's a worldcoin and MobileCoin in Signal. Don't really need your own currency for either of those projects right?
I am all for privacy and encrypted communications. Until a legitimate law enforcent body gets a legitimate warrant against a specified organisation or individual.
Outsourcing some, or all of that to some VC backed companies, facilitating access for the various intelligence agencies, is what I have a problem with. And a crypto start-up setting out to build a global database of peoples retinas is exactly that.
> I am all for privacy and encrypted communications. Until a legitimate law enforcement....
So you're against encryption then. Simple as that.
> Outsourcing some, or all of that to some VC backed companies, facilitating access for the various intelligence agencies, is what I have a problem with.
I also have a problem with that. We should aim to build systems that are resistant to all attackers, even intelligence agencies. And like Signal, it should be impossible for companies to facilitate access for anyone, including intelligence/law enforcement.
> And a crypto start-up setting out to build a global database of peoples retinas
Perhaps you should familiarize yourself with real criticisms of WorldCoin (Vitalik has a nice critique here: https://vitalik.ca/general/2023/07/24/biometric.html), because they don't store biometric data, they only store hashes.
What's the worry here? If WorldCoin surpasses their wildly ambitious long term goals, governments won't be able to revoke someones passport for being a dissident anymore? What specific issues do you see with a successful decentralized proof of personhood system?
EDIT: Specifically, what issues does _decentralization_ bring to proof-of-personhood over government run proof of personhood, other than removing the government's ability to un-person someone.
Obviously the government can stop issuing services to a certain ID, but being run on a decentralized computing platform (plan is an Ethereum layer 2 I believe) means that they cannot stop you from interacting with other governments or with third parties.
Other than everything that they can do today to prevent you from interacting with other governments or with third parties like imprisoning you or worst.
I've always seen libertarians not as pursuers of freedom but as people who want to replace the police with a private security force.
Libertarians want to live in a world where they are accountable to no-one. It's the ultimate conclusion of capitalism: wealth makes right.
Serfdom and (sexual) exploitation for those of us who are not rich.
And these people don’t give two shits about world coin, they just want the free money the company is throwing at them. This things is doomed to fail, because the biometrics are only authenticated when you setup your account initially like in this photo. So these people can collect the sign up fee and the then turn around and sell their account to a someone else, thereby nullifying the sybil resistance of the system.
Interesting how Worldcoin chooses to start in countries where this demand exists, almost by definition the poorest countries in the world, where the infrastructure is not only barely needed, but also most likely to be abused by the same governments that created the poverty in the first place.
If you think thousands of people voluntarily getting iris scans that aren't stored anywhere is an insane dystopian nightmare, wait until you hear about the 1.3 billion people who were compelled to surrender their biometrics to the centralized, government-operated Aadhaar system.
I do not understand how this is supposed to prevent sibyl attacks?
How do they prevent fake virtual iris scanning devices from pretending that they scanned a person that doesn’t actually exist?
Or is the idea that sama is will run a centralised private identity system that aims to replace government identity management? Then why do you need crypto?
Are they trying to replace proof of stake/proof of work with “proof of being a human being”? I don’t see how the iris scanning achieves this?
I think it’s fundamentally impossible.
If you don’t have a centralised authority verifying identity, the best thing you can get is peer-to-peer federated identity verification like PGP.
But with this, identity is relative, as in “I trust a guy who trusts a gal who says this person is real”.
This is exactly the same problem as spam detection - nobody has found a good way to prevent people from generating large numbers of fake identities, short of government identity registration. The classic "Why your solution to spam won't work"[1] checklist applies.
This came up a few weeks ago on HN, with someone from a small country writing that they quit a crypto startup because they realized it was a scam. The startup was starting up an exchange, which doesn't really need a "coin". But they had to have one, so they could play games with the financial structure and Make Money Fast.
This is why there are very few real DeFi crypto exchanges. A trustless exchange, where the exchange never has custody of the money, is the way a crypto exchange ought to work. The exchange is then just a matching service - people put limit orders on a blockchain, the exchange finds ones that match, and tells both parties "go". Like the NYSE, which never owns a stock.
But there's no Make Money Fast in that. It's getting your hands on the customer assets that pays off.
It needs to be a coin so they can pocket $240m in an ICO, which is significantly easier than getting a large government contract because ICO investors are not sophisticated, largely don’t have rights, and insider trading is much easier.
It's a tip/gift/bonus/incentive for people to give away their data. And since this is a game of numbers, they knew that throwing $10-20-30 USD to about 400mn people in poor countries they would get the momentum going.
I expect Europeans to shun this.
I fear though that once they hit "1bn people" they will invoke the FOMO into the rest.
I think fake iris scanning is the least of the concerns here. The big problem, and likely reason this will fail, is there’s nothing preventing you from selling your account for a small fee after getting your initial scan to set it up. And that’s likely exactly what will happen, because they’re onboarding users in poor countries first. These users don’t give a shit about world coin, they’re simply lining up and being scanned to make a bit of easy money.
The premise is that you can make spam filtering and bot filtering and circles of trust work if you have a finite amount of accounts. Currently on the internet there are infinite accounts. If there's only a billion accounts, filtering becomes much easier.
No idea how world coin is supposed to work.. but couldn’t they get their account back by scanning their iris again? Like, I’m guessing you’re not supposed to have to scan your iris every time you use your account. But can’t the iris be like a “I forgot my password” mechanism?
AFAIK, nope. If that was the case there would be no point in buying anyone's account. If you stored value in it they could always use their iris to get into it.
The signup module is indeed a centralized system, which then records the new registration on a distributed ledger (which only someone with Worldcoin’s private key can do). From there, payment operations are done distributed on Ethereum / L2.
The signup process is always a sensitive part of a cryptosystem, and open network membership is not always expected (for instance, CBDCs, Ripple…). There is certainly a philosophical argument to be made against closed membership, since it can disadvantage people that struggle for access, and lets the company discriminate in the future once they get a stronghold, which can be especially problematic considering the primary value of human-uniqueness is to restrict voting to an in-group whose bounds historically have been heavily argued even in non-repressive regimes.
But it seems unlikely to become predominant. Some people have prosthetic eyes; I would be hard-pressed to imagine, say, Apple releasing an iPhone that is inaccessible to a population in such a significant way.
That can still be done by streaming the updates to whoever wants them (can even hash each chunk of updates, and include the hash of the prior chunk in each chunk, to get a linked list of chunks, which would prevent undetected manipulation of prior chunks).
It’s a value of the database play and graph databases (association, social credit) gain most of their value (like social networks) from scale. You don’t have to have great data, but you need a LOT of data, for them to serve the purpose.
There is a lot of room for systems that are the silver standard and the math enables a great deal of reliability for those outside of the traditional financial systems (many people). It doesn’t have to be perfect, it just has to be good enough.
>How do they prevent fake virtual iris scanning devices from pretending that they scanned a person that doesn’t actually exist?
Each scanner is registered, authorised, tracked etc. Presumably with a private key but also I think they have the location, operator details and so on for every one.
Of course it will be centralized! There is no cryptocurrency that isn't. Cryptocurrencies can't scale without centralization, and there's no way to interface with the real world without some sort of trust.
Lots of good analysis here, with the main flaw (imho) coming in last*. The WC team may be book smart, but not experienced or wise, especially in building complex systems with high integrity and assurance. They cut too many corners, take too many intellectual shortcuts, assume away too many hard problems, minimize important constraints inherent in their chosen architecture, and clearly haven't really thought it all through. Wishful thinking is no substitute for sound engineering. All red flags of a project doomed to fail.
*> A black market for Worldcoin accounts has already emerged [1] in Cambodia, Nigeria, and elsewhere, where people are being paid to sign up for a World ID and then transfer ownership to buyers elsewhere — many of whom are in China, where Worldcoin is restricted. There is no ongoing verification process to ensure that a World ID continues to belong to the person who signed up for it, and no way for the eyeball-haver to recover an account that is under another person’s control. Worldcoin acknowledges that they have no clue how to resolve the issue: “Innovative ideas in mechanism design and the attribution of social relationships will be necessary.“ The lack of ongoing verification also means that there is no mechanism by which people can be removed from the program once they pass away, but perhaps Worldcoin will add survivors’ benefits to its list of use cases and call that a feature.
Relatively speaking, scanning your iris and selling the account is fairly benign. But depending on the popularity of Worldcoin, the eventual price of WLD, and the types of things a World ID can be used to accomplish, the incentives to gain access to others’ accounts could become severe. Coercion at the individual or state level is absolutely within the realm of possibility, and could become dangerous.
I can’t imagine how naive you have to be to not see account selling as a massive problem. Especially when your plan is to first onboard users in poor countries. Why would these people do anything other than signup and immediately sell their accounts, for what may amount to a month or two of normal pay, just for waiting in line and getting scanned. I find it crazy that they claimed their system is Sybil resistant when it had this most obvious flaw. Maybe they don’t really give a crap and just wanted to collect that sweet sweet VC money.
Sure, yeah, maybe that's all it is, a scam that's totally transparent and obvious to every random internet commenter but totally non-obvious to the simple and gullible marks on Sand Hill Road.
Or maybe, just possibly, there might be more to it.
Perhaps it takes a little more effort to understand than just piling on to the reflexive groupthink cynicism which passes for conventional wisdom around here.
(Disclaimer: I have no association with this project, haven't gotten my irises scanned, don't own the token, haven't invested any effort to understand it. But I've been around long enough to recognize the smell of reflexive groupthink cynicism, and to profit by betting against it.)
> but totally non-obvious to the simple and gullible marks on Sand Hill Road
You mean the ones who also invested in Theranos, WeWork, and FTX? They don’t always make the wisest investment decisions. They’re not complete idiots, but they’re sucsceptible to same biases and misjudgements as the rest of us. And I’m sure they‘re aware of some or all of WC’s flaws, and are just investing b/c Sam Altman, or because they invested back in the 2018-2021 crypto bubble. There’s also some time pressure, they’ve gotta put that money somewhere within a year (standard VC LP contract), or give it back.
> Perhaps it takes a little more effort to understand than just piling on to the reflexive groupthink cynicism which passes for conventional wisdom around here.
Molly already put extensive effort into just that in the OP, as did several other folks she references and links to. If you have any critiques of her critiques and why she may be wrong, love to hear it. But without that, it’s not her or us that’s being reflexive here.
> Sure, yeah, maybe that's all it is, a scam that's totally transparent and obvious to every random internet commenter but totally non-obvious to the simple and gullible marks on Sand Hill Road.
You write this like it's an absurd notion, but we've already been through Juicero, WeWork, Theranos, Nikola, and FTX among others.
I’m not saying it’s a scam, just that it seems their system isn’t really Sybil resistant due to the issue of account selling. And if that’s the case they either didn’t think this would be an issue, or they expected it but don’t really care, and the claim of Sybil resistance is just marketing. Is this wrong in some way you’d like to explain?
I can't explain anything about this project because I haven't invested the effort to understand it.
Maybe I'll spend the 20 minutes to read the 5000 words in Molly White's article, and then another couple hours to read the whitepaper, then another who knows how many hours researching the claims and counterclaims to make my own judgment.
But probably I'll never do any of those things, and I'll still have high confidence that the project probably isn't simply a scam for sweet, sweet VC money, or unimaginably naive, or full of fatal flaws that every rando can identify instantly.
Because in the past, when anonymous internet commenters are of one mind that a new thing is a scam or fatally flawed, while the team behind the new thing are highly capable, with good reputations for not being scammers or unimaginably naive, usually the anonymous internet commenters don't understand what's really happening.
And then I'll ctrl-f the whitepaper to search for 'sybil' and discover that the arguments in this thread are already discussed in the whitepaper, which gives me even more confidence that the hivemind conclusions of scamminess or naivete are most likely uninformed.
Once again, I never claimed this was a scam. I'm simply pointing out that the system has an inherent flaw regarding account selling, which makes it not sybil resistant, as claimed by the founders. I usually give projects the benefit of the doubt, but I've never heard Sam or the other founder talk about this major issue with their system design.
> Perhaps it takes a little more effort to understand
If that's the case, then isn't it on WorldCoin to educate us? Their communications so far have apparently been insufficient, if people are rejecting the scheme merely because they don't understand it.
I am going to be downvoted to death, but it is clear from last year events that Sam Altman is truly that kind of "Blade Runner/Robocop(1)"-like antagonist character that has a narcissistic drive to destroy the world just so he can show everybody he is saving it.
(1) Pick your 80's Sci-Fi movie dystopia that fits here.
It's not about me protecting some billionaire that doesn't give a shit about me. It's about protecting reasonable discussion and trying to keep discussion in reality instead of it just being an echo chamber of "ai man bad". If I just wanted to see outrage and shitting on someone without substance I'd go read reddit and twitter.
Plenty of evidence... of which still none is being presented neutrally.
There is a bunch of evidence in the article we're commenting on. Good faith assumption that people have all read the article before commenting is (supposedly) a premise of HN's culture. In practice, many people who comment are responding solely to a comment or to the title presented.
Remember, Sam Altman is the guy who made open AI into closed AI, and he’s the cofounder of this. If you think he has any intent of making this an open decentralized system that benefits people you’re likely mistaken.
He's said that he doesn't take any stock. I don't know why so many people thing this is strange. He's already immensely rich. While this role might not make him richer, but it does give him huge amounts of power and influence.
>there is no “password reset” when it comes to iris data
This is the most critical part, I think. If my Iris scan is leaked (which is not hard to do, from modified Orbs, similar to credit card skimmers, to mobsters scanning people's irises under threat of death), my identity will be stolen and I can't do anything about it. Do they have at least some sort of 2FA?
I think their plan is that if you re-scan your eyes the system revokes any previous (sold/stolen) identities associated with your eyes and issues you a new one, like a password reset process. This doesn't help if someone can use a leaked hash to trigger the reset process though.
Is there any reasonable way to make this work that doesn't involve the company keeping plaintext copies of Iris scans and/or retaining the ability to arbitrarily reset account keys on the ledger (such that users have to trust them to behave honestly)? What happens if a modified Orb is used to dumo the scans and then later trigger a fake reset?
(Scanned yesterday). I don't think this is about identity. You don't have to give any when you scan - you can claim to Mickey Mouse for all they care. It's more a way to distribute shitcoins evenly.
If you're trying to build a world where a person's iris is their unique proof of personhood, then you are building a world where people without eyes are not people. I cannot see a way around this.
This shouldn’t be downvoted. I have heard OP’s joke. That it could come across as anti-Semitic, despite almost never being intended that way, is a good heads up.
It disappoints me to see anyone discussing this on technical merits when the whole thing is a laughably bad idea. It really just needs to be buried into the ground before it gets started.
The world would be significantly worse off if it just ran on your gut instincts. In the particular case of Worldcoin it's still bad once you understand the details but that's just luck.
I feel like the world would be better off if VC money was funneled into more local small businesses and "lifestyle" startups, not 100m+ "moonshots" like this. Unfortunately that doesn't "scale".
This is the most dystopian project I’ve ever seen and a total wolf in sheep’s clothing. Hell it might better called a wolf in wolf’s clothing.
I find it difficult that this kind of project is attached to Altman — it’s not a good look for someone playing around with controversial human replacement technologies capable of insane global control and manipulation.
Let’s invent a crypto that tracks every human on the planet using their immutable characteristics.
It’ll be fine. What can go wrong? This information won’t be used inappropriately I’m sure.
Never trust a rich person who wraps themselves in the cloak of human interest or says they are “of the people.” The establishment isn’t in the business of teaching you to disrupt it.
Once again it is completely ignored that the whole online identity thing is a solved problem, in the EU. Millions of Europeans use eIDAS apps daily and enjoy single-sign-on across EU websites, can sign docs, make payments etc. etc. And there’s no privacy issues thanks to the GDPR, which it turns out is not just about cookie popups
The tech is there, it works today, without crypto bullshit, and it is extremely useful. But since nobody became a billionaire out of it, nobody talks about it
Reminds how US centric a lot of crypto companies are. An advantage of crypto that often comes up is “instant and cheap money transfers”. In the UK, I transfer money to my friends instantaneously and for free using just my bank account.
> In the UK, I transfer money to my friends instantaneously and for free using just my bank account.
You can do the same thing in the US. The problem is that businesses can't easily do this without collecting bank routing information from customers, which is effectively "secret" because it allows anyone to debit money directly from their bank account, so they're reluctant to provide it.
What's needed is a low- or no-fee system for requesting payments from someone without collecting any secrets from them. The technology to do this is not hard -- use public key cryptography, or just require the customer to approve merchants before they can make debits. But the customer's bank has little incentive to implement this because the customer won't choose a different bank over it and meanwhile the banks own the credit processing networks charging the high fees.
Which is why people are looking for an external solution.
Both already exist. Setting up a direct debit generally only involves filling in a form. Sending money to someone else is as simple as authorising a payment to them with their account details.
What's needed is a better system for approving who is allowed to make withdrawals from your bank account instead of just "anyone in possession of your bank routing information" which makes customers reluctant to provide it.
This would be essentially solved with a standardized system for customers to give each merchant a separate bank account number (or equivalent) which really refers to the same bank account but could be revoked individually if that number is compromised or you want to remove the merchant's access, or could be set to automatically expire for non-recurring payments. But the banks don't have the incentive to provide this when they're the ones getting the credit card fees.
I like the idea of per merchant account numbers. Even better if we used some kind of cryptographic binding between the merchant account and your account, so it would not work for anyone else.
I don't know how it works outside of Italy but here we can make instantaneous bank transfers for free or a really small (and capped fee) to anyone just knowing their bank account without leaking any secret information.
You can also do this in the US with Zelle. Of course there's app alternatives like Venmo or PayPal too -- I don't really understand the importance / benefit of 'just using a bank account.'
The whole online identity thing was a solved problem well before that. You sign up for a service, you give them your email address and create a password, now they know who you are because you have your password, and if you forget your password they send a reset code to your email. Add 2FA as you like.
That allows you to authenticate with the service you're doing business with, which is all that ever needs to happen because centralized identity systems are just an attack for correlating your activity across services and devices.
Are eIDAS identity services even interoperable for private service providers? AFAIK public service providers use national portals that aggregate identity providers, but private service providers must have a contract with identity providers.
> But since nobody became a billionaire out of it, nobody talks about it
Here in CZ, the law was setup in a way that gives advantage to banks compared to other identity providers, these banks created one consortium, which is essentially monopolistic provider, with ~80 % market share, asking private services providers significant money for identity services.
I think how crypto springs because commercial systems are lacking (like, Mint/Plaid compared to the OFX standard for gnucash). The reason crypto seems viable is because US banking sucks. The reason these ID schemes exist is because the US doesn't have eIDAS.
Can’t wait for the EU to introduce a digital euro CBDC just like the digital yuan in China. /s
Soon it will impose savings limits, expiration dates to incentivise spending [0] all tied up to your digital identity.
When governments propose extremely unpopular policies on its people, it will be certainly used against their own people to quell and discourage protests much easily than before.
You will then realise that all these digital identity solutions such as eIDAS, digital euro and wallets are essentially no better than Worldcoin. Governments around the world would love to do exactly what Worldcoin is doing for onboarding to a future CBDC.
This is a grift I don't understand. Obviously there is no legitimate reason for it to exist, but what is the illegitimate reason? How do the people behind this scheme expect to benefit? Is it a good old fashioned pump and dump? Do they somehow expect to profit from the biometric data? Do they expect to gain political power by setting up this quasi-government? I don't get it.
The absolutism is a bit extreme, but your comparison isn't really fair either. Outside of crypto, we don't regularly see startups get loads of hype and money only to explode so spectacularly that the founders end up in jail.
> Outside of crypto, we don't regularly see startups get loads of hype and money only to explode so spectacularly that the founders end up in jail.
It is already known that the majority of unprofitable startups take tons of VC money and have regularly played the Silicon Valley playbook of 'faking it' until they are caught out in the open [0] [1] [2]. It has gotten so common to the extent where their favourite bank (SVB) went under with all these unprofitable startups crying over payroll when generating little to no revenue with inflated valuations.
We were supposed to learn from that VC pyramid scheme that has caused SVB to collapse which was so seismic that all those unprofitable startups would all have gone bust had capitalism just run its course without government intervention.
There really is no defence for continuing the constant dependence on raising VC money in unprofitable startups for years anymore after over-leveraging and injecting more cash at unjustified valuations in these startups. For this scam to be revealed so late shows how long many startups were able to get away from 'faking it'.
Yes. Moneygram, Circle and Stellar launched and aid program (Stellar Aid) that allows near instant, very low-fee and cross-border P2P payments worldwide to those in need of it. [0]
The whole thing is designed to exclude the disadvantaged and disconnect the formerly advantaged from thier funds when they face an unexpected change in ocular health.
I agree with certain sentiments, especially whether there is an actual product market fit for this, but the tech analysis here is sloppy. Molly is a crypto sceptic so suffers from confirmation bias.
Can you provide a better critique than a single-word dismissal ("sloppy")? Molly is a crypto skeptic, but that fact alone doesn't make her analysis sloppy. If you have some insights into where she's wrong, please do share.
Yeh, I have a lot of problems with Worldcoin but this isn't a great post on it or the issues. You can tell she went in with the intention to write something for an audience that hates crypto and wants to be told they're right.
As a comparison, Vitalik wrote a great, even handed analysis:
I did a pre-interview to work for one of Sam's first startups, the mobile one that had the date via GPS idea. Turned down going beyond the pre-interview due to concept and funding combination not being compatible with reality. You have to remember at that point in time Mobile OEMs were locking down GPS access through apps and Mobile Operators were attempting to pretend they were VCs.
Not every slide deck that gets money is a good slide deck!!
This is an article about Worlcoin, Sam Altman's pet project, and OP is sharing an anecdote about Sam Altman. Not sure why you find this so confusing, but I'll be happy to walk you through it slowly.
If someone had an anecdote about, say, interviewing at one of Elon Musk's earliest ventures, that's an Elon Musk story, especially if it tells you how the company is run.
I'd call that a story about interviewing at a venture that Elon Musk started. I certainly wouldn't call that a story about Elon Musk.
Let's be real here, this was a rather poor attempt at name dropping Sam. It also had nothing to do with Sam.
It also had nothing to do with how the company was run, which they'd really know very little about, given that it was a pre-interview. They turned the offer to continue down due to the concept, not how it was run.
If the person had described sitting down at an interview with Sam and discussing the way the company was run, then I'd call that a Sam story about how the company was run.
It's exhausting refuting everyone's misconceptions. I will simply say that most people, which probably includes you, don't understand the entirety of how this project works and you therefore make assumptions that are incorrect.
It doesn't store biometric data. It doesn't store any information that is useful to anyone for any purpose. The only thing it can do is tell if your iris has been scanned before. That's it. It can't reproduce what your iris looks like and can't sell any useful data about it to anyone.
It does in fact allow online activity with privacy and while remaining anonymous. There is no way to link accounts between sites unless you do so yourself.
Yes, people will sell accounts. This is fine because it still solves the problem of people being able to make infinite accounts online at present. It still creates a barrier of entry for spam where there currently is often very little or none. Inauthentic behavior online will continue but not at the rampant pace it currently has.
There's lots more I could say but I'm not going to change minds that aren't open to rational discussion and instead engage in the perpetual outrage machine that is social media and corporate news. If you have genuine curious questions that aren't easily answered by their website, feel free to ask and I will answer as best I can.
I have no affiliation other than I'm working on a personal project with their API.
This honestly feels like you didn't even read the article and are responding to what you think it says. If I'm wrong I'd be happy to have you clarify why Molly is wrong, instead of just generally asserting that people misunderstand.
> It doesn't store biometric data.
She addresses this: they do in fact store the biometric scans if you opt in, and they strongly encourage you to opt in because if you don't you'll have to periodically reverify as they tweak the algorithm.
> It doesn't store any information that is useful to anyone for any purpose. The only thing it can do is tell if your iris has been scanned before. That's it. It can't reproduce what your iris looks like and can't sell any useful data about it to anyone.
As Molly points out, you're making a huge assumption that this number that uniquely identifies your iris isn't useful information to sell to someone (or for someone to hack).
> Yes, people will sell accounts. This is fine because it still solves the problem of people being able to make infinite accounts online at present. It still creates a barrier of entry for spam where there currently is often very little or none. Inauthentic behavior online will continue but not at the rampant pace it currently has.
This is where the project really needs to figure out what it's actually trying to do. If the goal is simply to reduce inauthentic behavior on the ETH chain, then it's possible that you are right that sale of accounts doesn't matter. But if the goal is to provide some sort of UBI system, the fact that it has no way to verify who is using the account after its initial creation is a huge huge problem that will lead to massive amounts of corruption and harm if they succeed at implementing the kind of worldwide UBI they're talking about. Just look at what happens to humanitarian aid that goes into territory controlled by warlords: that's what we're talking about.
Again, Molly addresses this, so it feels like you didn't read her article.
You're right, I didn't read it. I'm responding to comments in general on this article and others, which is full of misconceptions. I didn't bother with the article itself because every single one I've read is also full of misconceptions or incomplete information or uncharitable interpretations or unsubstantiated personal attacks against Sam Altman.
> As Molly points out, you're making a huge assumption that this number that uniquely identifies your iris isn't useful information to sell to someone (or for someone to hack).
How would someone possibly use the information that you've already scanned your iris to your detriment? How does that benefit anyone?
Let me know when you've read the article, and I'll reply to your question if you're unsatisfied with her answer. I'm not going to rehash any more of the points that Molly already made.
This is a really key problem. The main application of biometrics today is in cell phones, and for those we operate on the assumption that we're trying to distinguish between the authorized user and a quite small pool of non-authorized people who will have physical access to the device: family members, friends, co-workers, and the occasional thief. This threat profile allows the biometric algorithm to err on the side of usability—it's more important that the algorithm consistently open the phone when shown the user's fingerprint or face than it is that there be no other human being on the planet who could open it.
Worldcoin has a very different threat profile, and it's not obvious to me that is possible to have a usable biometrics system (with an acceptably low false negative rate) that also has absolutely zero risk of hash collisions when the pool of unique people you need to distinguish is the size of the entire planet.