Private by design: A guide to Worldcoin’s privacy pillars and whitepaper

At a time when AI is making the internet both more useful and, potentially, more dangerous, Worldcoin is building something unprecedented: 

A trusted and inclusive network that allows anyone to anonymously prove they’re a unique human online.

Essential to this mission are the four privacy principles around which the Worldcoin project is built: 

• Security: Secured by math
• Anonymity: Move freely online
• Transparency: Built in the open
• Choice & Control: Your data, your rules

Learn more about each of these principles below, or read the Worldcoin privacy whitepaper, Private by Design, for a deeper understanding.

Without security, there is no privacy. 

Worldcoin relies on various techniques to ensure that World ID holders’ data is secure. One such technique is transparency (discussed below), using things like open sourcing and third party audits to ensure the public has full visibility into what’s being built and how it operates. 

Another is cryptography, including tools like secure multi-party computation (SMPC) and zero-knowledge proofs (ZKPs). These are quite technical fields, but they’re designed to provide things like perfect secrecy of information (in the case of SMPC) and the inability to trace actions (in the case of ZKPs). 

Think of it as being secured by math. Learn more. 

Being anonymous online is difficult. On-site activity can be monitored, and movement between sites can be tracked.

Worldcoin works differently, however. It uses cryptographic technologies like SMPC and ZKPs discussed above not only to ensure a person’s identity is never linked to the iris code that verified their World ID, but to make it impossible to track the use of their World ID between apps and services. 

What it adds up to is a way to transact and interact online using World ID while remaining anonymous. Learn more. 

Worldcoin and its contributors incorporate as many outside opinions and fields of expertise as possible. 

These include audits from trusted third parties like Nethermind, Least Authority and Trail of Bits who have reviewed the security of the protocol itself (correctness of the implementation, common errors, adversarial actions, etc.) as well as the orb (handling of PII, possible data extraction from personal devices, etc.).

It also includes the ongoing open sourcing of the project’s core components, including its orb hardware, software and iris recognition pipeline. 

Worldcoin believes in building in the open. Learn more.

The starting point for recognizing people’s control over their data is not asking for much data to begin with. That’s why no information like name, email address, phone number, etc. is required to download and use World App or to verify and use World ID.

Another key component of choice & control is Worldcoin’s user-centered design. This starts with Personal Custody, an approach to data custody in which all the information used to generate a person’s iris code to verify their World ID is held securely on their device, never on the orb. 

It also includes Face Auth, a technology that privately ensures only the person who verified their World ID at an orb can use it. 

The Worldcoin approach is simple: Your data, your rules. Learn more.