Worldcoin Faces Criticism Over Biometric Data Privacy Concerns

Worldcoin, a project spearheaded by Sam Altman, has sparked significant debate within the crypto industry. The project aims to verify human uniqueness through iris scans and distribute its WLD token globally, positioning itself as a tool for financial inclusion. However, critics argue that the project's biometric methods are invasive, overly centralized, and at odds with the principles of decentralization and digital privacy.

At the core of the criticism is the assertion that a system cannot be truly decentralized if it relies on proprietary hardware, closed authentication methods, and centralized control over data pipelines. Shady El Damaty, co-founder of Holonym Foundation, emphasized that decentralization is not just a technical architecture but a philosophy that prioritizes user control, privacy, and self-sovereignty. He argued that Worldcoin's reliance on custom hardware, such as the Orb, and centralized code deployment undermines the decentralization it claims to champion.

Worldcoin has responded to these claims by stating that it does not use centralized biometric infrastructure. The company maintains that the World App is non-custodial, meaning users remain in control of their digital assets and World IDs. According to Worldcoin, once the Orb generates an iris code, the iris photo is sent as an end-to-end encrypted data bundle to the user's phone and is immediately deleted from the Orb. The iris code is processed with anonymizing multiparty computation, ensuring that no personal data is stored.

Evin McMullen, co-founder of Privado ID and Billions.Network, acknowledged that Worldcoin's biometric model is not inherently incompatible with decentralization but faces challenges in implementation around data centralization, trust assumptions, and governance. Critics have also drawn parallels between Worldcoin's data collection practices and those of OpenAI, which has faced legal challenges for scraping unconsented user data to train its models. Worldcoin rejects this comparison, emphasizing that it is a separate entity and does not sell or store personal data.

Worldcoin's user onboarding process has also come under scrutiny. The project claims to ensure informed consent through translated guides, an in-app Learn module, brochures, and a Help Center. However, critics remain skeptical, warning that individuals in developing nations, who are the primary targets of Worldcoin, may be more susceptible to bribery and less aware of the risks involved in sharing personal data.

Several global regulators have expressed concerns over Worldcoin's operations, with governments like Germany, Kenya, and Brazil raising issues about potential risks to the security of users' biometric data. In May, Worldcoin faced challenges in Indonesia after local regulators temporarily suspended its registration certificates. The company has maintained that its protocol does not require biometric enrollment for basic participation and uses zero-knowledge proofs to prevent linking actions back to any specific ID or biometric data.

Critics argue that the reliance on iris scans to unlock services could deepen global inequality, creating a two-tiered society where those willing to share their biometric data gain access while those who refuse are excluded. There are also concerns that Worldcoin could become a surveillance tool, especially in authoritarian regimes, by centralizing biometric data in a way that may attract misuse by powerful actors. Worldcoin dismisses these claims, asserting that its ID protocol is open source, permissionless, and designed to prevent government applications from tying back a user's activity to their biometric data.

The debate also extends to governance, with Worldcoin stating that its protocol is moving toward greater decentralization. However, critics argue that meaningful user ownership is still lacking. El Damaty called for the development of systems that allow individuals to prove their humanity without creating centralized repositories of biometric or personal data, emphasizing the need for zero-knowledge proofs, decentralized governance, and open standards that empower individuals rather than corporations.

The urgency behind developing secure identity systems is driven by the growing sophistication of artificial intelligence, which is blurring the lines between human and non-human actors online. Without reliable verification for both humans and AI agents, digital ecosystems face growing threats, including misinformation, fraud, and national security vulnerabilities. Privado ID's McMullen highlighted the need for verification and contextual logic to address these risks, emphasizing the importance of secure identity systems in the face of evolving technological challenges.