Day 3
Hacking the Orb
Uniquely identifying real users is a problem as old as the Internet. With the recent surge in AI language and vision models, CATCHAs might be close to losing the bot-mitigating fight. But how can you know your users are human without fully surveilling them? Perhaps we could use… Iris scanners and zero knowledge proofs? Which is precisely the approach that Worldcoin takes. However, building such a system is fraught with security and privacy challenges. In this talk, I’ll focus on the Orb’s operating system security properties and privacy defenses.

The purpose of the Orb is to uniquely identify humans while preserving privacy. It does so by scanning user irises, deciding if they’ve signed up before, and adding them to a global set of zero-knowledge identity commitments. Then, the user owns a private key which they can use to produce zero-knowledge proofs that prove they are human, without revealing which human.

Attackers have an economic incentive to hack inside individual orbs, since getting inside of one means they can generate fake signups, and then later get cryptocurrency. They might also want to steal user biometric information. Thus the Orb’s software and hardware need to be designed to defend against software hacks and physical tampering.

To that end, the OS is architected with a few security mitigations – including secure boot, signed operating system images, verity-mounted filesystem partitions, and write/execution-restricted filesystems.

Everything can always be hacked, and security is the art of thoughtful risk mitigation. The Orb’s OS has been architected in a way so as to minimize the risk of hackers-stealing or government-seizing user biometric data. But of course, things aren’t perfect, so if you have any thoughts on how to hack the Orb, please do send your questions / criticisms.


CDC Habitat