World Network project to distinguish humans from machines arrives in Italy

Adrian Ludwig

The Orb takes multiple images of the face and in particular the iris, processes them to extract a numeric fingerprint and compares it with existing ones to verify that that person does not already have a World ID. Technically, World ID is a cryptographic credential on blockchain. It is designed to function as a kind of digital pass: it doesn't prove that your name is Mario Rossi, but it does prove that the account linked to your phone is controlled by a real person and that there are no other World IDs linked to the same person. World argues that biometric images are not stored long-term, but are deleted or made unrecognisable, and that the infrastructure has moved to a 'personal custody' model, where data is under the control of the user and not on centralised servers.

Did we need it? For Altman and Ludwig yes. To protect us from fraud and misinformation generated by artificial intelligence. But also to protect our privacy, even if it sounds counterintuitive coming from a company that wants to scan our irises.

"Today, many sites are asking for more and more personal information to see if you are real, which is a privacy issue and increases the risk of AI using that data to manipulate you or pretend to be you," Ludwig notes. World's stated goal is the opposite: 'We wanted an approach that was as private as possible but capable of distinguishing a human from a non-human for the entire global population.

The landing in Italy has an additional reason, 'we want to protect the innovation and human creativity for which your country is so famous in the world'.

The future envisioned by World and Altman is thus of an Internet very different from the current one. "In the future, thanks to World, some chat rooms or interactive spaces will only allow access to real live people. Elsewhere, AI agents will be able to operate under user surveillance'. "World allows developers to decide what kind of environment to offer. For example, Reddit might want predominantly human content and Instagram might want to distinguish between real and fake photos." "People in turn will be able to decide whether to see only human content or not." "On social networks, we envisage the use of badges (similar to Twitter's blue tick) to denote verified accounts," Ludwig says. "On dating sites, it is important to know that the images presented correspond to the real person. With World ID, we can confirm that the person in a video call is the same person who went to the Orb, without them having to reveal their name."

In short, World ID supports a model based on trust, which the company finds easy to monetise. "Companies spend a lot on detecting bots and fraud. We will sell proof of human to these application providers (social networks, games, media)." "Apps could then decide to offer premium features based on this, as Zoom could do," Ludwig suggests. An entrepreneur will be able to prove that he is human and not a fraudulent agent during a business video call.

Another example: 'a ticket sales company could host an Orb to sell only to verified persons and thus prevent automated scalping without requiring identity documents'.

The actual paid services have not yet started, but there are already guidelines and 'we will be selling the service shortly'. "There is first a technical aspect to be solved: we don't want anyone (not even World) to know which service the user is using. Paying while maintaining anonymity is difficult. We will use blockchain technology to guarantee identity integrity and allow private payments between parties,' Ludwig explains.

Some underlying risks remain, pointed out by many experts. If a single infrastructure manages the proof of humanity for billions of people, does it not automatically become a gatekeeper, a controller of access to a significant part of the internet? In addition, it is a single point of failure that could be attacked by cyber criminals to undermine authentication to global internet services.

"These are legitimate doubts. I fear that this technology creates a concentration of power. Our answer is decentralisation, so that no single party has control. We are testing version 4.0 of the protocol, which introduces multiple key management. Users will be able to use different wallets on different devices, eliminating the control of a single entity. Our goal is open source'.

Already now, to confirm the uniqueness of the ID, data are sent to four different parties who decide together via 'anonymous multi-party calculation' (MPC). No party can decide alone.

Among the parties involved are 'the University of Berkeley, the University of Zurich and the FAU in Germany, and we intend to have others'. The idea is that even if one of these actors were compromised, it could not be exploited alone to reconstruct identities or manipulate the system.

World is trying hard to gain the trust of users and companies. A prerequisite to be able to change the world and thus in turn increase the trust of people within the Internet against the invasion of AI. A short circuit of trust, potentially, on which the success or flop of this utopia depends.