> unchangeable biometrics

Except for, say, glaucoma, detached retinas, injuries, all sorts of stuff that can impact the eyes.

Sorry, you've been involved in a serious accident, you can no longer get your money!

They address this in the whitepaper[0]:

> To validate the quality of the algorithms at scale, their performance was evaluated by collecting 2.5 million pairs of high-resolution infrared iris images from 303 different subjects. These subjects represent diversity across a range of characteristics, including eye color, skin tone, ethnicity, age, presence of makeup and eye disease or defects.

> It is important to note that many health conditions, like cataracts to a certain degree, do not impede iris biometrics. Already today, iris biometrics surpass the inclusivity of other PoP verification alternatives like official IDs since less than 50% of the global population has digitally verifiable identities. However, if the proof of personhood mechanism becomes essential for society, it is important that eventually every single person can verify if they want to. Although not currently established, there could be specialized verification centers to facilitate alternative means of verification for individuals with eye conditions, via e.g. facial biometrics. The introduction of alternative means of verification for World ID could potentially create loopholes.

[0] https://whitepaper.worldcoin.org/

Issue is that if I lose my eyes I am suddenly both blind and poor at the exact moment where being poor has the most negative impact

So eyeless people have to jump through extra hurdles that the rest of us don't have to. The Worldcoin grand misvision is that their terrible World ID would be required to get government benefits, and yet makes it harder for some of the people who most need them to get them.

I don't 'believe in' or support Worldcoin, but I don't think it's realistic to expect any one verification system will serve everyone who needs/wants any given service. Government ID, and even governments themselves don't serve everyone in need.

They're talking about using it for things like government benefits.

The moment they opened that can of worms, they're on the hook for making it serve, at the minimum, everyone that the current government mechanisms serve.

I'm using eyeless people as an example here, because it's the obvious case of people who can't possibly use Worldcoin even if they wanted to. The direct implication today is that blind people would lose their benefits under Worldcoin. If that's not true, then either.

1. Government doesn't actually need Worldcoin's ideas as much as Worldcoin hopes they do.

2. There are workarounds that don't require Worldcoin, in which case let's just use those in the first place.

Again, I'm not a Worldcoin supporter, but...

'Blind' is a much larger category than 'eyeless', and I think you're making the implicit assumption that the government's current identity verification methods work much better than they really do. Just look at the HN post yesterday about the woman whose identity was stolen and used to import 'counterfeit' goods. Worldcoin's system may not be perfect, but having it as an option might have helped in a case like that.

Isn't this system supposed to be better than government ID? If it has the same disadvantages, why would anybody use it?

Again, I am not a Worldcoin booster, but I also didn't say it had the same disadvantages. Everything has trade-offs, and Worldcoin has definite advantages against using a small piece of plastic with a bad 2D picture on it.

A government ID is a lot more than that. I have an official ID card that has:

- A bunch of personal identifying data including a unique number (which is as much of a secret as my name or my date of birth)

- A bunch of old-timey security stuff like thumbprint and signature

- An RFID chip containing all this info, ICAO 9303 compliant

- A PIN protected certificate that I can use to sign documents digitally

- Several security measures to make falsifying it very hard

Everybody who lives in this country has one of these, and these features are not uncommon for ID cards to have in other countries. It also has the full backing of the state, which means that if I lose it I can easily get a new one, and is very illegal for somebody to use it to impersonate me, or to create a false one.

I'm not sure what advantages I or my fellow citizens would gain by moving to a distributed system in charge of some foreign capitalists who have never even been to this country.

Id imagine fingerprints will probably be sufficient no? Surely there are other biological identifiers that will serve as a functional replacement?

Maybe, but who knows? The Worldcoin people are making this a problem, so it's up to them to fix it without increasing the burden on people who can't use it as-it.

When did this become a worldwide standard?

There are many cases where those making a problem never fixed anything. In fact too many cases throughout history to enumerate.

Can the blind auto-opt-out of retina scans - I mean, they cannot argue for or against validity of their retina/eye scans in any format.

Isn’t it the same as losing your keys, phone, wallet, passport, etc.?

Is a medical condition the same as carelessness? Probably there is some overlap, but no, they are not the same.

The overlap GP is suggesting is that society has ways for owners who lose their passports and keys to nonetheless keep owning their stuff. Replacing lost passports and keys is slow and inconvenient, but possible.

Yes, basically there is no perfect solution, people are complaining about air at this point.

Good point, and I'm not saying giving control to this random group makes sense, but at the same time, actual governments seem to be completely failing.

The plan that governments have for resolving the geopolitical and economic problems seems to be WWIII. And then things like WorldCoin, but very poorly implemented, and people already distrust the government so much that those ideas never even reach lawmakers since they know they won't be accepted.

The thing is though that humans may not be able to survive without a truly functional international government. And it also has to integrate with technology since that is ubiquitous now.

There just isn't a way to do it without some kind of identification.

Not trying means we will still descend into a cyberpunk dystopia.

And then after hundreds of millions die in WWIII, we would still end up getting our irises scanned. It would just be administered by the superintelligent Chinese police robots. And we would also all have to learn Chinese and would be subjected to the CCP's social credit system.

The threat is so broad that giving examples is trivial. One that immediately comes to mind: Imagine science discovers that 99% of people with a certain feature in their iris is likely to develop colon cancer. The discovery leads to insurance companies purchasing iris data from OpenAI behind the scenes. A lot of poor people suddenly would get insurance mysteriously declined, or their policies would include a hidden clause in fine print stating that colon cancer is not covered.

sometimes I forget that most people on HN live in uncivilized countries like the USA

In normal countries that would mean we could save thousands of lives by warning people without even having to test them. Since denying insurance because of some random data from a data broker is completely illegal in any civilized country.

You should stop tilting at windmills about a completely hypothetical example just to get your dunk in on the US like this.

Agreed, there's plenty of real examples one can use, no need to invent new ones.

It’s completely illegal in the US too. Health insurers are extremely limited in the information they can use to price coverage, and in general they can’t outright deny coverage at all.

Awesome, I love it when my questions are trivial to answer.

But I'm not sure how a company such as OpenAI would connect iris data to colon cancer cases. How would they even access iris data? let alone connect iris data to personal identity? I don't see a way of doing that within the Worldcoin framework.

> Your biometric data is first processed locally on the Orb and then permanently deleted. The only data that remains is your IrisCode. This IrisCode is a set of numbers generated by the Orb and is not linked to your wallet or any of your personal information. As a result, it really tells us — and everyone else — nothing about you. All it does is stop you from being able to sign up again.

> As a result, it really tells us — and everyone else — nothing about you. All it does is stop you from being able to sign up again.

Which means it tells them something about you.

What about this scheme prevents identification through somebody scanning your iris to get your hash on the pretext of a legitimate purpose, then connecting your hash to your actual identity and passing it on?

This seems like a large risk, considering how many companies exist entirely to compile data from disparate databases into a single record. The existence of those sorts of businesses is why there is no such thing as an anonymous unique identifier.

How would they go from iris data to World ID (hash)?

Also, World ID is anonymous because the service one uses it with does not recieve the ID, not because they recieve the ID without one's real name. In other worlds, you can sign up to a service using at once both World ID and your real name and they will still have no way of connecting your World ID to your real name.

>Which means it tells them something about you.

Nah, don't think so, that's the point of zero knowledge proofs

Imagine choosing a single password that can’t be changed. Sure, you can’t forget it, but if someone ever discovers it, you’re toast.

The fallback is probably 2FA. But we already use 2FA.

Exactly right. Biometrics are more like usernames than passwords. They are on display for all, and immutable. I should be able to change my password. Ideally username too, but not an expectation most sites hold to.

I'd rather not have my username indelibly linked to my identity. for example, I should be able to delegate to my accountant, or let my kids do stuff on my steam account, etc. Not to mention using an indelible ID that is cross-site, meaning i have to use the same username on all suchlike sites and services. The temptation of having that singular id is so great, it is inevitable it will be known to all — including those corrupt governments who will use it for enhancing their power.

I honestly don't see an upside. Combine this with web attestation and I shudder a bit.

I don't think biometrics are used as usernames or passwords in the Worldcoin system.

I don't think any such data leaves the Orbs, as far as the Worldcoin system in concerned.

Yes, exactly. People keep trying to use them for authentication for some inexplicable reason. They should only be used for identification, if at all.

It should be used as authentication-of-personhood, but not exactly as a username or password.

Authentication of personhood does not require individual identification.

I guess "authentication of unique personhood" would though.

I don't think I would be toast - I can still have a unique password for each account I have.

Also, I can presumably regain possession of my World ID credentials by visiting an Orb.