10/21/2021
3 minute read

Privacy by Design

This post explains how privacy will work after field testing is complete. Currently, we expect field testing to continue through early 2022. We will update this section should anything change. To find out how privacy works during field testing, click here.

It has become standard procedure for many tech companies today to collect as much personal data as possible. This is largely because they rely on advertising revenue to generate profit for their investors, and that ad revenue hinges on using customer data to more effectively target customers with ads. While many products and services on the internet are "free", the collection and monetization of personal customer data is rarely transparent.

By contrast, we have designed Worldcoin in a way that both requires as little personal data as possible and preserves the privacy and anonymity of its users. Specifically, we determine whether you are real and unique without requiring you to provide personal information like your name, email address, physical address or phone number. To make all of this possible, we use technological and cryptographic techniques that many people are not yet familiar with.

In the spirit of transparency, we want to explain, in layman's terms, how these techniques work and how we use them to protect user privacy. Some of the things we explain in this post are simplified to make them easier to understand; for a more technical description of how Worldcoin works, read How the Launch Works.

It is important to remember that what we describe here pertains only to individuals claiming their free share of Worldcoin at an Orb. Individuals who want to participate in the Worldcoin network without visiting an Orb will always be able to do so, albeit without claiming their free share of the currency.

Step 1

Prove You Haven’t Claimed Your Free Share Before

A user claims their free share of Worldcoin by visiting an Orb. The Orb captures an image of both of the user’s eyes. This image is immediately converted via an irreversible function to a unique identifier[1] and then permanently deleted. The image never leaves the Orb. Every image of this user’s eyes produces the same, unique identifier, but no image of another set of eyes produces that identifier. It is not possible to recreate the original image of a user’s eyes from their unique identifier, thereby adding the first layer of privacy to the process.

Image Capture & Conversion To A Unique Identifier:

The image of Alice’s eyes is converted via an irreversible function to a unique identifier and then permanently deleted.

Figure

What is an irreversible function? Simply put, an irreversible function is a mathematical process which can’t be reversed. For example, imagine you have a selection of different colored paints (these paints can be any of the infinite number of colors that exist). You decide to mix these paints. Once you have done so, you have a new color and it is impossible to determine what the original colored paints were. Here, your original selection of colored paints represents the image of the eye, the mixing process is the irreversible function and the color you ended up with is the unique identifier.

Step 2

Verifying You Haven’t Claimed Your Free Share Before

The unique identifier is now checked to ensure that the user has not claimed their free share before. If they have, the claim will be rejected; if they haven’t, a certificate is created. This certificate cannot be differentiated from any other; every user is given an identical certificate.

The Verification Process:

Alice’s unique identifier is checked to make sure she hasn’t claimed her free share before. She hasn’t, so a certificate is created, here shown as a ticket.

Figure

What is a certificate? Think of it like this: you pay to go to an amusement park. Upon payment, everyone (including you) is given an identical ticket to enter. You are only ever given one ticket and it cannot be forged. This ticket is a certificate: it verifies that you paid to enter the amusement park, but if you lose it, whoever finds it knows nothing about your identity, just that it belonged to someone who entered the park.

Step 3

Claim Your Share Of Worldcoin

This anonymous certificate lets the user create a wallet that contains their share of Worldcoin. This certificate can then never again be used to create a wallet. Since every certificate is identical, there is no link between the user’s wallet and their unique identifier. Finding out a user’s unique identifier then gives you no information about their wallet and vice versa. This decoupling adds a second layer of privacy to the process.

Receiving Her Share, But Only Once:

Alice’s ticket lets her create a new wallet containing her free share of Worldcoin. Her wallet cannot be linked to her unique identifier.

Receiving Her Share, But Only Once:

Alice’s ticket lets her create a new wallet containing her free share of Worldcoin. Her wallet cannot be linked to her unique identifier.


Summary

Putting It All Together

All of the above steps happen automatically once the image of the user’s eyes has been captured. Below we pull together analogies from above to visually describe the entire sign-up flow.

Assume that everyone on earth is born with a unique palette of colors. Alice, like everyone else, has a unique palette.

Everyone on earth is born with a unique set of eyes. Alice, like everyone else, has a unique set of eyes.

Alice wants to enter an amusement park. Everyone wishing to enter the amusement park must present their unique palette to the park’s ticket booth operator. Alice does this and the operator then mixes together the same colors Alice has in her palette to create a color that is unique to Alice: no one else’s palette would ever mix to create the same color.

Alice wants to claim her free share of Worldcoin. Everyone wishing to claim their free share of Worldcoin must visit an Orb so that the Orb can capture an image of both of their eyes. Alice does this and the Orb then converts the image of her eyes to a unique identifier: no image of someone else’s eyes would ever be converted to the same identifier.

Alice’s unique color is then checked against the unique colors of all previous amusement park entrants. If her color has never been seen before, she will be given a ticket and allowed in. Otherwise, she will not. In this case, her unique color has not been seen before, so she is given a ticket.

Alice’s unique identifier is then checked against the unique identifiers of all previous Orb sign-ups. If her unique identifier has never been seen before, a certificate will be issued which will allow her to claim her free share. Otherwise, a certificate will not be issued, meaning she has already claimed her free share. In this case, her unique identifier has not been seen before, so a certificate is issued.

Whether Alice had been given a ticket or not, the ticket booth operator now completely forgets about Alice and her color palette.

Whether a certificate had been issued or not, the image of Alice’s eyes is now permanently deleted.

With ticket in hand, Alice goes to the amusement park entrance. The guard clips her ticket and gives it back to her, now allowing her to enter. Once Alice has entered, the guard forgets Alice.

The certificate that was issued now facilitates the creation of a new wallet containing Alice’s free share of Worldcoin. This certificate can never be used to create a wallet again. It also cannot be linked back to Alice.

Importantly, both the ticket booth operator and the guard have no memory of Alice’s identity or her unique color palette: her privacy has been entirely preserved. Moreover, Alice’s unique color is not even linked to her presence in the amusement park as the ticket she received destroyed any connection there might have been between the two.

Importantly, both the Orb and Worldcoin have no record of Alice’s identity or her eyes: her privacy has been entirely preserved. Moreover, Alice’s unique identifier is not even linked to her wallet as the certificate destroyed any connection there might have been between the two.


Footnotes
  1. Elsewhere, we refer to this “unique identifier” as “IrisHash”, but for the sake of simplicity we here use “unique identifier”.
Authors

Misha Wilcockson, Philipp Sippl & Thomas Scott

Acknowledgements

Sandro Herbig, Lucas Ege, Remco Bloemen, Hung Chang & Emma Clippinger

© 2021 Worldcoin.

All rights reserved.

You’re signed up to receive updates