Worldcoin hackable by cutting off someone’s face, draping it over your own

I scanned my eyeballs with Worldcoin’s scary orb, so you don’t have to

OPINION
article-image

Midjourney modified by Blockworks

share

This week on my to-do list, nestled between “buy milk, see the dentist, do laundry,” was “get eyeballs scanned by Worldcoin.”

I have to be honest: I had no particular desire to get my eyeballs scanned before this week. And even now, I can’t say Worldcoin’s launch and promise of a new way of proving your humanness made me want to go out and shove my eyeballs against one of their shiny metal orbs. 

But my ambivalence about this very contentious new project — Sam Altman will steal your identity forever! You’ll never have privacy again! — made me the perfect guinea pig to document a day in the life of an aspiring Worldcoin digital identity holder.

Let’s rewind back to Monday morning, when I decided my eyeballs needed to be scanned as soon as possible. Even though I live in New York, a city which seemed like it would have the right kind of people who must be scanned with the same urgency as myself, only one of the four Worldcoin Orb locations was full up for the day: I got my first choice of Brooklyn, at the time of my choice.

Before I hopped on the L train, I decided to scare the bejeezus out of all of my non-crypto-native friends and family members by asking them their thoughts on my upcoming Worldcoin activities. 

Keep in mind that because most of these people have either a rudimentary, or zero-level, understanding of Bitcoin (and Bitcoin alone), I tried to phrase my task therefore as succinctly as possible:

I’m going to get my iris biometrics scanned today by a new global cryptocurrency project called Worldcoin which involves visiting an Orb in Brooklyn so I can prove I am a real person in the future. Any thoughts?

Only one person out of my family had a positive reaction (my mom). But look a bit closer, and even its positivity was actually negative: So many of my fave futuristic dystopian movies have come true, we might all need this very soon. 

You don’t want a project designed to change the world for the better to be something out of a dystopia, do you — ideally, we’re aiming for a utopia, right?

One of my more crypto-friendly friends snarked: Great way to have your identity stolen at some point in the future.

Undeterred, I downloaded the app on my way to the train. You need almost no information to sign up — to the extent that you are given a chance to give an alternative name and email address. Privacy fears, disperse! 

After arrival, I was then led by a friendly receptionist through the most hipster, open-space coworking venue I have ever seen in my life (think Brooklynites with mullets and small mustaches) to a small table with two silver Orbs.

If you don’t have a million stupid questions for the human manning the Orb scanner, you can scan your irises and be done in five minutes. But if you’re me, trying to make up your mind about Orbs, you can easily spend 45 minutes grilling the Orb volunteers.

One scanner was a true Orb believer who spent his free time scanning eyeballs, when he wasn’t working full-time at his crypto research job. “Don’t worry,” he assured me, “I took an exhaustive online training course for this.”

“This” turned out to be holding up a QR code to a shiny metal ball, and dodging my questions about the Worldcoin airdrop to US citizens. 

The other Orb scanner, who had worked for over three years as one of the engineers actually building the Orb, was brought in to deal with me about 10 questions in.

For example — could Sam Altman ever go bankrupt and secretly sell all of our iris scans to the Chinese government to stay afloat?

Actually yes, this could happen. 

But both Orb scanners reassured me that Sam has absolutely no plans to do this, as far as they know. Plus, because your irises aren’t actually stored after scanning, all the data he would have to sell are public keys associated with anonymous Worldcoin accounts, which may not be that valuable to China (yet).

Before these Orb scanners got sick of me, I got to the really meaty questions I had prepared. 

Did they realize that Worldcoin had an accessibility problem? Namely, did they understand that their entire project only caters to humans with eyes? And according to a very cursory Google, a 2007 study found that about 30 people in 100,000 are born without one or both eyes, thus cruelly denying them access to Worldcoin benefits.

The Orb engineer assured me that this is a problem they are seriously considering for future iterations of the project.

I continued on a darker vein: What if a criminal mastermind decided to cut out someone’s eyes, and use them to steal their identity?

The Orb engineer told me that it wouldn’t work. This Orb needs to see alive, blinking eyes, and a human face that is real attached to them. A picture of someone’s eyes won’t scan, robot eyes won’t scan, canine eyes won’t scan.

But then I got him.

If you cut off someone’s face, including gouging out their eyes, and then you draped it all over your own face, could you register as them with a Worldcoin scanner and steal their identity?

Yes. 

Although he promised that the Worldcoin R&D team has not tested this particular edge case.

Finally, I actually scanned my eyeballs, and my story ends there. I now have an app on my phone with a virtual card that I can sort of flip around with my fingers. And nothing else.

As an American, I won’t get the token airdrop. Hypothetically, I can use the app as a crypto wallet for ERC-20 tokens, but that functionality hasn’t appeared yet. All I can do is wait for either the US to change its securities laws or Worldcoin ID log-in to be accepted in more places than just Okta for my eyeball-scanning day to really bear the fruits of its labor.

Am I now scared that my privacy is forever compromised? I’m not. Really. 

I already use FaceID on my iPhone. I pay for Clear to scan my face at airports and save me time in the security lines. I once even got an entire body scan to create a little action figure of myself, thumbs up, for Father’s Day. And who knows what that privacy clause looks like, there could be thousands of little Molly Jane figurines for sale in China for all I know.

Do I feel like I’m part of a revolution changing the world with new ways of enabling democracy, as the Worldcoin website states? Also no.

What I do feel, however, is a little bit proud. My lack of interest in the technical side of crypto means that I’ve never really delved into the DeFi world of farming and staking, for example, which means that my firsthand crypto knowledge is confined to using the biggest, centralized crypto exchanges.

But today, I finally did something hands-on in crypto (and journalism). I physically got out from behind my screen, ventured into the bowels of Williamsburg, personally pestered two crypto enthusiasts for almost an hour and sacrificed my eyeballs to a metal Orb.

What did you do with your Monday?


I don’t care much about tech, I don’t care a whole lot about finance, either. I care about writing stories and watching weird things unfold. And that’s why I’ve ended up in crypto.

But because I’m missing that passion for what crypto and blockchain are all about — finance, tech, privacy, yadda yadda — I’m going to write instead about what I am actually interested in. Everything about crypto that has very little to do with crypto.

That’s what this column will be about. All the tangential stories that come out of the blockchain and crypto space, what I think about them, and how I navigate it all as a skeptical former Russian literature major.

It’s precisely my perch as an outsider that lets me do what I do: Opine on all sides of any crypto issue, no strings attached, no skin in the game.

If you want to talk crypto with me, let’s go off topic.

Tags

Upcoming Events

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2024

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Research Report Templates.png

Research

ZKPs enable efficient offchain transaction processing and validation, resulting in increased throughput and reduced fees. Solana's ZK Compression leverages ZKPs to minimize onchain storage costs, while Sui's zkLogin streamlines user onboarding by replacing complex key management with familiar OAuth credentials.

article-image

The crypto asset manager lowered its planned fee from 0.25% to 0.15%, undercutting its competitors

article-image

Plus, a look at planned ETH ETF fees and how they differ from their BTC counterparts

article-image

North Korea suspected in breach of Indian exchange’s multisig wallet

article-image

Plus, Sanctum’s CLOUD token has officially launched — but not without problems

article-image

It’s not yet clear whether Donald Trump is pumping bitcoin. But an unofficial memecoin is still seeing benefit.