Key Takeaways

• Kenya has declared that Worldcoin has been temporarily paused
• The group will work with authorities to impress upon them the privacy measures in place
• The project will remain suspended until authorities evaluate it

The Worldcoin Foundation contacted CCN to provide an update on the shutdown of their services in Kenya. Updated 3 August.

According to a statement  released on the ministry’s Facebook page on August 2, Kenya’s Ministry of the Interior has suspended operations of Worldcoin, the identity crypto protocol that Sam Altman of OpenAI co-founded, while the nation’s financial, security, and data protection services look into the project’s legitimacy and data protection. Worldcoin has quickly responded to the shutdown and is looking to reassure Kenya and others of their privacy measures.

Worldcoin Response

Worldcoin told CCN that the demand in Kenya for Worldcoin’s evidence of personhood verification services has led to long lineups of tens of thousands of people waiting three days to obtain a World ID.

“Out of an abundance of caution and in an effort to mitigate crowd volume, verification services have been temporarily paused, a spokesperson from Worldcoin Foundation told CCN.

“During the pause, the team will develop an onboarding program that encompasses more robust crowd control measures and work with local officials to increase understanding of the privacy measures and commitments Worldcoin implements, not only in Kenya, but everywhere.”

Privacy Measures in Place

The company explained that Worldcoin does not and will never sell any user personal data and that, in the markets where Worldcoin is offered, the Worldcoin Foundation complies with all laws and regulations pertaining to handling personal data.

Worldoin added that the Orb also automatically deletes any photographs taken during the World ID verification procedure and that the Office of the Data Protection Commissioner has registered Worldcoin (through Tools for Humanity) as a data processor.

According to the company, the project will comply with requests from regulatory bodies for additional information regarding its privacy and data protection practices commissioner (ODPC), including through the name of its contributing company, Tools for Humanity.

“Worldcoin has been engaging directly with ODPC for more than one year with frequent and ongoing exchange of information. Worldcoin notes the CMA’s statement that its products are not investment products, and appreciates the authority’s expression of openness to work with innovative fintech products such as Worldcoin,” the company said.

The company asserted it had established a continuous collaboration with Nairobi City County and is a dynamic participant in the Blockchain Association of Kenya, AmCham Kenya, and SafariDAO.

“Worldcoin provides a wealth of educational materials regarding digital currencies (link) and individual privacy, and maintains a clear and uniform sign-up procedure worldwide,” it said and added that, in a time when it’s getting harder to tell a bot from a human, Worldcoin seeks to produce proof of personhood.

Worldcoin Shows Fixed Security Flaws (August 2,2023)

In response to growing criticism of its data collection methods, Worldcoin recently made available its audit findings . The security consultancy firms Nethermind and Least Authority carried out the new reports.

Worldcoin stated that Nethermind discovered 26 security flaws in the protocol, 24 of which were “identified as fixed” during the verification stage, one of which was mitigated, and one acknowledged.

According to the release, Least Authority identified three problems and offered six recommendations, all of which “have been resolved or have planned resolutions.”

When Worldcoin declared  in 2021 that it would give away free tokens to any user who verifies their humanity by having their iris scanned by a technology known as a “Orb,” the company initially gained notoriety. Sam Altman, a co-founder of the AI startup OpenAI, was involved in the project’s founding.

Legitimacy Questioned by British and French Authorities

Altman and other team members contended at the time  that if consumers couldn’t find a means to authenticate AI bots without compromising their privacy, then they would become a bigger issue online. The specification for the protocol states that The Orb generates a hash of the user’s iris scan but does not save a copy of the scan.

On July 25, Worldcoin officially launched  to the public following nearly two years of development and beta testing.

However, critiques of it surfaced almost instantly. According to reports, the Information Commissioner’s Office (ICO) of the United Kingdom was considering whether to look into whether the initiative had broken any data protection regulations in the nation. The National Commission also questioned  the legitimacy of Worldcoin on Informatics and Liberty, a French data protection regulator.

The project’s introduction caused a rift in the crypto community, with some members believing it to be the beginning of the end of privacy as we know it. On the other hand, some believed that it was an essential step in defending people against harmful artificial intelligence.

The new audit reports address several security-related subjects, such as information integrity and data leakage, case-specific implementation problems, resistance to distributed denial of service attacks, key storage and appropriate management of encryption and signature, and more.

The announcement  mentioned that several problems were discovered due to reliance on Ethereum and Semaphore, such as “elliptic curve precompile support or Poseidon hash function configuration.”

All except one of the problems have been resolved, lessened, or have scheduled remedies. The one security flaw that remained unresolved at the time of verification is marked as “acknowledged” and has a severity of “undetermined.”