The internet has a person problem. One human can create a thousand accounts. One agent can speak with a thousand human-sounding voices. Any system that distributes money, votes, attention or scarce access per person must decide what a person is and how many times they have arrived.

World’s answer is the Orb. A participant looks into a specialised camera. The system analyses iris patterns and creates a World ID intended to prove uniqueness without publishing the participant’s ordinary identity.

That is technically more interesting than “scan your eyes for crypto.” It is also why the system deserves a more exact criticism.

The claim is not facial recognition

Proof of personhood does not necessarily require attaching a name to a face. Its narrower objective is to stop one individual enrolling repeatedly. Cryptography can allow later proofs to reveal little more than “this is one enrolled human.”

But privacy at presentation does not erase the enrollment ceremony. A biometric is not a password. If a password leaks, it can be replaced. Your iris is not waiting for a reset email.

The question therefore moves to the Orb, its software, the operator, the consent process, data retention, model training and the route for correcting a false match. The proof may be minimal while the trust surface is not.

Regulators found the ceremony mattered

In 2024, Hong Kong’s Privacy Commissioner concluded that Worldcoin’s local operation had breached data-protection principles concerning collection, retention, transparency, access and correction. The investigation found 8,302 participants had undergone face and iris scanning. It considered the collection of face and iris images unnecessary and excessive for the stated purpose and objected to retention for up to ten years for model training.

Spain’s data-protection authority separately ordered a temporary stop to collection and processing after complaints including insufficient information, collection involving minors and difficulty withdrawing consent.

These findings do not prove that private proof of personhood is impossible. They prove that a clever output does not excuse a bad input.

Who needs one-human-one-account?

The strongest case for personhood proof is not universal login. It is a narrow system that truly allocates something per person and cannot tolerate duplicates. Even there, the operator should answer:

  • Why is uniqueness necessary for this action?
  • Must uniqueness persist across every action or only inside one community?
  • Can a person enroll without creating a globally reusable identifier?
  • What happens after a false duplicate result?
  • Can the system survive without a token incentive that changes the meaning of consent?

The more universal the proof becomes, the more valuable its chokepoints become.

The Orb gives the internet a dramatic object on which to project its hopes and fears. The quieter issue is the architecture around it: which human problem actually requires global uniqueness, and who gains power when everybody accepts the same answer?

Sources