So I somehow completely missed that this was ever a thing.
But let me get this straight. Sam is the CEO of OpenAI. Basically the company that is making it harder and harder to know what was made by a human or a machine.
Out of concern over that, makes Worldcoin as some authentication method? So the problem he helped Shepard in, he has another company that he could make money on to fix said problem?
Am I missing something here or is this... super shady sounding?
That's before getting into the whole scanning our eyes for a few bucks thing.
It's also completely silly: it's marketing for me. OFC OpenAI will not reach AGI, and ChatGPT doesnt ressemble humans as soon as in interactive mode: there is little danger beyond freeing poor copy writers from their miserable torpeur.
But make another company defending against an insane danger from the first and people start dreaming.
It’s literally a plot point of countless dystopian books and movies.
Either of OpenAI or WorldCoin would be a terrifying nightmare even without Altman and OpenPhilanthropy and the SEC investigation and what-the-hell-ever scared Ilya so bad he 180’d from a single phone call and Yud whipping the public and Congress into a frenzy talking about Terminator in two years.
I don’t care how badly someone wants to be accepted into YC or whatever: this is the wrong side of history.
“We are below them, we are above them, we are around them, we run through everything they do.” - Satya Nadella, Eyes Wide Shut
Not clear if it's intentional or result of incompetence but this is a pattern with so-called "tech" companies: create a problem and then propose commercialised "solutions". Of course the most logical, economical solution is for the so-called "tech" company to stop doing what they doing that creates the problem.
Privacy aside, there's no way this can be done securely.
According to https://worldcoin.org/be-a-worldcoin-operator they'll gladly ship the iris scanning unit to untrusted 3rd party operators, in a similar vein to a bank shipping out PoS card terminals.
I'd love to have a play with one, it wouldn't surprise me if you could get it to mint fresh accounts out of thin air (e.g. by mitming the bus between the iris scanner and the rest of the unit, and making it report fresh unique scans)
I am broadly anti-Worldcoin but it is reasonably competently executed at a technical level. It would be good to understand what they actually did before declaring it to be impossible.
Hardware enclaves are never 100% impenetrable, it comes down to making the cost of attack greater than what an attacker expects to gain. Traditional card payment terminals use nominally secure hardware and yet struggle with that tradeoff to this day, and I'm not convinced WorldCoin will do any better.
The SoC they're using, the Jetson Xavier NX, is a cousin of the very thoroughly pwned (secure enclaves and all) TX1.
Further, they don't describe how the busses connecting the sensors to the SoC are encrypted and/or authenticated, which leads me to believe that they are not.
Intel gave up on shipping SGX in consumer devices because (imho) shipping secure enclaves directly to "adversaries" (the consumer being an adversary under the SGX threat model) proved too difficult to maintain.
> (the consumer being an adversary under the SGX threat model) proved too difficult to maintain.
This is what's wrong with so much of this "security" tech. It's not for our security but for that of the businesses and their business models behind it.
> I am broadly anti-Worldcoin but it is reasonably competently executed at a technical level. It would be good to understand what they actually did before declaring it to be impossible.
+1 to this. I'm very skeptical of the project (even though I know some of the people working on it), but the problem space is extremely hard and they're giving it an actual shot. If you can think of a potential problem in 5 minutes, I guarantee you that they've thought of it too.
If you had asked me how much money you'd have to pay someone for them to let you scan their eyeball, I have to say I would've said way more than €35 fake euros stuck in an app. If anything it's eye opening (eh) how little understanding there is of the personal risk people are taking on.
> If you had asked me how much money you'd have to pay someone for them to let you scan their eyeball
People paid companies like 23andMe actual money for the privilege of mailing their DNA. Getting paid to let a company your eyeball sounds like an improvement.
Especially given that you can download your genetic data from 23andme. I am not sure if Worldcoin allows you download a copy of your iris data... no mention in their FAQ, at least.
But they provide so little information compared to the DNA you provide. You get stuff like "ancestry" signals which americans love in their quest for racial validation, but they get to connect humans to a point they can find the family of an unknown murderer whose DNA was found on a crime scene.
Which information is more precious overall, which is a call to action rather than a simple joke between friends "oh im 3% Banana".
The money isn't stuck in the app by the way. I've taken out and changed to US$ about $100 and currently have $164 worth in the app and about $10 a week of coins coming in. Which is nice of them. Worldcoin is just another crypto coin like dogecoin or whatever.
Identity theft would be the first thing on most people's minds, particularly if iris scanning ever becomes more prevalent in the future and they get hacked or unintentionally leak your data, or impersonate you themselves.
Fair enough with identity theft but I think that applies to any company you have an identiy with - facebook, booking.com, banks etc. They could claim to be you in theory.
Also my id, I think, is just an optimism crypto address 0x93bf030f706e81197856e76c8a3b326640... with no name attached. You'll have a job stealing my identity with that, any more than it's easy to steal Satoshi's because you know his public bitcoin addresses.
I mean if you go to a credit card company and say I'd like to get a card in the name of some guy I don't know the name and address of but here's one of his public keys, I don't think you'll get far. Certainly not compared to getting my real name and address which is fairly exposed on the internet via phone directories and the like.
I don't think if say the photo of my iris's leaked online it would be much of a problem in the same way that the rest of my face is online and it's not much of a problem because no one accepts some photo off the web as proof of id.
One thing I think may be flawed is if I say hi I'm Tim, send me some money to the above address, then you can see all my other transactions to that address on the blockchain which breaks anonymity/privacy a bit. I'm not sure if they are going to fix that by say issuing disposable addresses but I haven't seen that so far.
What if iris scanning becomes the new "log in with your device", and what if the way worldcoin stores your iris scan is actually not encrypted?
I don't know why you're comparing a high definition full iris scan to random photo of you, they aren't the same things. The point is security is made of things you know and things you have, and eyes are hard to pass around, so someone being able to "have" your eyes to fool a scanner is useful for many classes of attacks, we don't need to know the full attack chains yet to know it's inherently a risk because it turns a thing you have into a thing you and Worldcoin and whoever worldcoin sells or gets hacked by - all have.
> ... what if the way worldcoin stores your iris scan is actually not encrypted?
Even if it's encrypted, if worldcoin gets breached in a particularly bad way (say root to their production servers) then the unencryption mechanism and keys could be leaked along with the encrypted data.
The point being that just because something is encrypted doesn't make it foolproof against everything.
> "There's a sucker born every minute" is a phrase closely associated with P. T. Barnum, an American showman of the mid-19th century, although there is no evidence that he actually said it. Early examples of its use are found among gamblers and confidence tricksters.
I was chatting with a few Chinese crypto people the other day, and the general consensus in that community seems to be that Worldcoin basically operates as an ATM for Sam Altman.
He undoubtedly owns a considerable amount, and it doesn't matter if it's a long term successful so long in the near term it has a multiplying impact on his OpenAI work. If you look at the 1 year change in WLD you see that he's likely made a pretty sum from it already, especially since whatever amount of WLD he own was acquired at effectively zero cost[0].
The people I was chatting with shared a similar view to dogecoin and Musk. All either needs to do is drive up a little hype and in to time they have access to tremendous amounts of liquidity.
Why aren't we taking it more seriously that our supposed world-leading founders and business people are simply running pump and dumb schemes with Worldcoin, Doge, and ETF/SPACs?
It's sort of like the twist at the end of Soylent Green. The real twist isn't that "Soylent Green is people!" the twist is that you can see this with your own eyes, shout it in the street, but ultimately no one really cares.
Do people not care, or do people not believe? My take on that movie wasn't that nobody cared, but that nobody believed the crazy-sounding man yelling weird-sounding things in public.
I think a lot of people do actually care, but you'll never be able to determine that from the internet because on every social platform the discourse on every controversial issue is 1000 bot comments for every real comment.
The vibe on today's internet when it comes to weird tech bros is 'we made this space, applaud us on it or leave it.'
It is hilarious to me how many of the twitter accounts who swore up and down crypto was the future are now shilling for AI instead. It's obvious they don't know or care very much about anything, they're just determined to keep riding hype waves and try to cash out.
Because while a few people find this an interesting surprise, more people have it fully priced in to their worldview, either (among some other possibilities) because they are active participants or because they are critics of capitalism from schools of thought where the incentive to an ubiquity of this kind of behavior is central to the critique.
Its really mostly a surprising revelation to outer-circle initiates of the cult of capitalism, who have been indoctrinated in the public propaganda used for recruitment but are ignorant of the inner mysteries.
I think we can not just say “it’s because they’re stupid”.
It fair to say I am very aware, I’ve worked in the largest tech companies in the world and I worked on the largest bank merger in the world. I see how the sausage is made… mostly.
However the value systems that are created anew continue to shock me. Because when the wool gets pulled, and it always fucking does, the damage is shifted to those who “don’t care”
There are loads of stores in Spain offering to "create art" of your iris by taking a high-res scan and blowing it up to make a canvas print. They sprang up overnight a while back and as far as I know aren't fooling anyone.
They're also in the US, but I don't think they're making WorldCoin accounts off of it (or using it to fake biometrics for other things). https://irisphoto.art/originalite shows that iris photo art predates the coin by a long while. Some people just find the idea novel enough to pay for.
I'm surprised that an HN reader hasn't heard of WorldCoin given how much Altman has been on HN recently. Prior to today you were a lucky person not to have heard of it. We need a corollary to https://xkcd.com/1053/ that celebrates blissful ignorance.
People got scared when they started scanning thousands of people's eyeballs in Africa. It didn't matter that Sam Altman had a good explanation for doing it. Because cryptocurrency is involved, it must be bad, right?
It's quite simple: If you want something which is a part of me - especially one that's uniquely identifying - you better are a) part of the state of my country and b) have a pretty good reason for it.
Neither of these two is fulfilled here, so yeah - it's bad.
I guess I'm just annoyed that people think Altman is scanning the eyeballs of Africans as part of some dastardly scheme, but he's only doing it so that Worldcoin will have value that's all.
Well, in my case, that's certainly not my objection. I'm going to a Bitcoin conference this year, after all. Hah.
I have no interest in tying my ability to conduct transactions and hold wealth to an ID that is designed to be immutable. But that's just me. I also lack faith in any system founded on biometrics, as it's a technology that's implicitly sold as something that is nearly impossible to exploit, which I simply have no reason to believe.
If there are people out there who are turned away by cryptocurrency being involved, well, I can't say I entirely blame them. The nerdy advocates and developers of cryptocurrencies and the countless "gurus" have failed to adequately onboard the public or counter the bad PR from the media. When setting up a custodial cryptocurrency account takes more steps than signing up for a credit card, the fees are relatively high, and stories pile up of clueless people falling for scams involving cryptocurrency, as well as the barrage of FUD from folks who are usually ignorant, it's no wonder everyday people would run in the other direction as soon as "cryptocurrency" is mentioned.
I want to give food or money to 1000 distinct people in some part of the world.
How do I make sure that 1000 distinct people do it and it's not just 100 people getting in the line 10 times each?
What source of identity does everyone have (yes, there are exceptions) and on the more difficult to lose side (industrial accidents are more likely to damage fingers than eyes)?
But Worldcoin doesn't solve the problem of unequal distribution. The real world still exists.
Even if the food/money is perfectly evenly distributed via Worldcoin, a gang boss can have his muscle go around and threaten violence if people don't give him their share of the food/money. That's the problem, right?
The kind of injustice that spurs people to build Worldcoin can't be solved by Worldcoin.
> What source of identity does everyone have (yes, there are exceptions) and on the more difficult to lose side (industrial accidents are more likely to damage fingers than eyes)?
Government-issued ID card?
> How do I make sure that 1000 distinct people do it and it's not just 100 people getting in the line 10 times each?
Find people to do the distribution whom you trust to be able to recognize people who are cutting multiple times? I mean, you already have to trust them to do things like actually disburse the food to the people, and not skim off 30% to sell for their own profit or whatnot. And if you look into where aid distribution goes awry, it's largely not "100 people getting in the line 10 times each" but the distributors absconding with the aid instead of giving it to the intended recipients.
I'm going to note that I don't agree with Worldcoin (nor crypto currency in general) - just that this is an issue that WorldCoin was trying to resolve with biometrics.
Government issued ID cards are forgeable and states not too difficult to get officially (the classic example of a spy with four different identities). For that matter, multiple different forms of identification can complicate the matter. Consider https://www.tsa.gov/travel/security-screening/identification - I have a passport, I have a drivers license. There are individuals who have both of those identifications and a Tribal Nation identity card and a Veteran Health Identification Card too. Four different forms of ID for the same person - can those each be used once?
I believe that Worldcoin is/was an attempt to solve some great societal issues with crypto currency tooling ... and is going to end up with many other ideas of how to solve social problems with technology in a "nope, that doesn't work" pile. Scanning eyeballs is an attempt to have one person to one identity - which may work, but it doesn't solve the related practical problems of distributing aid.
> I have a passport, I have a drivers license. There are individuals who have both of those identifications and a Tribal Nation identity card and a Veteran Health Identification Card too. Four different forms of ID for the same person - can those each be used once?
The point of government ID is that you have a complete government registry of allowed people, and ID cards are used to prove your association to that registry. For example, when I go to vote, there is a master list of everyone who is eligible to vote, and my name gets checked off the list. If I tried to vote again, well, my name is already checked off the list and I don't get to vote again because of that.
Or put differently, proof of identity isn't the same of proof authorization. ID cards prove identity; some other mechanism needs to prove authority to access the resource, and if necessary, it's that mechanism that prevents repeat access.
There's no need for ID for that use, either, no matter what the UK government claims.
A list of voters, and when someone comes in you cross their name off the list. If it turns out they were lying, you'll find out when the actual voter turns up.
It's easy to think of reasons that wouldn't work particularly well in some parts of the world. That doesn't mean I'm actually onboard with scanning biometrics, especially those of people who haven't read enough dystopian science fiction to be skeptical of that plan.
As has been pointed out countless times on this website in the past:
There's no biometric sensors that are guaranteed to be free from tampering. There's no way to prove that the bits and bytes that say "I scanned person X's iris" actually corresponds to a legitimate iris scan. There's no way to stop someone from going town to town with their own iris scanners and claiming they need to scan eyes for the census or vaccines or any number of other things that people might think are real, only to use those scans to accept the money you mentioned in your comment. There's no way to prevent someone from perturbing those scans slightly to allow them to be re-used for new transactions in the future.
Extremely advanced credit card skimmers exist, and those subvert the security of little tiny computers embedded in the credit cards. If you think a picture of an iris is any better, I've got an NFT of a bridge to sell you.
This gets even more interesting when one considers that the iris actually does change with age.
How much drift from the original does this allow?
And if it can be updates, can that be abused or can people be coerced into handing over their accounts?
But why is a crypto currency required? Biometrics like Apple’s Face ID reasonably identify the owners of a phone. Why not distribute managed iPhones with access to an account to wire money to or an app that displays a code that aid workers can use to identify that the right person got the goods? That phone or app could be set to only generate one code per aid delivery event and without a code you don’t get aid. Someone having multiple phones would be easy to identify as the aid worker would recognize they are back in line.
I mean if your goal is to end fraud there seems to be several options that don’t require a blockchain or some custom eye scanning device.
How does worldcoin solve the issue of a local abusing a position of power to direct everyone to transfer their funds to their account or with holding some other resource to force people to give them their aid?
Part of the idea is to expand it beyond those, so anyone can verify that a user is representing a distinct, real human. It's supposed to be privacy preserving, so you could use it in user registration to block bots without needing to request any real identifying information. Of course, you've hit on part of the issue here, it's not going to really prevent a lot of the fraud it's intended to.
And I really am skeptical about how privacy preserving it can be. If there is anyway at all to associate the wallet id back to the iris hash, the wallet id is as good as knowing the iris hash.
If the zero knowledge can protect that and the wallet id just can identify that you’ve done an eye scan at some point, the wallet id is still as good as knowing the iris hash. Sure crypto evangelists will use sub wallets and multiple accounts and all that jazz to best preserve their privacy (all things that if possible make sybil attacks possible) but most people will just have the one wallet. Eventually everyone who pays attention will be able to identify them using just the wallet.
So I doubt the effectiveness at preventing sybil attacks, I doubt the effectiveness of how privacy preserving this is, and if used beyond Worldcoin transactions, it just becomes an immutable global id. A social security number that requires an iris to generate.
Lol. Are you being absurd, or are you serious? Tracking admittance or distribution of something in a third world country for the purpose of food aid, and you want to scan their iris? You could do stamps on their hands, tickets (you know, like they've used at carnivals, events, sports complexes, 50,000+ person concerts, etc) with a supply and administration cost of near $0
On the one hand "Proof of humanity" is an important problem and is surely only going to get more important as time passes. Bots are already better than humans at solving captchas.[1]
On the other hand I cannot conceive of giving someone my biometric data so they can mint some blockchain thing from it, and although I admit I wasn't interested enough to look into it beyond reading a couple of articles, I really don't see how this specific solution makes the situation better. Eg how do they know someone hasn't pwned me and then hijacked my special proof of humanity token to using it for their bots to "prove humanity"?
> On the one hand "Proof of humanity" is an important problem and is surely only going to get more important as time passes
Governments have been doing this for centuries (see passports, identity documents, birth and death certificates). Witnessing attempts by private entities repeated attempts to "solve" this problem and make a profit has shown me the limitations of free markets. Despite the complexity and sophistication of the implementation, it boils down to a record that's looked up by a trusted entity who attests the validity of the subjects identity, or not.
> I don't like WorldCoin, but I don't like sending internet services my passport and birth certificate to prove to them
That's about the least-private implementation one could think of; I wouldn't want to send scans of my iris to random Internet services either! This would be the equivalent raw-data implementation for Worldcoin.
> The actual problem - which is waiting for a solution - is undeniable
The solution is the government providing an oauth-like service. Internet services would only get a token and only a limited set of PII you were shown and agreed to while authenticating (e.g. your name, email address, and/or whether you're a minor/adult).
No one can attest your identity without keeping a record of it - public service or not. IMO, having private enterprise do this merely increases the attack surface.
> I wouldn't want to send scans of my iris to random Internet services either!
You don’t. You generate some secure keys using iris data. You send the internet service a copy of your public key. They can use that to verify that you are human, but not who you are.
But a keypair is just a pair of numbers that satisfy some one-way function. If there's a way to generate the keypair from iris data from a human, then surely there's a way to generate an indistinguishable keypair using some fake data that plausibly could have come from an iris (ie it shares some of the same number theoretic and distribution properties) but did not. If that's the case, then the only part of the "proof of humanity" left to attack is to spoof the hardware so things think they are calling the iris scanner and getting a real key from a real human and instead they are calling the mock iris scanner and getting a plausible but not real key from a non-human. If the solution is something along the lines of "well we thought of that so a genuine worldcoin iris scanner has to sign the data to prove that it came from a worldcoin device" then I would bet you can get hold of a signing key using social engineering. If this thing was to take off it could be valuable to do so and many of the people operating the devices would be in countries with very low GDP per capita so it could well be in the realm of possibility to bribe your way to getting it.
I'm sure they must have thought about this but I don't understand the solution.
Each Orb has a private signing key that's generated + stored inside a secure element. For more info, search for "secure element" in the following sections of the whitepaper:
Do those people not have physical identity documents issued by their non-democratic governments? What is particularly dangerous about having the same governments handle online identity for situations of thr citizens choosing? It would obviously be inadvisable to use government auth when logging into protest-against-repression.com
This isn't about proving that you are human, it is about being able to map your iris to the identity on government-issued documents.
In essence: good luck trying to exit/enter a country/location with access to the iris database that already mapped your identity after KYC for your bank account.
With how AI is going, attestation will become necessary for many social interactions we take for granted today by assuming there is a well-intended human in the other end.
If you're hiring, or looking for a new job, the odds of you being tricked/phished are getting worse by the day. I've read stories of employees get interviewed for fake jobs as a long-con to get banking details, and employers interviewing a persona that's fronting an offshore dev team, or people who don't have work skills and aim to pick up paychecks until their dismissal is processed.
Captchas are there to defeat spam. You don't need to identify someone as human for that; you just need to make it expensive to post, e.g. through proof-of-work.
First of all, it's very hard to make a printout that looks like the real thing to a camera. Images stored on a computer capture a lossy representation of what the camera actually "saw".
Secondly, I believe that the protocol is based around the idea that the operator is trusted, i.e., they won't allow such uses of the orb. If an operator isn't trustworthy, I guess there needs to be a way to revoke the validity of all their scans.
Preventing such attacks is one of the main reasons why custom hardware is required. For more info, search for "spoof" in this section of the whitepaper:
In fact, this is commonly done. There's an entire trade around having people scan their iris and you (the buyer of their biometric) keep the resultant token. I think what I read was around the more rural areas in Africa. I'm not referring to the "official" practice by World Coin themselves where people are recruited to scan (in Africa metro areas) and the participant actually get the tokens. There's also this underground trade in iris scans.
They don't, but it's harder to kidnap someone and use their eye, as opposed to steal some other piece of identification. If you would turn it around and imagine a world without paper passports and government issued id's - what would you use as unique identifier for a person?
> If you would turn it around and imagine a world without paper passports and government issued id's - what would you use as unique identifier for a person?
I'm not sure... but I'm also convinced that 'private corporation issued id' isn't fundamentally superior to 'government issued id' and has some challenges in terms of accountability.
> it's harder to kidnap someone and use their eye, as opposed to steal some other piece of identification
Is it? I use my eyes a helluva lot more than I use my government issued SSN. In fact, I've only taken my physical SSN card out of storage once, but I stare at random (potentially camera equipped) stuff all day. Of course you can still steal it from me by pretending to ask for ID, but that's true of my eye-print as well.
There was a whole load of these zombies lining up here in the local shopping centre to give Altman their irises.
They're free to do so of course but they're lowering the barrier for privacy significantly by presenting the world with the reality of a significant proportion of the population with their irises scanned. Thus it will be harder for us to keep our privacy just like privacy on internet is gone as a fait accompli. People are already using this as a debate argument against privacy: "Your privacy is already gone anyway so why do you care about this new issue?". That's how bad things have become.
The same way as that, having a significant portion of society do this, will mean I'll be unable to prove I'm not a bot without getting my own eyes scanned in the future.
I've done the zombie thing and it's less of a privacy issue than you might think. They don't need your name or contact details, though you can optionally give some.
Your name is most likely a lot less unique than your iris is. They don't need it. Once more services start using iris scanning it can all be correlated. The issue is not now but for the future.
And I speculated on the possibility of Iris generation a while ago, the research is fairly solid - you just need to fool the device into thinking it’s scanning a human eye instead of a display.
The scanner uses some neural nets and an IR camera to see if everything around the iris checks out.
So you can’t (easily at least) scan some disembodied eyes, or your dog’s eyes.
The problem with big brained plays such as Altman's OpenAI and WC double bet is that they're plays created by people with such an ego and lack of compassion that they forget that ... humans will still be humans.
When all is said and done, none of this changes that. Humans will push back against non-human things ... with regulations and eventually violence.
This is why nations spend so much time hiding the non-human factors acting against them.
Will AI prevent me from feeling human feelings? No. To Altman and many others this seems like world changing stuff, but is it?
It’ll also be interesting to see how these privacy regulations interact with “Proof of Humanity” (POH) schemes in the long run. For example, if POH becomes a fundamental security precaution to do financial transactions [1] would you be opting out of most of the modern economy?
Edit: If my memory is correct, Worldcoin claims to have a “key” that was generated using your retina, but the key is not associated with your identity. You can then present the key to a third party who can verify with Worldcoin that you are human, but not a specific person.
[1] Imagine a bot that could impersonate you and drain your bank account, for example.
I'm convinced Worldcoin is just a massive biometric data gathering operation with a "we have a coin to save the world" being the cover story.
Altman (for some reason) needs a ton of biometric data, so go around the world and especially to poorer places, offer folks funny money in exchange for their biometrics and run off.
Set aside the moral and ethical questions and it's quite frankly a very good way to get your hands on this type of data.
HN has become quite kneejerk-cynic, but let me explain what Worldcoin is supposed to solve in Sam Altman's eyes.
#1: AGI is coming soon.
#1.a: Because of #1, there will be a flood of unverifiable bot activity on the internet, easily outnumbering real human interaction by 100x+. The only way to identify other humans is some sort of biometric verification process.
#1.b: Because of #1, the vast majority of people will become an economic net-negative. They can't outproduce an easily replicable AGI more than they consume. Thus we need a Universal Basic Income (without the messy fraud) and a way to evenly distribute it, so that people can still enjoy a decent quality of life.
Sama has written about these concerns on his blog about a decade ago. Or just believe it's "because money $"
Let’s be honest, Sam wanted an ATM of other peoples’ money and built one. If your name isn’t Sam Altman and you’re participating in Worldcoin, you’re an idiot.
I hate hearing these things described passively. AGI isn't "coming soon". It's not a storm or a season or a comet. People — specifically Sam Altman! — are building it. So when those same people say "hey, here's a solution to a problem that AGI will cause that also happens to make me a lot of money", we're right to be skeptical.
Rightly or wrongly, they believed AGI was inevitable but it would currently be reckless because it was going to end up in the hands of profit-maximizers Google or Facebook, so that they needed to get there first under a non-profit. Hindsight shows this was a dumb reckless move as they sped up timelines and the arms race by 3-10 years, and are showing no signs of restraint that was supposed to be their raison d'etre.
What I don't understand from Altman's point of view is that if AGI will bring such a disaster that we need to subject ourselves to yet another Bad Thing along the lines of WC, then why in the world is he trying so hard to make sure his dystopian worldview actually happens?
If it's inevitable, better to be first than late. Personally, I don't think there will be AGI anytime soon or at all, and if there will be - OpenAI is not the one that will achieve it.. and if they do, they will not be the one controlling it.
> then why in the world is he trying so hard to make sure his dystopian worldview actually happens?
If he's also working under the assumption that AGI is inevitable, it would make sense to want to be first at it so it aligns with his values more, while also preparing for a post-AGI world.
I don't follow that logic. If he thinks that the development of an AGI is inevitable, why would it make sense to be the first one to do it, when he also clearly thinks that its existence if a grave danger? What does it matter who does it first? The results are the same regardless.
If I thought that AGI was anywhere close to imminent (which I don't), then this perspective seems to me like it has a great risk of being a self-fulfilling prophecy. Why risk being the one to bring the bad thing into existence? Wouldn't it make more sense to let someone else be the bad guy and instead focus on defense?
Because they believe the results are not the same regardless. AGI's impact on humanity will hinge upon if we are able to correctly impart human-loving values onto what is essentially an unhuman system, so called "alignment." If we align AGI, it will make us obsolete but atleast give us a good life. If we don't, and it has goals it wants and the superpower to subvert our attempts to thwart its goals, we will end up as ants are to Google. Not hated, but a tiny nuisance to be disregarded when a new data center needs to be built. The only defense is slowing down AI capabilities until alignment has been rigorously verified.
> Wouldn't it make more sense to let someone else be the bad guy and instead focus on defense?
Maybe an analogy is more like an unsafe building collapsing randomly versus a controlled demolition after getting everyone out? The thing is going to happen, but if you're the one to make it happen, you can prevent it from being as much of a disaster. Not all possible AGIs are equal, he sees it as making it so when there is an AGI, it's aligned to his values.
It's being defensive against bad-AGI by developing good-AGI first. It's not clear if it will work, but it's better than just hoping setting up a good framework for UBI will keep your from being turned into paperclips.
> #1.a: Because of #1, there will be a flood of unverifiable bot activity on the internet, easily outnumbering real human interaction by 100x+. The only way to identify other humans is some sort of biometric verification process.
The intrinsic problem is that over the internet, you're basically getting an "id=<hash of biometric data>" field, and how do you know that biometric data actually came from a scanner rather than a hacker who stole the master biometric database? This is the intrinsic problem with any e-verification: there is no way to distinguish between a human initiated something on their computer and a program on the computer imitated a human initiated something on their computer, and if you have a problem that requires you to distinguish the two, well, you're out of luck.
> #1.a: Because of #1, there will be a flood of unverifiable bot activity on the internet, easily outnumbering real human interaction by 100x+. The only way to identify other humans is some sort of biometric verification process.
This AGI is supposed to be super intelligent right?
I wonder if it can figure out 'Nice browsing history you have there Pete, would be a shame if your wife saw it. Now scan your eye for me please'.
I don't think this will help anything against a real AGI.
I believe it's access to the scanners used for registration. The whitepaper doesn't seem to talk about how they prevent illegitimate use of "The Orb" outside of revoking IDs which sounds like it's ripe for abuse.
It’s mine, in that there is historically some amount of fraud in government distributions (hello PPP and EDD), and if UBI is required to survive, then 5% fraud means 5% go without anything. I imagine Sama came to similar conclusions but idk of any explicit mentions.
Of course, 20 years from now if this is actually true well then we HAD to sell the biometric data at some point because a project of this size needs the funding.
We really had no choice in the matter at Worldcoin. We didn't want to sell the biometric data but we couldn't see any other way to get to UBI.
Step 1: Record biometrics from millions of poor people.
Step 2: ???
Step 3: Profit.
It's a bit like the outlandish COVID vaccine conspiracy theories:
Step 1: Vaccinate people and deploy 5G wireless networks.
Step 2: ???
Step 3: Total power over people; world domination.
Well for one thing a database of biometric records gives you an immutable way to impersonate those people on any other platform that relies on the same biometrics.
But that's kind of beside the point. I wouldn't be at all confident that you or I thinking about this problem for a few minutes are going to uncover every possible abuse vector that a motivated nefarious actor will in the future.
Collecting this kind of private data for no clear benefit looks sketchy as hell.
Total speculation but it could be used as training data for GPT5 or whatever they are doing at OpenAI. I could totally see a scenario where they would want to train an AI on biometrics data and then sell that to the govt.
Worldcoin is one of the dumbest "this is technically possible so why not" ideas to be floated in the last few years, standing out even in the field of stupid cryptocurrency adjacent endeavors.
I still haven't really figured out why they want to scan eyeballs. Biometrics might be part of a secure solution to account access but I would hate to lose access to my account because I got in a accident and lost an eye.
I do not believe the conspiracy theories about gathering biometric data, if only because what would be the point? But the stated reasons are so silly that it is easy to believe in an ulterior motive.
I think the point is "Proof of Personhood/Humanity/Individual".
There is a huge problem in the cryptocurrency space where you don't know if 10 accounts belong to 10 individuals, or one individual. So a bunch of projects are trying to figure out a solution to this, to prevent sybil attacks.
Gitcoin Passport is one of those solutions, where you can connect various accounts to a "Passport", which you can then hand over to services who can see you have a certain score, but not exactly what that Passport is connected to, so you still preserve your privacy.
I think Worldcoin is another attempt at this, with the idea that the iris scans they do are unique in the world. So basically like a normal cryptocurrency wallet, except these ones also have a ID/hash or something that indicates their "iris value" or something.
Then Worldcoin can guarantee/prove that one individual only has one wallet.
At least that's my understand of it, happy to be corrected.
(Guess I should add that I personally don't use or support Worldcoin at all, but I have read about it a couple of times at this point)
> Then Worldcoin can guarantee/prove that one individual only has one wallet.
Which only works if you have somehow created a completely secure method proving the provenance of iris scan data. Given the intent is to lock a bunch of money behind this, I highly doubt that this is remotely possible.
If worldcoin has real value, someone will find a way to obtain and replay iris scans to make money.
Biometrics is simply not a good security mechanism.
That is my superficial understanding as well but if we are both correct, what is the point?
One of the only (dubious) advantages of crypto is that nothing ties a wallet to a person, or a wallet to another wallet unless they interact. How is WorldCoin better than just having a bank account that you have to go into a bank in person to set up?
> How is WorldCoin better than just having a bank account that you have to go into a bank in person to set up?
I think the idea is both about being able to use it for ID (specifically, ID that you are a unique human being), while also making it accessible in places where there's large "unbanked" populations. If it was BankAccountCoin, there would be over a billion people left out. I'm not a fan of it, and I don't think it will ever work as well at this as it will at making Sam a bit more cash, but the concept isn't entirely flawed.
> That is my superficial understanding as well but if we are both correct, what is the point?
The point is that application developers can limit access to their $whatever by real humans, and force uniqueness.
> One of the only (dubious) advantages of crypto is that nothing ties a wallet to a person, or a wallet to another wallet unless they interact. How is WorldCoin better than just having a bank account that you have to go into a bank in person to set up?
This seems to be generally about cryptocurrencies at large, doesn't seem specific to Worldcoin as far as I understand.
I think the assumption is that "Someone wants to use a cryptocurrency and someone built a platform, now the builder wants to make sure the user is unique", and without that, then there isn't really anything to discuss.
If you wanted to create a user authentication system that could reliably differentiate between humans and AI, how would you do it?
Not trying to defend worldcoin. It's just that this problem of differentiating people and AI online matters a lot to me and I haven't thought of a reliable way yet, even theoretically.
> If you wanted to create a user authentication system that could reliably differentiate between humans and AI, how would you do it?
I don't think that there is a way to do this without an unacceptable level of sacrifice in terms of privacy/security. I hope my opinion is very wrong, but so far I haven't seen any sign that it is.
You can come close with requiring a phone number. If you need to know someone is a human with one account, you have to make them provide an ID. Usually you don't really need to do that.
Have you never dealt with an automated text message? That's just a computer using a phone number. Robocalls can also come from AI chatbots that don't require a human.
Sure, I realize that. But VoIP numbers are pretty easily filtered out and that imposes a cost which cuts down on most abuses of bots. Still, that's why I said, "You can come close".
There's a race for corporations to own identity management. If the government has to ask a private entity to confirm who people are, we will be effectively living in under that private entity's discretion.
Offended the wrong person? Stood in the way of their plans? Black box back room deals get you a criminal record with arrest warrant. It doesn't even matter then if they are tied to your real identity. The government asks the private identity provider who you are at say an airport border control and private entity says: oh they're this fugitive, arrest on sight. Then what?
They basically just give you a crypto wallet with some coins in. The eye scan is only done at the start to stop people picking up multiple wallets. After you have it access is not done by eye ball, it's done using a private key like any other crypto wallet.
Do we really need to scan irises in order to do this? What we need is centralized media. If I want to post an image from CNN, I should be able to just to repost whatever CNN has already posted. That way we can retain CNNs digital signature on the post and my audience can check the signature and know it’s real.
We don’t need the irises. We just need brand loyalty.
>“Our efforts to engage with the AEPD and provide them with an accurate view of Worldcoin and World ID have gone unanswered for months,” he added. (FT article)
Personally I go with the free market idea that if a company wants to provide a service and users want to take advantage of it, 4 million+ so far including myself, then governments provide limited value by blocking that unless they can show it's actually harming people.
There are three main things. An anonymous ID as proof of being a unique human, a payments system where you can send coins to other accounts, and free coins.
Hard. They have people looking at what you are up to and there is gadetry similar to the iphone face scanner that can tell a face from say a photo of a face.
4 million people I think. More than zero, a lot less than the world population. Also so far most users are there for the free money, not for using it for ID or a payment system, myself included mostly. Actually I also signed up to a large extent out or curiosity. I know HN hates it but it actually seems quite an interesting experiment.
It’s beyond laughable that the company didn’t better address these concerns beyond performative press releases without the need for regulatory intervention before rolling out in any jurisdiction, let alone the EU. Whatever one’s opinion on the privacy implications, it’s a simply embarassing business* move given the number of countries with data protection legislation (and/or active regulators).
* or whatever motive one wishes to ascribe to the mix of for- and non-profit entities involved in muddying the waters OpenAI-style
They are targeting financially challenged kids in malls, with 100 euros worth of coin for associating an iris scan with their personal information. It is opportunistic mass data collection.
Even if lawful it is very much unethical and weaselly, on a par with loan sharks.
They have done this all throughout south america and have now reached Southern Europe.
But let me get this straight. Sam is the CEO of OpenAI. Basically the company that is making it harder and harder to know what was made by a human or a machine.
Out of concern over that, makes Worldcoin as some authentication method? So the problem he helped Shepard in, he has another company that he could make money on to fix said problem?
Am I missing something here or is this... super shady sounding?
That's before getting into the whole scanning our eyes for a few bucks thing.