From “The Free Thought Project”
You might want to know about the eye-ball scanning World ID project.
When I first heard about Tools for Humanity and the World project, I was skeptical because it promotes biometric digital IDs. However, as I note in my video, they use all the right terms to reassure potential users. They repeatedly assert that they care about anonymity, security, privacy, and decentralization.
I don’t have a background in technology, which made it difficult to navigate the highly technical nature of Tools for Humanity (TFH)/World’s developments and operations. I am fortunate to have a close loved one with an extensive background in computer engineering, and I probably would not have attempted this deep dive without him generously lending his specialized expertise. Some additional information on his qualifications for helping me understand the TFH/World project: He studied computer engineering and electrical engineering at MIT (the MIT) and has spent much of his career in the field of firmware and embedded systems engineering. Both of these areas are exceptionally relevant to the development and production of the orb and its related systems.
Over the past year or so, we conducted several deep-dive sessions where we combed through numerous documents, including regulatory publications, the World White Paper, press releases, and other TFH/World pages detailing their technological specifications. It was impossible to note all of our findings in a three-minute video presentation, so I’d like to share more of them here. World ID and its related operations are complex, and I want to provide as much information and context as possible. Even this lengthy article is not fully comprehensive, but I have selected some of the most glaring findings to share.
To summarize: Assuming the company is truly doing everything it says it is in terms of privacy, anonymity, and security, they are achieving new heights of innovation in service of them. However, there are multiple examples of the project contradicting its own stated values since its inception.
Even if they are living up to all their promises, it doesn’t change the fact that they are working to normalize the use of biometrics and digital IDs and are open to lending their technology to governments. This is concerning even if they are currently implementing the security, privacy, decentralization, and anonymity protocols they tout.
Inconsistencies and contradictions
Despite their commitment to privacy, between TFH and World operations, the project is collecting users’ IP addresses and metadata, using cookies, and tracking details of users’ digital wallet transactions on the World Chain. On one hand, tracking users is standard practice for tech companies. On the other hand, TFH and World aren’t just any tech enterprises: They say privacy is a cornerstone of their operations, and these data collection practices directly undermine the spirit of their claims. I wondered if some of this data collection was due to applicable laws, but only one applies: the collection of digital transaction and wallet data, at least according to their own privacy policy. They do cite legal justifications for collecting all this data, but only that single legal obligation.
When it comes to decentralization, their idea of what that means is questionable. For example, in 2023, World announced a significant achievement for decentralization when they created the World Foundation to be the “World ID protocol’s steward” and help implement decentralization of the project. The foundation is also responsible for distributing a majority of WRLD tokens (the project’s accompanying cryptocurrency). They said TFH would transfer “select assets” to the foundation when it was created.
The World Foundation is comprised of a board of four people and is incorporated in the Cayman Islands. It’s unclear to me who selected these people, but regardless, the foundation remains intertwined with TFH and World. While the foundation may very well be working to decentralize operations, its creation and structure contradict the claim of decentralization.
On the note of advancing decentralization, the World White Paper openly acknowledges that the project is not fully decentralized; rather, the paper lays out a series of stages of decentralization over time. Their White Paper notes that Stage 4 of various decentralization efforts, the final stage of decentralization, “will require technical changes to the World Network protocol, operations and governance.” This brings me back to a question I posed in my video: Why didn’t they design their protocol in a decentralized fashion from the start?
Similarly, the project says third-party manufacturers can build their own orbs using open-source hardware and software components that the project has published. According to World, this constitutes an important step toward decentralization. As the White Paper says, “letting anyone develop alternative Orbs democratizes the solution space and accelerates decentralization.”
However, a World “privacy notice” offers a link to privacy policies from “companies building orbs” that leads nowhere at the time of writing this article. It simply directs back to the privacy notice that contains it. The main landing page for the orb currently says it is “built by Tools for Humanity,” and their World Risks page notes that they “rely on Tools for Humanity for manufacturing and distribution under a limited license.” This could be chalked up to clutter, messiness, and/or out-of-date information across their webpages. Perhaps they prepared the link to third-party manufacturer privacy policies with the expectation that there would be new manufacturers, but there simply aren’t any that meet TFH/World standards yet. Maybe they are using third-party manufacturers but are failing to disclose who they are. Any of these scenarios makes it difficult to trust them to process biometric data.
To be fair, as mentioned, they say openly that decentralization is an ongoing process. The apparent lack of third-party manufacturers may be a reflection of this process.
They refer to an “orb registry” in the White Paper, but I have not yet been able to find it (as noted, the link in the privacy notice that allegedly lists privacy policies of companies making orbs goes nowhere; as also noted above, it’s possible they included the orb registry in their White Paper in anticipation of future manufacturers).
This conundrum is a perfect example of the convoluted experience I’ve had trying to understand their operations.
Regardless, is having more entities manufacturing the orb enough to counterbalance broader concerns about the normalization of biometric digital IDs? Even if it were, TFH/World’s intentions are further called into question by their stated longer-term process of decentralization. Why not start out decentralized? Similarly, why not start out with security superior to plaintext iris codes in an Amazon-hosted database (Amazon Web Services) when they could have started with SMPC (secure multiparty computation) or AMPC (anonymized multiparty computation) from the get-go? For context, “plaintext iris codes” amount to a digital fingerprint of an iris.
This brings us to still more contradictions: As featured in my video, World announced they had replaced their plaintext iris code storage on Amazon Web Services (AWS) with SMPC, which they described as “distribut[ing] the shares [of iris codes] over multiple trusted parties (participants).” They touted the security and privacy SMPC enables and that this new method allowed them to delete stored iris codes.
However, the timing of this update is somewhat questionable. The SMPC update occurred several months after Bavarian regulators began an investigation into the project. It’s difficult, if not impossible, to know whether TFH and World were already initiating the switch to SMPC prior to the launch of the investigation (if they were, I haven’t found such an announcement).
A separate press release suggests their decision hinged on regulatory compliance rather than an unshakable commitment to protecting privacy and anonymity. In a release announcing they had extended a pause in their operations in Spain (to allow Bavarian regulators time to finish their investigation), they noted: “As acknowledged by the AEPD [Spanish Data Protection Agency], a series of privacy and security measures have been implemented in recent months aimed at addressing its concerns, including…the deletion of old iris codes by transforming them into SMPC shares and more.” [emphasis added].
According to their own release, they deleted plaintext iris codes to comply with regulators. Would they still be storing these codes if not for the threat of bans in countries where they seek to operate?
It gets worse.
Bavarian regulators found that the new SMPC system, which TFH/World said allowed them to delete their database of iris codes, was still relying on AWS. The third-party entities processing shares of iris codes in the SMPC process were all still using AWS, undermining the SMPC requirement that the different parties processing iris data be fully independent. While AWS is a reliable, secure, and widely used service, it is not impossible to merge the shares of iris codes from different parties. Though unlikely, this could occur whether a hacker did so or a governmental authority compelled TFH or World to do so. Bavarian regulators ordered the deletion of iris code shares collected through the SMPC process.
These concerns might have been remedied by their upgrade to AMPC (anonymous multiparty computation), but again, why didn’t they do it securely the first time around? Their new AMPC system still uses AWS, and though AMPC is more anonymized than SMPC, a hypothetical hack (or an order from a government) could still result in shares of iris codes being merged, which would reveal a unique identity.
In another example, the company’s promises of privacy and user control of their own data are undermined by the fact that until 2024, users could not delete their own iris codes (the Bavarian regulatory document features a screenshot of this deficiency on page 28). When this deletion option was introduced, it reportedly required a six-month waiting period before data would actually be deleted.
A World press release touting this development no longer exists, and I have been unable to find an archived version of it. It’s possible, if not likely, that they simply removed the post because around the same time, they introduced their SMPC protocol. As noted, SMPC no longer required storing plaintext iris codes because it broke the codes into shares (concerns about reliance on the centralized AWS aside). Even so, the Bavarian regulators wrote that “the Worldcoin Foundation infringed Article 17(1) of the GDPR by not providing data subjects with the means to request or obtain erasure of their iris code and SMPC-Shares.”
However, when Bavarian regulators ordered them to provide a comprehensive process for users to delete their data, they appealed.
This appeal represents an inherent contradiction in their claims about privacy: They argued that because the data is anonymized, it does not fall under the EU’s standard for “personal data.” Anonymization is good, but as a TIME report from May of 2025 pointed out:
“If you ask Tools for Humanity to delete your iris codes, they will delete the one stored on your phone, but not the derivatives. Those, they argue, are no longer your personal data at all. But if I were to return to an Orb after deleting my data, it would still recognize those codes as uniquely mine. Once you look into the Orb, a piece of your identity remains in the system forever.”
“If users could truly delete that data, the premise of one ID per human would collapse, Tools for Humanity’s chief privacy officer Damien Kieran tells me when I call seeking an explanation. People could delete and sign up for new World IDs after being suspended from a platform. Or claim their Worldcoin tokens, sell them, delete their data, and cash in again.”
TechCrunch also summarized this conundrum:
“The proof-of-humanness blockchain project’s jam is that it’s building a system of immutable and unique IDs for verifying identity remotely. So if a person can edit all trace of themselves out of its ledger simply by asking, it’s a challenge to its ambition of becoming a world-spanning authority on human verification.”
Further, World notes on its “Risks” page that “Security or data privacy breaches, including unauthorized access or misuse of user data collected by us or third-party providers, could disrupt or terminate Project functionality, adversely affecting user retention and operations.” Even if they securely store biometric data (iris codes) that have been anonymized, they openly admit to tracking other data: IP addresses, metadata, and digital transactions. At the same time, they admit that security and data privacy breaches could occur.
Government partnerships
Beyond concerns about the protocol living up to its lofty promises is the potential for government partnerships. Should they lend their digital ID services to governments, what’s to keep them from sharing biometric data with “authorities”? The reasonable reply might be that they don’t even store biometric information thanks to their anonymization process (issues with their methods aside). However, multiple pages on their web page note (as cited in my video) that their “content speaks only as of the date indicated. Further, it is subject to risks, uncertainties and assumptions, and so may be incorrect and may change without notice.”
Who is to say they wouldn’t modify their data processing and privacy configurations if government agencies asked them to in exchange for profitable contracts? What is to prevent them from changing the orb’s scanning process to store biometric data if government deals hinge on such capabilities? To clarify, I am not claiming they would do that, but the possibility is certainly there in terms of their disclaimers and the nature of their technology. Additionally, they store plenty of other personal data, as discussed above. Even if they never store biometric data, they gather many other kinds that could potentially be shared with governments.
Without getting too conspiratorial, it is hard not to consider potential scenarios that would lead TFH/World to partner with more governments. Should there be a catastrophic event that highlights gaps in security and safety—for example, an AI bot-driven cyberattack—it seems within the realm of possibility that TFH and World could offer their services to help provide that security and safety, partnering with governments to help implement biometric digital IDs. To be clear, I am not suggesting this is going to happen, but it is also not an implausible hypothetical.
World ID may be voluntary now, but would it remain voluntary if governments began using it in the name of security? If it did remain voluntary, even if governments adopt the technology, would “privileges” of being a citizen—such as essential services or financial support—be contingent on submission to biometric digital IDs?
Governments around the world are working toward—and in some cases mandating—national IDs, biometric databases, and digital IDs. It seems possible that if this continues to occur around the world, infrastructure like the orb and World ID will be capable of helping governments usher in this new paradigm.
In addition to their openness to working with governments, the project aims to become a key player in global financial infrastructure, which is deeply implicated in the current paradigms of power. Their desire to gain influence in this realm is evident not only in their partnerships with Visa and Stripe but also in their own statements about the role they wish to play in world financial networks. They’ve stated that “Worldcoin seeks to be the largest global financial and identity network, serving as fundamental infrastructure in a world increasingly shaped and impacted by Artificial Intelligence (AI).” Their Risks page similarly notes the project “aims to be the underlying infrastructure and tooling that is used for building the world’s largest decentralized identity and financial network.” Even their landing page refers to “powerful financial infrastructure.”
In one example of their efforts, in December of 2025, they announced the expansion of the World App’s virtual accounts feature. This provides “unique, personal virtual account numbers that connect [World app users’] everyday financial life to the global, always-on digital economy” and integration with USDC, the US dollar stablecoin. They said that “users can receive paychecks directly in World App” and “add funds from their bank.”
“Once the funds are in your World Wallet, you can send or spend the USDC globally,” they added, noting deposits are automatically converted to USDC. While some cryptocurrencies are built to protect privacy, USDC is not one of them, and World additionally tracks digital transactions on its app.
In their defense?
In researching TFH and the World project, I have tried to give them the benefit of the doubt as much as possible rather than be overly conspiratorial and assume malicious intent.
Despite the many contradictions listed here, my goal is not to indict the character and integrity of every person who works there or to suggest that their intentions are sinister. SMPC and AMPC protocols are genuinely cutting-edge efforts to maximize privacy. It’s possible TFH/World are sincerely trying to do what they say and simply facing complex challenges as they rapidly scale to a global level. Things may fall through the cracks, errors may occur, and information may be communicated in confusing, disorganized ways. Further, while my anarchist sensibilities lead me to bristle at concerns about their desire to use technology to save democracy, they may believe they are doing righteous work to protect it.
If they are truly executing what they say they are (like AMPC—despite their continued use of AWS), this is a laudable achievement. However, given their AWS-based SMPC protocol, which undermined true privacy and decentralization, skepticism of their current AMPC technology, which also uses AWS) is not unwarranted. Either way, as noted repeatedly, the project still advances the new paradigm of biometric and digital identification. As with most encroachments, it promises to solve a serious problem. In this case, it’s the problem of verifying humanness in the age of AI and AI bots.
But considering that they themselves acknowledge content they’ve published regarding privacy and security may change at any time, it is hard to trust their commitment to preserving anonymity, decentralization, privacy, security, or anything else.
It’s even harder to trust in light of the fact that the project is largely Sam Altman’s brainchild. He may not be CEO, but he and another entrepreneur helped select the CEO, Alex Blania, and invited him to join the project. It’s not as if Blania came up with the idea, which then inspired Altman to get involved. It’s largely Altman’s project, and he brought Blania on to run it.
Altman has a reputation for lacking integrity (on multiple counts), Peter Thiel had a formative influence on him, he’s willing to contract with government agencies, including the military, and he’s working with Donald Trump on Project Stargate. Considering this reputation and the many concerns addressed in this article, I would not trust the World ID project with any of my data—biometric or otherwise.
It is worth repeating what I noted in the video and have said in this article: if privacy, decentralization, and security are so foundational to the project, why weren’t they built into the project from the ground up? I have considered that perhaps there was a technological reason they had to build it centralized and with inferior security to start, but my engineering advisor could identify no such reason other than “it’s easier.”
That their technological upgrades occurred following investigations into their practices is not particularly flattering. To reiterate, they are at the cutting edge of technological innovation, so it’s expected that they will get some things wrong and make improvements as they go; however, storing plaintext iris codes in AWS, for example, should have never been on the table.
All of these concerns are why I chose to make this video. I’ll be the first to acknowledge that perhaps it’s not a concern at all—that they are doing everything they say they are, are truly committed to all the values they say they are, and would never alter their system to allow it to retain biometric information that could potentially be shared with governments that enlist their services. While I may not like the paradigm they are helping create, at least they would be doing it with integrity and effectiveness.
However, it is often said that outcomes matter more than intentions. And if World/TFH succeeds, the outcome may further facilitate the looming technocratic police state, and that is worth knowing about—and resisting.