I think their plan is that if you re-scan your eyes the system revokes any previous (sold/stolen) identities associated with your eyes and issues you a new one, like a password reset process. This doesn't help if someone can use a leaked hash to trigger the reset process though.
Is there any reasonable way to make this work that doesn't involve the company keeping plaintext copies of Iris scans and/or retaining the ability to arbitrarily reset account keys on the ledger (such that users have to trust them to behave honestly)? What happens if a modified Orb is used to dumo the scans and then later trigger a fake reset?
