The Classy Investors

  /  Top News   /  Worldcoin Addresses Orb’s Privacy Concerns with Third-Party Audit

Worldcoin Addresses Orb’s Privacy Concerns with Third-Party Audit

Worldcoin has released the results of a third-party audit conducted by Trail of Bits focused on its iris-scanning Orb technology.

According to a recent report, Tools for Humanity (TFH) and the Worldcoin Foundation enlisted Trail of Bits to perform a detailed audit of the Orb’s software. This audit went beyond standard security checks to assess specific privacy and functionality aspects of the Orb.

Read the report from a highly specialized audit of the orb’s software conducted by the security experts at @trailofbits https://t.co/jVNuG20GzM

— Worldcoin (@worldcoin) March 14, 2024

The audit investigated Worldcoin’s Orb devices, focusing on how they handle and secure user data. The findings indicated that the devices do not store personal information, except for iris codes, which are encrypted and uploaded for verification purposes.

Worldcoin Orb’s Privacy Scrutiny


TFH outlined several technical claims to guide the audit, focusing on the Orb’s software as of its July 8, 2023 version.

During the default opt-out signup process, the Orb is designed to collect only the user’s iris code, avoiding any storage or transfer of personally identifiable information (PII) other than this.

The goal is to ensure no PII is written to the Orb’s persistent storage or uploaded from the device, except for the iris code.

For users opting into a more data-inclusive signup flow, any PII saved on the device’s SSD is encrypted asymmetrically, making it inaccessible for decryption by the Orb itself.

The audit also verified that the Orb does not pull sensitive information from a user’s device. The only data collected is encapsulated within a QR code scanned by the Orb.

The handling of a user’s iris code was scrutinized for security. It was confirmed that the iris code is not stored persistently on the Orb, is transmitted in a single request to the backend, and can only be sent to pre-approved servers, secured by end-to-end encryption.

Conclusion Drawn by Trail of Bits


According to Trail of Bits, the analysis “did not uncover vulnerabilities in the Orb’s code that can be directly exploited in relation to the Project Goals as described.”

“While Trail of Bits’ review identified some unconfirmed concerns that could theoretically affect project goals, and the affected code has since been updated,” the report reads. “The audit did not identify any instances where the project goals would be directly compromised.”

The post Worldcoin Addresses Orb’s Privacy Concerns with Third-Party Audit appeared first on Cryptonews.