The threat is so broad that giving examples is trivial. One that immediately comes to mind:
Imagine science discovers that 99% of people with a certain feature in their iris is likely to develop colon cancer.
The discovery leads to insurance companies purchasing iris data from OpenAI behind the scenes.
A lot of poor people suddenly would get insurance mysteriously declined, or their policies would include a hidden clause in fine print stating that colon cancer is not covered.
sometimes I forget that most people on HN live in uncivilized countries like the USA
In normal countries that would mean we could save thousands of lives by warning people without even having to test them. Since denying insurance because of some random data from a data broker is completely illegal in any civilized country.
It’s completely illegal in the US too. Health insurers are extremely limited in the information they can use to price coverage, and in general they can’t outright deny coverage at all.
Awesome, I love it when my questions are trivial to answer.
But I'm not sure how a company such as OpenAI would connect iris data to colon cancer cases. How would they even access iris data? let alone connect iris data to personal identity? I don't see a way of doing that within the Worldcoin framework.
> Your biometric data is first processed locally on the Orb and then permanently deleted. The only data that remains is your IrisCode. This IrisCode is a set of numbers generated by the Orb and is not linked to your wallet or any of your personal information. As a result, it really tells us — and everyone else — nothing about you. All it does is stop you from being able to sign up again.
> As a result, it really tells us — and everyone else — nothing about you. All it does is stop you from being able to sign up again.
Which means it tells them something about you.
What about this scheme prevents identification through somebody scanning your iris to get your hash on the pretext of a legitimate purpose, then connecting your hash to your actual identity and passing it on?
This seems like a large risk, considering how many companies exist entirely to compile data from disparate databases into a single record. The existence of those sorts of businesses is why there is no such thing as an anonymous unique identifier.
How would they go from iris data to World ID (hash)?
Also, World ID is anonymous because the service one uses it with does not recieve the ID, not because they recieve the ID without one's real name. In other worlds, you can sign up to a service using at once both World ID and your real name and they will still have no way of connecting your World ID to your real name.
Exactly right. Biometrics are more like usernames than passwords. They are on display for all, and immutable. I should be able to change my password. Ideally username too, but not an expectation most sites hold to.
I'd rather not have my username indelibly linked to my identity. for example, I should be able to delegate to my accountant, or let my kids do stuff on my steam account, etc. Not to mention using an indelible ID that is cross-site, meaning i have to use the same username on all suchlike sites and services. The temptation of having that singular id is so great, it is inevitable it will be known to all — including those corrupt governments who will use it for enhancing their power.
I honestly don't see an upside. Combine this with web attestation and I shudder a bit.