[zorrolovsky]

The threat is so broad that giving examples is trivial. One that immediately comes to mind: Imagine science discovers that 99% of people with a certain feature in their iris is likely to develop colon cancer. The discovery leads to insurance companies purchasing iris data from OpenAI behind the scenes. A lot of poor people suddenly would get insurance mysteriously declined, or their policies would include a hidden clause in fine print stating that colon cancer is not covered.

[throwawayadvsec]

sometimes I forget that most people on HN live in uncivilized countries like the USA

In normal countries that would mean we could save thousands of lives by warning people without even having to test them. Since denying insurance because of some random data from a data broker is completely illegal in any civilized country.

[vore]

You should stop tilting at windmills about a completely hypothetical example just to get your dunk in on the US like this.

[otikik]

Agreed, there's plenty of real examples one can use, no need to invent new ones.

[tfehring]

It’s completely illegal in the US too. Health insurers are extremely limited in the information they can use to price coverage, and in general they can’t outright deny coverage at all.

[calderknight]

Awesome, I love it when my questions are trivial to answer.

But I'm not sure how a company such as OpenAI would connect iris data to colon cancer cases. How would they even access iris data? let alone connect iris data to personal identity? I don't see a way of doing that within the Worldcoin framework.

> Your biometric data is first processed locally on the Orb and then permanently deleted. The only data that remains is your IrisCode. This IrisCode is a set of numbers generated by the Orb and is not linked to your wallet or any of your personal information. As a result, it really tells us — and everyone else — nothing about you. All it does is stop you from being able to sign up again.

[JohnFen]

> As a result, it really tells us — and everyone else — nothing about you. All it does is stop you from being able to sign up again.

Which means it tells them something about you.

What about this scheme prevents identification through somebody scanning your iris to get your hash on the pretext of a legitimate purpose, then connecting your hash to your actual identity and passing it on?

This seems like a large risk, considering how many companies exist entirely to compile data from disparate databases into a single record. The existence of those sorts of businesses is why there is no such thing as an anonymous unique identifier.

[calderknight]

How would they go from iris data to World ID (hash)?

Also, World ID is anonymous because the service one uses it with does not recieve the ID, not because they recieve the ID without one's real name. In other worlds, you can sign up to a service using at once both World ID and your real name and they will still have no way of connecting your World ID to your real name.

[calderknight]

>Which means it tells them something about you.

Nah, don't think so, that's the point of zero knowledge proofs