J ❑

@NaveenGRao Sponsored results and ads coming soon. Everyone knows this.

Will make a list of claims I disagree with and counterarguments first and use that as reference for the video for more context: 0. The project is called World, not Worldcoin. The protocol for identity is World ID. We rebranded in October of 2024, it's better for everyone to call things what they are. 1. "Every game will be gamed. Proof of Humanity doesn't stop people rounding up humans and taking their keys". Not all games will be gamed, otherwise we'd have anarchy. There are rules in physical and digital society and they work to a big extent, otherwise no product or service would work nowadays. The way they work today in the digital world for proof of humanity is by collecting million data points on their users and using those heuristics to assess whether you are a unique human or not so as to be able to advertise effectively and provide a service in exchange (big tech business model since forever - Google, Meta, Amazon, ...) or outright KYCing / doxxing like mentioned in the talk. What World is doing is building self-custodial, transparent, privacy-preserving and verifiable tooling for leveraging your identity online and prove you are human without disclosing anything else other than a ZK proof than you are human. How? More in the video, but the flow is user goes to the orb, orb verifies that the user is a real and unique human being, realness through sensors like field of depth, light, IR and a visible light camera, those images are used to check whether the user is wearing contact lenses, glasses, a cap, ... whether they have a continuous heatmap, 3rd profile, etc etc, after that the orb will compute the iris codes (this part will soon happen completely on the user's device thanks to ZKML, will intro in the vid). Once you generate the iris codes which are unique embeddings (representations / vectors) they are linear secret shared in MPC (split into secret shards that if you add a threshold of them together you get the original data back, but you can operate on these shards without ever decrypting - world.org/blog/engineeri…, eprint.iacr.org/2024/705). These iris code AMPC shares are all private and are checked for a so called Hamming Distance (how different they are from all the rest). After the user that signed up returns a Hamming Distance for their iris code AMPC shares greater than the uniqueness threshold, the protocol deems them unique and will append the World ID public key from that user to a @SemaphoreDevs tree on Ethereum mainnet. The user creates ZK inclusion proofs against that Merkle tree with their private key which is only on their World App to prove humanness. This is some preliminary knowledge useful to understand @DrNickA's argument that Proof of Humanity doesn't solve sybil resistance, because people can just sell their private keys to third parties and those third parties can collect in theory lots of the and break the system. Even if this were the case, it'd be a great improvement over the status quo, because you're bottlenecked by social engineering cryptographic private keys whose set size is sybil resistant. The way we combat this is with a feature part of Orb+. The orb also has a secure enclave and a TEE. The enclave is able to sign the things that it sees, when the user signs up you also keep this thing we call the PCP, or the personal data custody package. The orb will take high resolution images of the user's face and irises, sign them with their secure enclave (and also do this fancy ZK thing called a polynomial commitment scheme, namely Hyrax github.com/worldcoin/hyra…) and send them over an encrypted channel to the user. These images are deleted from the orb after signup and they never hit disk, the entire OS and firmware for the orb is in an SD card, and all other memory is just RAM or GPU. No space to store images or anything else, the SD card can be extracted from the latest orbs and checked against the OSS releases on Github, we are working on lots of tools in this direction of transparency. These signed images on users' phones are used for an extra authentication check. Does the face of the frontal camera match that which was seen and signed by the orb? If yes, the World App will compute a ZKP locally of a the Face ID match and attach that with the proof of personhood (proof of private key ownership in the Semaphore public World ID tree of orb verified individuals). This version solves sybil resistance including in @DrNickA's scenario. Alternatively even if the user manages to get socially engineered, they can always go to the orb, recover a new private key and invalidate the old one, by going through a recovery flow (this flow is still a WIP, but we're making a lot of progress). One of the issues with recovery is that in the case of Semaphore, you reset the private key and thus also its nullifier set of hashes. Nullifier hashes are the H(World ID private key, app_id, action_id). These hashes are used to uniquely identify actions done by a user within an application in a fully anonymous way, because the hash contains no information that can be linked to the user unless their private key becomes public knowledge to an attacker, e.g. Eve. If you reset nullifiers by adding a new verified Semaphore identity for the user, well then the user could double spend by doing the same action twice. We will have a cooldown for such things and working on cryptographic schemes that would have the same effect as account abstraction but for nullifiers, thus effectively solving recovery, but not invalidate cryptographic guarantees of nullifier hashes for sybil resistance. Happy to discuss this with anyone. Also I do agree that this is a perpetual game between the (sybil) attacker and the defender (sybil resistance protocol, e.g. World ID and derivatives/competitors/third party identity solutions). However, that is the nature of all games, and most games in life are worth playing. Imagine if the police and army gave up in defending its citizens just because more sophisticated thieves or nation states emerged to rob/attack them. Obviously it makes sense to not give up and do your best at solving this at scale, so that the AIs don't take over the internet and humans can still benefit from all the massive growth and thriving that this upcoming revolution in technology will bring. This was all of the context that was needed to answer point one, sorry about the ones reading this, the video will be easier to understand and consume I hope. 2. "World directly incentivizes slavery" I mean ??????? It's the same thing as claiming the EF funds the DPRKs nuclear program. Capitalism on its own incentivizes slavery, that's why we had to ban it everywhere through the rule of law, constitutions, etc, wars were waged for this and nobody wants this to ever happen again. I mean come on, claiming we are doing something this abhorrent is completely ludicrous and no one will treat it seriously. We are building open identity tools, privacy is built in, it is open source, composable, auditable, transparent, we are working on decentralization at every layer of the stack and we deeply believe that if this doesn't become a credibly neutral set of technologies, World will never reach mass adoption because there are too many parties with too many conflicting interests to coordinate. If individuals, companies, states, cypherpunks and hardcore privacy advocates, etc are all to use an identity protocol at scale with billions of users, it will have to be decentralized and credibly neutral. Bitcoin has gotten there, so is Ethereum as a finality layer for DeFi, stables, etc. Or the internet with HTTP/IP, FTP, TLS, IMAP/POP, etc etc. We want everyone to build alongside us and to contribute to this vision of private and open identity. We are not building the way of proving personhood, but a way to prove personhood. We want others to build their own biometric modalities (iris scanners, palm scanners, other sybil form factors), reputation protocols (@0xIntuition, @HumnPassport, ...), web proofs (@reclaimprotocol, @plutolabs_, ...), zk KYC (Self by @Celo, @ZKPassport, @Rarimo_protocol, ...), storage proofs (@axiom_xyz, @HerodotusDev, ...), @zkemail, and so many other identity toolchains. They are all composable and will be used by developers of all kinds to build awesome applications like @zkp2p, and so many others. World ID is a tool in the tool chain and we are building lots of tools around these to make sure you can distribute privacy and self-sovereign tech to billions of humans. Some cool stats, 70% of @safe transactions on all chains are on World Chain by World App (dune.com/queries/272570…), roughly 70% roughly of all ZKPs verified on Ethereum / L2s are Semaphore proofs created by World ID users (can't find the chart rn, but was true about 3-5 months ago), we have 28M+ users, 13M+ orb verified, we have onboard about 1 in 8 people in Argentina to World ID, 160+ countries that have World ID verified individuals and we are scaling fast. Roughly onboarding 60-70k users daily to World App, or 20-30k orb verifications. This is distributing cypherpunk tech to the masses with real use cases like DeFi, onramps offramps, stablecoins, identity / PoH, etc being available to all of those users worldwide. And they are not crypto natives. 3. "World gives big tech more power.", "It is a high fidelity rug button". @DrNickA argues that even if you have privacy end to end from the orb to the protocol, etc. You may not have privacy at the app layer. The apps can do KYC, collect info on the user and have a better way of excluding users from their platforms by banning and users not being able to come back, thus being rugged. If anything having sybil resistance at scale in an open protocol makes it very easy for users to maintain access to all of the protocols and apps they like, because they have a unique identity that can't be taken away from them. If you get kicked off X, but you have a @farcaster_xyz profile verified by World ID, then that is much better! If Farcaster censors at the protocol layer, you can fork it and use that as the canonical social network! But no one can steal your social graph away from you, yet you know that you are not interacting with AIs that pollute your feed. All of the filtering/censorship will happen at the client / UI level. Not at the protocol level, because those can be co-opted. You get to a worst case scenario federated app case like with @joinmastodon, but without the bots and being able to lose your social graph at the push of a button if the protocol is implemented correctly. You can always switch clients/frontends or whatnot. Programmable cryptography and the tools we are building will also be a great vampire attack force. Proving your existing followers on social media like X or Instagram using a web proof will be massively useful to migrate graphs over to decentralized alternatives, not the contrary. We are giving everyone more tools to be able to build better experiences without having to do KYC, collect personal information or tons of data about you which is a huge liability for companies anyway because they get GDPR fines, antitrust lawsuits, investigations post hacks of customer DBs (most recently Coinbase, etc etc). All big organizations mostly don't want anything more than they need to operate the business, because everything is a liability they can be sued for if it is mishandled on purpose, or by accident/incompetence. We are inverting the identity dilemma on its head. Identity and data go to the user, the user chooses to selectively disclose data with ZKPs and provenance guarantees of that data thanks to certificate authorities, signatures, asymmetric cryptography and programmable cryptography tools (think @ZupassProject, @0xPARC, ...). 4. "Orb Mini turns your Tinder date into an operator". Admittedly the ad wasn't great in my opinion at conveying what the product is for if taken out of context (it was presented at our event in SF - live.world.org). Here is a thread from @tiagosada explaining more, I won't repeat his words. TL;DR, Orb mini is a different form factor and won't replace the orb, it is a lower signal for sybil resistance / PoP with wider scale and with a more convenient form (like a phone). x.com/tiagosada/stat… 5. "World doesn't stop deep fakes." This is true! In its current form, World ID allows you to create a proof of personhood, but not that the content you post alongside that proof is not AI generated. For that we are working on World ID Deep Face, to do real-time ZK Face ID matching of images that were signed by the orb to match the person you see in a meeting for example. This is still WIP, in R&D. There are lots of different ways to do it. ZK, TEEs for less of a performance hit, with more realtime guarantees, a lot of explorations in the product / UX side to be done as well, etc. But it is certainly a big priority for us and we will have more to share in the coming months and years as the tech and solutions evolve. Currently we only prevent deep fakes in the sense, that someone that was not the person that went to the orb could use a World ID verified private key to create a ZKP. I explained that in one of the points above with ZK Face ID. 6. I agree with @DrNickA that ZKTLS or TEE TLS (as it actually should be named) is a very good solution for a lot of the problems in the identity space. I love work from Flashbots and namely @socrates1024 on encumbering accounts into TEEs, and my friends @devloper_xyz and the @plutolabs_ team (fyi i am an angel investor in them). The problem comes when you have to trust a TEE as your root of trust and any website or API can rug you from the data you are scraping and putting into ZKTLS at any moment. You need to build proper certificate authority chains and roots of trusts that can directly be consumed in ZK (actual signed data) and not manufacture it from an MPC/@tlsnotary type source. Because that doesn't work for most solutions, believe me we tried. Also huge shoutout to Flashbots, @0xPARC and @PrivacyScaling for pioneering a lot of these technologies. You all are invaluable. These are my main disagreements, hopefully I can record the video later today / tomorrow.

Rico v0 borrows ideas from Dai and Rai and shows some important next steps bank.dev