The opinion articles present diverse views and do not represent the stance of (WEB3+)

World ID enters Taiwan: Digital identity, personal data, and citizen discussions

World ID officially launched in Taiwan at the end of May. You only need to download the World App and find an Orb at three locations in Taipei to scan your iris and start receiving cryptocurrency $WLD regularly. In the past six months, World ID has heavily invested in government relations operations and legal compliance worldwide. In addition to officially launching Orb in Taiwan, World ID has also opened its business in the United States.

Taiwanese people indeed live up to the name of the digital democracy kingdom, as polarizing opinions emerged on social media platforms in a short period.

Tech enthusiasts sharing their invitation codes on social media to earn commissions; on the other hand, Taiwanese people concerned about data leakage express that donating an iris is equivalent to selling personal data, and such behavior is seen as a cheap clearance of biometric data.

If we simplistically view World services as a savior of digital identity or a demon that scrapes personal data, it seems unhelpful for public discussion. Especially since there are many advanced technologies involved, some even more cutting-edge than government public services, which can easily lead discussions into a fog.

So how should we view World?

💡Further reading: Would you be willing to give up your iris? World ID has officially launched, what is World? How can you complete the verification in 5 steps?

Super App

Super App is an app that integrates many functionalities, such as chatting, payments, ride-hailing, food ordering, and shopping, all on one platform, eliminating the need to download many different apps.

Like a digital Swiss Army knife, the Super App can do many things. World ID is essentially a key, similar to the 'Sign in with Google' service, allowing users to log in to different services through World ID, such as the recently announced partnership with Shopify and gaming service Razer.

Additionally, World is actively expanding its developer ecosystem in various regions, hoping to develop more Mini Apps on the World App.

This can be understood as World attempting to enhance its Super App with 'privacy-enhancing technology', using real-person verification to address fraud issues and rapidly develop application scenarios to expand its business territory.

For individuals, the potential risk increases with more centralized services, making it harder to 'opt-out'. This is also an issue that international decentralized identifiers (DID) and Verifiable Credentials (VC) aim to address. A comparable case is the digital identity regulations recently passed in Utah, USA.

💡Further reading: What does advanced digital identity legislation look like?

Iris

World ID requires a visit to a physical location, where an iris scan must be performed through a machine to obtain 'real-person verification'. It is claimed that the data (Iris Code) converted from iris features is not stored within the machine. So where is the iris data stored?

According to official explanations, World collaborates with trusted third-party organizations such as Nethermind, Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU), Korea Advanced Institute of Science and Technology (KAIST), and the University of California, Berkeley, using Anonymized Multi-Party Computation (AMPC) to split data into three parts, stored on the user's phone and with the other two institutions.

Multiparty computation is a technique that allows multiple people to calculate something together without revealing their secret data to each other. Using privacy-enhancing technologies is indeed a good way to protect individual privacy. Splitting iris data into three parts increases the difficulty of obtaining personal data, but the two extended questions are:
1. How does the processed and split Iris Code, which cannot be traced back, fit into existing privacy protection frameworks, such as Taiwan's Personal Data Protection Act?
2. The second question is, who is the 'trusted third-party organization' ensuring that these organizations do not collude? There may be a lack of governance processes for digital trust and adequate collaboration with local regulatory bodies and consumers.

💡Further reading: MPC's Role in Advancing World ID Privacy Features

Universal Basic Income

World is leveraging the name of Universal Basic Income (UBI) to attract new users through cryptocurrency Worldcoin airdrops, aiming to solve the cold start problem for startups. Universal Basic Income is a policy where the government regularly gives money unconditionally to everyone, regardless of whether they have a job or how much income they make.

In May this year, due to privacy concerns, a Kenyan court ordered Worldcoin to delete users' biometric data. Prior to this, there were concerns that intermediaries had acquired iris data from unaware individuals in exchange for cryptocurrency, raising doubts about violations of digital human rights.

World has indicated that they are gradually phasing out Orb service providers and enhancing self-service Orb scanning services to reduce the ethical and moral issues surrounding digital identity. A point worth discussing is whether the reward airdrop truly aligns with the meaning of universal basic income, and what responsibilities service providers should bear regarding the ethical issues arising from the reward airdrop.

Regarding digital identity protection, WhyID once advocated that the government should not induce citizens to use digital identity services through subsidies or rewards, such as in the case of India's digital identity card Aadhaar. However, World is not a public service, and Worldcoin is not a legal currency, yet it has a 'quasi' public service effect, which is worth public discussion.

💡Further reading: Worldcoin Ordered to Delete Biometric Data in Kenya Over Privacy Breach

Zero-knowledge proof

World ID is the largest zero-knowledge proof service provider in the world. Zero-Knowledge Proof is a technology that allows you to prove you know something without revealing the content of that information.

Just as you can prove you are over 18 without revealing your birthday or ID number. Like multiparty computation, zero-knowledge proofs are also a type of privacy-enhancing technology, and recently the zero-knowledge proof technology has entered the standardization phase within the Internet Engineering Task Force (IETF).

In addition to World ID, many projects by the Ethereum Foundation, such as Anon Aadhaar, zkPassport, and zkMail, also use zero-knowledge proof technology to address digital identity issues; meanwhile, Google Wallet opened a passport-based zero-knowledge proof service in the UK this May, used as a proof of age for users to purchase train tickets.

Zero-knowledge proof can be seen as the ultimate remedy for personal data protection, because unless the other party explicitly knows the information (such as whether one is an adult or whether one is Taiwanese), personal data will not be leaked. However, this remedy is not万能, as if a large amount of personal data is cross-referenced, it is still possible to profile an individual, just like current online advertising agencies.

At this point, the Super App may generate risks of centralized identity data cross-referencing. Whether zero-knowledge proof can be effective within the service framework of World ID is a question worth our continued observation.

Conclusion: Prevention is better than cure (Privacy by Design)

Whenever emerging technologies, especially those with strong public relations effects, are encountered, the public can easily accept or oppose them unconditionally, but this does not reflect what people truly want or need.

Therefore, after gaining a basic understanding of the technology used by World ID, the author calls on service providers, government regulatory bodies, and civil society to conduct Data Protection Impact Assessments (DPIA) regarding World issues, to determine whether 'donating an iris' is meaningful.

More reports
Would you be willing to give up your iris? World ID has officially launched, what is World? How can you complete the verification in 5 steps?
Trump's crypto company airdrops a new stablecoin! Will 'USD1' struggle against leading stablecoins?