As much as I think Worldcoin is dumb they do get this part right in that they only use the iris scan as a unique identifier to prevent multiple sign ups from the same physical bag of meat^H^H^H^H^H person.
There is still a 1:1 relationship with accounts and people. They have just cut out some extra steps when the original account creator does whatever it is the 3rd party wants them to do manually.
That some people might use their Worldcoin account to do things on behalf of someone else is a different problem from the one OP was referring to.
Huh, I don't understand the intended security benefit of the iris scans at all then.
If the system has value inside of it, inevitably people will figure out how to make synthetic irises that fool the orb, nullifying the sybil attack prevention benefit. Surely someone could get a handful of real iris scans (using the same open source hardware) and generate a huge number of plausible synthetic iris datas.
Is the idea that in the current moment of the tech arms race, if someone steals an iris scan, the capability to synthesize an artificial iris that encodes that scan has not yet been developed?
Have they published a 'solution' to what happens if you are holding worldcoin in an iris-associated account and then:
- your scan data is stolen, ex. fake orb scans you and publishes your iris data on the internet for anyone to use
- someone throws acid in your face, your irises don't scan the same anymore. how does this affect the user's ability to access their wallet?
(is there additional private key management needed to use worldcoin securely? is the iris scanning thing really nothing more than a temporary sybil countermeasure..?)
