I'm a flaming atheist but holy fuck do I get uncomfortable with universal IDs and the growing drumbeat of identity verification.
Borders, passports, IDs, personal documentation, it's all just a modern caste system. Yes, it's uncomfortable to think of a world without them but to me, after global warming, digital class slavery is probably the second biggest issue of our time. So much of the world works because bureaucracy is inefficient and non-omniciant, just like humans, yet so many people want the world to be one big TSA checkpoint where everyone must be unnaturally perfect at all times. It's utopian thinking that is leading us towards a type of hell I don't think any of us can even begin to imagine.
Borders and passports have been with us for a while now and are not really a tech thing.
I'll give you modern KYC stuff is annoying - it seems you have to provide proof of identity, address where you live, and often now where your money came from which can be tricky if you haven't documented it.
Worldcoin is actually a step away from the KYC situation where you can prove you are a unique person but not have to give them your name address and finances etc. But so far that's a bit theoretical - all the financial institutions I deal with want KYC stuff and don't accept Worldcoin.
Doesn't Worldcoin produce Zero Knowledge Proofs of biometric data? If yes i do not see what kind of personal data the ledger may hold. It holds the proof of their data, not their data.
If some people are not aware of ZKP here is a short really like [1].
If they use ZKP's correctly then what you are proving is membership in a set.
However, they are collecting iris scans which means they are the ones building the set and therefore own all the data about all the members of that set.
To do it properly the government should be the ones who build the set.
There are also problems with respect to stolen identities. If addressed, it's not fully private - you are given a token which you must reuse, making you pseudonymous. Or else a single stolen identity may be used infinitely without anyone realizing it.
>If they use ZKP's correctly then what you are proving is membership in a set.
>However, they are collecting iris scans which means they are the ones building the set and therefore own all the data about all the members of that set.
Totally agree, but any other official of any kind can do the same and create their own membership set. A mayor of a town can create a similar set of citizens. A football's team coach can create their own membership set, of players and fans.
I don't see why that particular membership set is more special than any other.
> To do it properly the government should be the ones who build the set.
To do it properly governments around the world should agree on a standard or two, and use that standard worldwide for the next 50 to 100 years. See for example screws and screwdrivers [1] which are effectively identical for so many years.
When a standard is established for identity, for ownership, for ownership transactions, for signatures, for contracts, for passports and many other things then it is government's job to keep the data safe and private, we agree on that. As soon as identities for example are a technological screw, then we don't want incompatibilities between governments.
> There are also problems with respect to stolen identities.
The ZKP does not need to be the identity by itself. Another identity can be tied to the ZKP proof, and use it's children identities for everyday use. They implemented something like that for Python to avoid supply chain attacks [2].
It's all a bit confusing, but I think there are two separate parts to the process of joining and using Worldcoin. To join up they scan your iris and keep a record of the iris scans to stop you applying for multiple accounts. It's anonymous apart from the iris scan - they don't need your name or dob or anything like that.
The second part is once you have an account you can use it to prove you are the person with that account, and this is probably where the zero knowledge proofs come in. In this second stage your irises are irrelevant, they only come up when first applying.
The accounts are very much like crypto wallet public/private key accounts I think although they try to hide the details from you a bit in the app.
Thanks for the info. That's what i thought the process would be. Although i do consider worldcoin to be irrelevant, and eventually to fail at some point in the future.
> Those three codes, which are extremely difficult to break are then stored in databases that are owned by third parties, which include the University of Berkeley, Zurich, Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU) university and NeverMind
> As a result, despite the improvements already introduced, adjustments are still required to bring the company's data processing in line with the applicable provisions Among other things, the company will be obliged to provide a deletion procedure that complies with the provisions of the GDPR within one month of the decision taking effect. In addition, “Worldcoin” will be obliged to provide explicit consent for certain processing steps in the future. Moreover, the deletion of certain data records previously collected without a sufficient legal basis was ordered ex officio. The company has already received the decision and has informed us that it is going to appeal it.
The allusion to "improvements already introduced" would seem to refer (though I'm uncertain of this) to https://world.org/blog/announcements/worldcoin-foundation-un... - which was described there as "reinforced after conversations with data protection authorities focused around further biometric template protection, particularly the Bavarian Data Protection Authority (“BayLDA”), the Worldcoin Foundation’s Lead Supervisory Authority in the EU."
Cryptographic systems that ensure no single party can access data at rest, even if that party were to be compromised, corrupted, or forced to reveal secrets by law enforcement, are absolutely incredible technical achievements - but it seems that, at least in this case, they are insufficient solutions in the eyes of EU regulators. (Not a lawyer, this is not legal advice.)
I hope the stance towards cryptographic erasure evolves thoughtfully over time in general, but World's approach here, beginning to collect data for seemingly unlimited purposes before having a completed system for SMPC, was never going to be one that would lend itself towards establishing positive regulatory precedent.
Will they delete it for real? I feel like many companies either just hide the data or have it sitting in older backups, leaving everyone’s privacy vulnerable.
I usually wonder if they do that as well. In some cases it may be hard to depending on how data is stored. In vertica, a database I worked with would never truly delete data on disk.
Only marking as “deleted” while indefinitely keeping it is illegal in the EU/EEA. The GDPR _requires_ a hard deletion in cases like this, but allows a grace period of a few weeks for the deletion to propagate throughout systems.
That seems like nonsense. Software cannot constrain the physical world. I could touch the bits on the drive itself, or I could physically destroy the hard-drive. Both would "truly delete" the data.
At least before GDPR it was a common wisdom among backend people that deleting things is just not worth it. I remember when I joined an otherwise cloud-focused team as an embedded engineer and suggested that we add a way to delete an account it was made clear to me that I am asking for an impossible thing. I hope GDPR has managed to change something
Which is why when people make it to mars it will thrive. No taxes, no debt and no government regulation. Just build, build, build baby.
Hopefully 3D printing and materials science will have some cool tech in the future otherwise it could be a slow start.
Assuming humans make it to Mars is already a leap, but assuming a government won’t form almost immediately, if somehow one doesn’t exist from the beginning of colonization, seems even less likely
You'd be entirely dependent on Musk City with its regulations for having resources to stay alive. At least on Earth you can go live in the woods or become a tax exile or some such.
Readit News
World(coin) sounds like it's right out of the plot of some Sunday morning preacher's sermons [1] about Revelations and the "mark of the Beast".
Central organization scanning people and controlling how they transact? Literally the antichrist's M.O.
[1] https://youtu.be/zjHrExOM-ww
Borders, passports, IDs, personal documentation, it's all just a modern caste system. Yes, it's uncomfortable to think of a world without them but to me, after global warming, digital class slavery is probably the second biggest issue of our time. So much of the world works because bureaucracy is inefficient and non-omniciant, just like humans, yet so many people want the world to be one big TSA checkpoint where everyone must be unnaturally perfect at all times. It's utopian thinking that is leading us towards a type of hell I don't think any of us can even begin to imagine.
I'll give you modern KYC stuff is annoying - it seems you have to provide proof of identity, address where you live, and often now where your money came from which can be tricky if you haven't documented it.
Worldcoin is actually a step away from the KYC situation where you can prove you are a unique person but not have to give them your name address and finances etc. But so far that's a bit theoretical - all the financial institutions I deal with want KYC stuff and don't accept Worldcoin.
Dead Comment
If some people are not aware of ZKP here is a short really like [1].
[1] https://www.youtube.com/shorts/c6gpq9nKogo
However, they are collecting iris scans which means they are the ones building the set and therefore own all the data about all the members of that set.
To do it properly the government should be the ones who build the set.
There are also problems with respect to stolen identities. If addressed, it's not fully private - you are given a token which you must reuse, making you pseudonymous. Or else a single stolen identity may be used infinitely without anyone realizing it.
>However, they are collecting iris scans which means they are the ones building the set and therefore own all the data about all the members of that set.
Totally agree, but any other official of any kind can do the same and create their own membership set. A mayor of a town can create a similar set of citizens. A football's team coach can create their own membership set, of players and fans.
I don't see why that particular membership set is more special than any other.
> To do it properly the government should be the ones who build the set.
To do it properly governments around the world should agree on a standard or two, and use that standard worldwide for the next 50 to 100 years. See for example screws and screwdrivers [1] which are effectively identical for so many years.
When a standard is established for identity, for ownership, for ownership transactions, for signatures, for contracts, for passports and many other things then it is government's job to keep the data safe and private, we agree on that. As soon as identities for example are a technological screw, then we don't want incompatibilities between governments.
> There are also problems with respect to stolen identities.
The ZKP does not need to be the identity by itself. Another identity can be tied to the ZKP proof, and use it's children identities for everyday use. They implemented something like that for Python to avoid supply chain attacks [2].
[1] https://www.youtube.com/watch?v=MXWSn8rMeEo
[2] https://news.ycombinator.com/item?id=42136375
The second part is once you have an account you can use it to prove you are the person with that account, and this is probably where the zero knowledge proofs come in. In this second stage your irises are irrelevant, they only come up when first applying.
The accounts are very much like crypto wallet public/private key accounts I think although they try to hide the details from you a bit in the app.
What do they mean by "Zurich" here?
https://www.lda.bayern.de/media/pm/pm2024_08_en.pdf (EN)
https://www.lda.bayern.de/media/pm/pm2024_08.pdf (DE)
Quote from the officlal English version:
> As a result, despite the improvements already introduced, adjustments are still required to bring the company's data processing in line with the applicable provisions Among other things, the company will be obliged to provide a deletion procedure that complies with the provisions of the GDPR within one month of the decision taking effect. In addition, “Worldcoin” will be obliged to provide explicit consent for certain processing steps in the future. Moreover, the deletion of certain data records previously collected without a sufficient legal basis was ordered ex officio. The company has already received the decision and has informed us that it is going to appeal it.
The allusion to "improvements already introduced" would seem to refer (though I'm uncertain of this) to https://world.org/blog/announcements/worldcoin-foundation-un... - which was described there as "reinforced after conversations with data protection authorities focused around further biometric template protection, particularly the Bavarian Data Protection Authority (“BayLDA”), the Worldcoin Foundation’s Lead Supervisory Authority in the EU."
Cryptographic systems that ensure no single party can access data at rest, even if that party were to be compromised, corrupted, or forced to reveal secrets by law enforcement, are absolutely incredible technical achievements - but it seems that, at least in this case, they are insufficient solutions in the eyes of EU regulators. (Not a lawyer, this is not legal advice.)
I hope the stance towards cryptographic erasure evolves thoughtfully over time in general, but World's approach here, beginning to collect data for seemingly unlimited purposes before having a completed system for SMPC, was never going to be one that would lend itself towards establishing positive regulatory precedent.
The file locker site i use said my account was deactivated due to inactivity.
But after a simple email pw reset all my uploads are back online.
Makes me aware any deletion i do is probably NOT done server side.
- Rotate old tapes to store the freshest backup (according to retention policy)
- Store row ID for each deletion request
- Replay deletions during restore
Either way you want (or already have) a scrubbing procedure to import production data into a staging environment, so this is not a technical issue.
Deleted Comment
Deleted Comment
Dead Comment