Summary thread: https://x.com/sjgadler/status/1824245211322568903
Readit Newsdangirsh commented on AI and the value of privacy-preserving tools to distinguish who is real online arxiv.org/abs/2408.07892... · Posted by u/nikcub
dangirsh commented on Base 3 Computing Beats Binary quantamagazine.org/how-ba... · Posted by u/Tomte
Base e is optimal under a certain metric, and 3 is closest to e.
https://en.m.wikipedia.org/wiki/Non-integer_base_of_numerati...
For more details on the motivation and logic behind this experiment, see: https://www.wignersfriends.com/
dangirsh commented on Worldcoin hit with temporary ban in Spain over privacy concerns techcrunch.com/2024/03/06... · Posted by u/melenaboija
I wonder if an eyeball scan is really proof of humanity.
This may be a dumb question, buy why could someone not simply create an AI-generated iris image and fool the orb into thinking that is a unique human?
Preventing such attacks is one of the main reasons why custom hardware is required. For more info, search for "spoof" in this section of the whitepaper:
https://whitepaper.worldcoin.org/technical-implementation#wh...
dangirsh commented on Worldcoin hit with temporary ban in Spain over privacy concerns techcrunch.com/2024/03/06... · Posted by u/melenaboija
But a keypair is just a pair of numbers that satisfy some one-way function. If there's a way to generate the keypair from iris data from a human, then surely there's a way to generate an indistinguishable keypair using some fake data that plausibly could have come from an iris (ie it shares some of the same number theoretic and distribution properties) but did not. If that's the case, then the only part of the "proof of humanity" left to attack is to spoof the hardware so things think they are calling the iris scanner and getting a real key from a real human and instead they are calling the mock iris scanner and getting a plausible but not real key from a non-human. If the solution is something along the lines of "well we thought of that so a genuine worldcoin iris scanner has to sign the data to prove that it came from a worldcoin device" then I would bet you can get hold of a signing key using social engineering. If this thing was to take off it could be valuable to do so and many of the people operating the devices would be in countries with very low GDP per capita so it could well be in the realm of possibility to bribe your way to getting it.
I'm sure they must have thought about this but I don't understand the solution.
Each Orb has a private signing key that's generated + stored inside a secure element. For more info, search for "secure element" in the following sections of the whitepaper:
https://whitepaper.worldcoin.org/technical-implementation
https://whitepaper.worldcoin.org/advancing-decentralization#...
Worldcoin | Berlin & San Francisco | Onsite & Remote | Full Time | Embedded Systems | IoT Software | Cloud Security | https://worldcoin.org/
Worldcoin is a new, collectively-owned global currency that will be distributed fairly to as many people as possible. Worldcoin is built on top of the Ethereum blockchain, and is focused on decentralizing trust, preserving privacy, and scaling globally.
People can claim their free share of Worldcoin by signing up with an Orb, our custom hardware device that confirms that each new person is unique to the network. A privacy-preserving signup process is possible through a novel combination of biometrics, machine learning, and zero-knowledge cryptography. In addition to being widely inclusive, the Worldcoin network will support the first scalable "Proof-of-Personhood," a critical primitive for the emerging Web3 ecosystem.
To learn more about our approach, see:
The Orb: https://worldcoin.org/how-the-launch-works#hardware
Crypto & Privacy: https://worldcoin.org/how-the-launch-works#crypto
Proof-of-Personhood: https://worldcoin.org/how-the-launch-works#solving-the-uniqu...
We're actively looking for engineers with extensive experience in:
- Rust development
- Firmware development on microcontrollers
- Linux security
- IoT device fleet management
- Cloud security
- Machine learning
See all of our open roles here: https://worldcoin.org/careers
If you're interested in learning more about the software team behind the Orb, please email dan+hn@worldcoin.org.
Worldcoin | Berlin & San Francisco | Onsite & Remote | Full Time | Embedded Systems | IoT Software | Cloud Security | https://worldcoin.org
Worldcoin is a new, collectively-owned global currency that will be distributed fairly to as many people as possible. Worldcoin is built on top of the Ethereum blockchain, and is focused on decentralizing trust, preserving privacy, and scaling globally.
People can claim their free share of Worldcoin by signing up with an Orb, our custom hardware device that confirms that each new person is unique to the network. This privacy-preserving signup process is possible through a novel combination of biometrics, machine learning, and zero-knowledge cryptography.
In addition to being widely inclusive, the Worldcoin network will support the first scalable Proof-of-Personhood, a critical primitive for the emerging Web3 ecosystem.
To learn more about our approach, see "How the Launch Works": https://worldcoin.org/how-the-launch-works
We're actively looking for engineers with extensive experience in:
- Rust development
- Firmware development on microcontrollers
- Linux security
- IoT device fleet management
- Cloud security
- Machine Learning
See all of our open roles here: https://worldcoin.org/careers
If you're interested in learning about the software team behind the Orb, email dan+hn@worldcoin.org.
Huh? They’re collecting and saving them, at least up to the point of confirming all new user accounts which happens sometime after they scan irises. I might have missed it but I don’t see anywhere in their docs where it says they discard the hashes even after they’ve minted a unique user account for the new user. They need to store the hashes at least until they’ve registered all possible users - how else will they confirm that a new user hasn’t previously registered.
All iris hashes are publicly saved, but not linked to wallets. Details here: https://worldcoin.org/how-it-works#crypto (Account Privacy section)
If this is supposed to be a real currency, isn’t it awful for privacy?
If your wallet is unique to your person (eyeball) and the public key is ever leaked, everyone can see your account balance and transactions.
Would that be the case or am I missing something?
The wallet and iris hash are never linked. The privacy properties of a Worldcoin wallet are identical to an Ethereum wallet (i.e. pseudonymous until you doxx yourself).
I'm sure I missed something here.
I thought biometrics = a password you cannot change = a bad idea.
How is this different?
Worldcoin does not use your biometric information as a password or private key. It's used to distribute unique identifiers, one per person. The Orb can't be used to recover private keys.