The founder of OpenAI wants to build a global “proof-of-humanity” network using iris-scanning orbs. But it is not going as planned. Tim Green, MEF’s programme director for ID and Data, explains…
The last few days haven’t been great for Sam Altman’s World ID biometric authentication initiative. The parent company has been accused of treating its staff like cult members, demanding they work weekends on a mission that is ‘important for humanity.”
The problem is, this is just the latest PR misstep since the project launched in 2023. The many issues illustrate the great challenge of digital identity in general – and the specific way that World ID wants to solve it. In case you don’t know much about this story, here’s a re-cap.
When Open AI founder Sam Altman started thinking about autonomous AI agents, he soon realised the potential impact on digital transactions. He correctly anticipated a future swamped with non-human entities, often committing scams and fraud.
His answer was to co-found a company in 2019 – Tools for Humanity – that would give every individual a unique credential they could use to prove their personhood on the web.
As things stand, the odds are stacked against World ID. Momentum is moving towards decentralised ID systems, and also to processes that use cloud-based facial authentication with liveness tests. This is the path being forged by MEF members such as iProov.“
The method the firm came up with centred on ‘The Orb”, a white sphere about the size of a beach ball. The Orb’s camera scans your iris, checks it is not already in the system. then converts it into a unique 12,800-digit binary number.
Now, here’s the important bit. After the Orb verifies you are human, it encrypts the data and sends it to your phone. The iris scan is then deleted from the Orb. World ID just stores an anonymous hash.
This means that, when any World ID compatible site asks if you are human you can submit your credential and you’re verified. This is zero-knowledge proof in action: the site just knows your human but it doesn’t know anything personal about you.
Sounds good, right? Well, kind of. The trouble is, as of November 2025, World ID has gathered only 17.5 million sign-ups – less than one percent of its goal.
Why? As I see it, some of World ID’s issues are of its own making. Some are inherent to its methodology. Let’s start with the former. And I’ll bullet point this for brevity.
- The name. Give your firm a grandiose name like Tools for Humanity shows a lack of self-awareness when there is widespread distrust of big tech firms.
- The Orb. Really? You want to avoid accusations of surveillance and you launch a giant all-seeing eye?
- The crypto factor. The firm’s value is linked to its own Worldcoin crypto token. Anyone who signs up for Wolrld ID gets some. But many people link crypto with scams. Again, not a good look.
- The incentives. In the early days, World ID tried to encourage sign-ups in developing countries by offering World Coins in return for scans. Thousands of Kenyans signed up just for the money. The Kenyan government eventually suspended the project.
All of the above missteps have held World ID back. They make it harder for the company to make the argument that its system is safe and privacy preserving. But many experts think the methodology itself is flawed. Here are a few reasons:
- The iris credential may be unique but it’s also static. There’s no ‘liveness’ component to it. So it can be copied. In fact, there are already reports World IDs have been sold and traded.
- On-device credentials can be compromised through malware or a digitally injected attack.
- World ID’s central store of hashes might be anonymous, but it’s still centralised and therefore vulnerable. A mass breach of the World ID database could be catastrophic.
- People could use lenses to generate multiple ‘iris codes’.
As things stand, the odds are stacked against World ID. Momentum is moving towards decentralised ID systems, and also to processes that use cloud-based facial authentication with liveness tests. This is the path being forged by MEF members such as iProov.
Still, the wider question of how to prove you are a person and not a bot remains. And if you think this is a dry technical issue, ask anyone trying to buy a ticket for Glastonbury.
Find out more about the themes discussed – Join the MEF ID & Data Interest Group.
