Worldcoin has released the results of a third-party audit conducted by Trail of Bits focused on its iris-scanning Orb technology.
According to a recent report, Tools for Humanity (TFH) and the Worldcoin Foundation enlisted Trail of Bits to perform a detailed audit of the Orb’s software. This audit went beyond standard security checks to assess specific privacy and functionality aspects of the Orb.
Read the report from a highly specialized audit of the orb’s software conducted by the security experts at @trailofbits https://t.co/jVNuG20GzM
— Worldcoin (@worldcoin) March 14, 2024
The audit investigated Worldcoin’s Orb devices, focusing on how they handle and secure user data. The findings indicated that the devices do not store personal information, except for iris codes, which are encrypted and uploaded for verification purposes.
TFH outlined several technical claims to guide the audit, focusing on the Orb’s software as of its July 8, 2023 version.
During the default opt-out signup process, the Orb is designed to collect only the user’s iris code, avoiding any storage or transfer of personally identifiable information (PII) other than this.
The goal is to ensure no PII is written to the Orb’s persistent storage or uploaded from the device, except for the iris code.
For users opting into a more data-inclusive signup flow, any PII saved on the device’s SSD is encrypted asymmetrically, making it inaccessible for decryption by the Orb itself.
The audit also verified that the Orb does not pull sensitive information from a user’s device. The only data collected is encapsulated within a QR code scanned by the Orb.
The handling of a user’s iris code was scrutinized for security. It was confirmed that the iris code is not stored
Read more on cryptonews.com