security

Ethereum’s Buterin Expresses Concerns Over Sam Altman’s Worldcoin – CoinDesk


In the post, Buterin highlights four major concerns with Worldcoin’s user authentication system, called “Proof-of-Personhood” (PoP).

Worldcoin claims it can authenticate its users without storing personal data or relying on a central authority. To obtain a “World ID,” users must scan their iris with a device known as an “Orb.” Compatible apps, like Worldcoin’s own wallet application, can leverage Worldcoin’s network of authenticated users to tailor their services and root out bots.

In his blog post, Buterin argues that this system has potential issues with privacy, accessibility, centralization, and security.

Buterin argues first that scanning one’s iris could potentially release more information than intended. For instance, if someone else scans a World ID holder’s iris, they can run it against the Worldcoin database to determine – at the very least – whether that person is in the system. In addition, Buterin says World IDs won’t be readily accessible to everyone, since getting ahold of an “Orb” device can be difficult.

Furthermore, the “Orb” is a hardware device, and Buterin alleges that “we have no way to verify that it was constructed correctly and does not have backdoors.” He adds that “the Worldcoin Foundation still has the ability to insert a backdoor into the system, letting it create arbitrarily many fake human identities.”

Finally, Buterin expresses security concerns with Worldcoin given that users’ phones could be hacked, and they could be coerced into giving out their iris scans.

Buterin acknowledges that there is no perfect solution to overcoming these issues. “There is no ideal form of proof of personhood,” Buterin writes. “Instead, we have at least three different paradigms of approaches that all have their own unique strengths and weaknesses.” Those three approaches are known as social-graph-based, general-hardware biometric, and specialized-hardware-biometric solutions (like Worldcoin).

Readers Also Like:  When It Comes to Email Security, The Cloud You Pick Matters - Dark Reading

Buterin also adds that Worldcoin has taken certain steps with its hardware that make it superior to more traditional identification schemes – particularly when it comes to user privacy. “It does seem like specialized hardware systems can do quite a decent job of protecting privacy,” says Buterin. “However, the flip side of this is that specialized hardware systems introduce much greater centralization concerns.”



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.