Is World's biometric ID model a threat to self-sovereignty?

Crypto Insight

26-05-2025

The crypto industry is no stranger to controversy, yet few projects have drawn more scrutiny than Sam Altman's World, formerly known as Worldcoin.
Promising to verify human uniqueness through iris scans and distribute its WLD token globally, World positions itself as a tool for financial inclusion. However, critics argue the project's biometric methods are invasive, overly centralized, and at odds with the ethos of decentralization and digital privacy.
At the heart of the critique is the claim that biometric identity systems cannot be truly decentralized when they rely on proprietary hardware, closed authentication methods, and centralized control over data pipelines.
'Decentralization isn't just a technical architecture,' Shady El Damaty, co-founder of Holonym Foundation, told Cointelegraph. 'It's a philosophy that prioritizes user control, privacy, and self-sovereignty. World's biometric model is inherently at odds with this ethos.'
El Damaty argued that despite using tools like multiparty computation (MPC) and zero-knowledge (ZK) proofs, World's reliance on custom hardware — the Orb — and centralized code deployment undermines the decentralization it claims to champion.
'This is by design to achieve their goals of uniquely identifying individual humans. This concentration of power risks creating a single point of failure and control, undermining the very promise of decentralization,' he said.
When reached out for comment, a spokesperson for World pushed back against these claims. 'World does not use centralized biometric infrastructure,' they said, adding that the World App is non-custodial, meaning users remain in control of their digital assets and World IDs.
The project said once the Orb generates an iris code, the 'iris photo will be sent as an end-to-end encrypted data bundle to your phone and will be immediately deleted from the Orb.' The iris code, they claimed, is processed with anonymizing multiparty computation so 'no personal data is stored.'
Evin McMullen, co–founder of Privado ID and Billions.Network, said that World's biometric model is not 'inherently incompatible' with decentralization but faces some challenges in implementation around data centralization, trust assumptions, and governance. A pattern of tech overreach?
El Damaty also drew a parallel between OpenAI's large-scale scraping of 'unconsented user data' and World's collection of biometric information.
He argued that both reflect a pattern of aggressive data acquisition framed as innovation, warning that such practices risk eroding privacy and normalizing surveillance under the banner of progress.
'The irony here is hard to miss,' El Damaty claimed. 'OpenAI built its foundation by scraping vast amounts of unconsented user data to train its models, and now Worldcoin is taking that same aggressive data acquisition approach into the realm of biometric identity.'
In 2023, a class-action lawsuit filed in California accused OpenAI and Microsoft of scraping 300 billion words from the internet without consent, including personal data from millions of users, such as children.
In 2024, a coalition of Canadian media outlets, including The Canadian Press and CBC, sued OpenAI for allegedly using their content without authorization to train ChatGPT, claiming copyright infringement.
World, however, rejects this comparison, emphasizing that it is a separate entity from OpenAI. The company said that it neither sells nor stores personal data, citing its use of privacy-preserving technologies such as multiparty computation and zero-knowledge proofs.
The scrutiny also extends to World's user onboarding. The project says it ensures informed consent through translated guides, an in-app Learn module, brochures, and a Help Center.
However, critics remain skeptical. 'People in developing nations, who World… has mainly been targeting up until this point, are easier to bribe and often don't understand the risks involved with 'selling' this personal data,' El Damaty warned.
Several global regulators have pushed back on World's operations since its launch in July 2023, with governments like Germany, Kenya and Brazil expressing concerns over potential risks to the security of users' biometric data.
In the most recent setback, the company faced challenges in Indonesia after local regulators temporarily suspended its registration certificates on May 5. The risk of digital exclusion
As biometric systems like World's gain traction, questions are emerging about its long-term implications. While the company promotes its model as inclusive, critics say the reliance on iris scans to unlock services could deepen global inequality.
'When biometric data becomes a prerequisite for accessing basic services, it effectively creates a two-tiered society,' said El Damaty. 'Those willing (or coerced) into giving up their most sensitive information gain access… while those who refuse… are excluded.'
World maintained that its protocol does not require biometric enrollment for basic participation. 'You can still use an unverified World ID for some purposes even if you do not visit an Orb,' it said, adding that the system uses ZKPs to prevent linking actions back to any specific ID or biometric data.
There are also concerns that World could become a surveillance tool — especially in authoritarian regimes — by centralizing biometric data in a way that may attract misuse by powerful actors.
World dismisses these claims, asserting that its ID protocol is 'open source, permissionless,' and designed so even government applications cannot tie back a user's activity to their biometric data.
The debate also extends to governance. While World says its protocol is moving toward greater decentralization — highlighting open-source contributions and the governance section of its white paper — critics argues that meaningful user ownership is still lacking.
'We need to build systems that allow individuals to prove their humanity without creating centralized repositories of biometric or personal data,' said El Damaty. 'This means embracing zero-knowledge proofs, decentralized governance, and open standards that empower individuals, not corporations.' The need for secure identity systems
The urgency behind developing secure identity systems isn't without merit. As artificial intelligence grows more sophisticated, the lines between human and non-human actors online are blurring.
'Risks at the nexus of AI and identity are not limited to any one kind of government system or region,' Privado ID's McMullen said. She claimed that without reliable verification for both humans and AI agents, digital ecosystems face growing threats—from misinformation and fraud to national security vulnerabilities.
'This is a national security nightmare, where unaccountable, unverifiable non-human actors may now be able to engage with global systems and networks, and legacy systems are not built for these types of verification and contextual logic,' McMullen added.
Source: https://cointelegraph.com/news/world-biometric-id-decentralization-criticism