Trail of Bits Audit Validates Privacy and Security of Worldcoin’s Iris-Scanning Orb

  • The Trail of Bits audit serves as a validation of Worldcoin Orb’s privacy-centric design and its commitment to safeguarding user data. 
  • By confirming that the Orb solely collects and encrypts iris codes, with no storage or transmission of personally identifiable information (PII), the audit underscores the project’s adherence to stringent privacy standards. 

The findings of an independent audit carried out by Trail of Bits with an emphasis on Worldcoin’s iris-scanning Orb technology have been made public.

A recent article claims that Trail of Bits was hired by Tools for Humanity (TFH) and the Worldcoin Foundation to conduct an extensive software audit of the Orb. This audit evaluated particular privacy and functioning features of the Orb, going above and beyond regular security assessments.

The audit looked into how Worldcoin’s Orb devices manage and secure user data. Except for iris codes, which are encrypted and submitted for verification, the results showed that the devices do not save any personal information.

The Worldcoin Orb’s Privacy Scrutiny TBH focused on the program as of July 8, 2023, and included a number of technical claims to help direct the audit.

The Orb is made to solely gather the user’s iris code during the default opt-out signup process; no other personally identifiable information (PII) is stored or transferred.

The intention is to guarantee that, except from the iris code, no PII is uploaded from the device or written to the Orb’s persistent storage.

Any personally identifiable information (PII) recorded on the SSD of the device—for users who choose a more expansive sign-up flow—is encrypted asymmetrically, rendering it unintelligible for the Orb to decipher.

The audit additionally confirmed that sensitive data is not extracted by the Orb from a user’s device. The only information gathered is contained in a QR code that the Orb scans.

The security of how an individual’s iris code was handled was examined. It was verified that the iris code is sent to the backend in a single request, is not stored permanently on the Orb, and can only be transferred to pre-approved servers that are protected by end-to-end encryption.

Bits of a Trail

“Vulnerabilities in the Orb’s code that can be directly exploited in relation to the Project Goals as described” were not found, according to Trail of Bits.

The study states, “The affected code has since been updated, but Trail of Bits’ review identified some unconfirmed concerns that could theoretically affect project goals.” “No situation where the project goals would be directly compromised was found by the audit.”

Upholding Privacy and Security Standards: Trail of Bits Audit Validates Worldcoin Orb’s Integrity

The comprehensive audit conducted by Trail of Bits on Worldcoin’s iris-scanning Orb technology has provided valuable insights into its privacy and security features. The findings affirm that the Orb is designed with a strong emphasis on safeguarding user data, particularly iris codes, which are encrypted and securely managed.

With no personally identifiable information stored or transmitted, and rigorous security measures in place, the audit underscores the Orb’s commitment to protecting user privacy while advancing innovative technology solutions.

Disclaimer : This article was created for informational purposes only and should not be taken as investment advice. An asset’s past performance does not predict its future returns. Before making an investment, please conduct your own research, as digital assets like cryptocurrencies are highly risky and volatile financial instruments.

Author: Mehar Nayar

Leave a Reply