Cybersecurity agency Path of Bits has concluded the audit of Worldcoin’s ORB know-how and located that it adheres to stringent privateness protocols, notably in the way it processes and shops personally identifiable data (PII).
The complete report was launched on March 13 and revealed that there are not any vulnerabilities within the ORB software program and validated most of the claims made by Worldcoin.
The audit was initiated on Aug. 14, 2023, after a number of regulators throughout the globe raised considerations about Worldcoin’s biometric knowledge assortment, with some outright banning its operations.
The audit
Path of Bits’ audit aimed to meticulously study the orb’s software program, notably specializing in its dealing with of personally identifiable data (PII) and the administration of customers’ iris codes.
Throughout the default opt-out signup movement, the orb collects no PII apart from the iris code, which is neither written to persistent storage nor leaves the orb. In situations the place customers opt-in, their PII is encrypted on the orb’s SSD in a fashion that even the orb itself can not decrypt — showcasing a sturdy strategy to knowledge privateness.
Furthermore, the audit verified that the orb doesn’t extract further delicate knowledge from a consumer’s system, with the one data collected being from a QR code. This ensures a minimal knowledge assortment strategy, aligning with privateness finest practices.
Importantly, the iris code, a crucial piece of biometric knowledge, is dealt with securely all through its assortment and transmission course of, successfully mitigating the chance of unauthorized entry or interception.
Suggestions
The audit additionally highlighted areas for enchancment, recommending further hardening of the orb’s software program and {hardware} configurations to bolster safety additional.
In response, Worldcoin has applied adjustments, together with changing a weak library used for QR code scanning with a safer various.
The Path of Bits audit represents only one a part of Worldcoin’s ongoing efforts to make sure the safety and privateness of its know-how. With the ORB know-how being central to the Worldcoin venture’s mission to supply a common primary earnings, these rigorous safety assessments are essential for sustaining consumer belief and venture integrity.
Recognizing the significance of transparency and neighborhood engagement, Worldcoin has invited public participation in its bug bounty program and plans to share future audit reviews as they turn into obtainable.
