You'd require a secure biological hash like the stuff worldcoin is doing (iris biometrics). Otherwise I don't see how this doesn't end in a detection-circumvention arms race.
I'm curious about how that stuff works. What prevents someone from faking one of those scanner devices and generating fake hashes of nonexistent eyes? Or producing fake eyes for scanning?
The airport pay-to-skip-lines company (can't remember their name) uses a similar iris scanner setup to check people in, but presumably there they have tight controls over their devices and have human employees always standing by to try to limit abuse. It'd be pretty suspicious if you walked in with a fake eyeball or such there.
But anyone can buy a Worldcoin orb, right? Is it going to be like the console DRM wars, where once someone manages to root or extract a private key from such from a device, they can use it to make fake identities?
Yeah, the initial enrollment is pretty problematic without trusted attestation. Reading the wikipedia entry on this, it seems at least the older devices can be fooled into accepting non-live-tissue scans (dunno the SOTA on this) which would enable fake enrollments but also impersonation. Impersonation could be mitigated with MFA at least. Dealing with compromised scanners would probably require a PKI and revocation mechanism, but don't take my word on this.
Seems kinda like a tough problem when you really mean to follow through, especially when making the least amount of concessions. It'd probably be easiest to integrate with existing government systems like eID, but that's region-specific and who knows how trustworthy that is long-term. I guess, there's also these sorta weird identification services that banks use (hold ID card and face into the video feed and variants), but same problem.
As for conceiving such a system in the first place, good luck ;)
The airport pay-to-skip-lines company (can't remember their name) uses a similar iris scanner setup to check people in, but presumably there they have tight controls over their devices and have human employees always standing by to try to limit abuse. It'd be pretty suspicious if you walked in with a fake eyeball or such there.
But anyone can buy a Worldcoin orb, right? Is it going to be like the console DRM wars, where once someone manages to root or extract a private key from such from a device, they can use it to make fake identities?