Privacy is at the core of World ID, after all it's the privacy-first identity. More on Worldcoin's commitment to privacy in the website.

The Privacy Technical Deep Dive blog post goes into deep technical details around the privacy of the Orb and even the Protocol. It is the most in-depth explanation of the privacy of the World ID ecosystem so far.

In a nutshell

  • World ID offers the highest standards of privacy. The core protocol relies on Zero-Knowledge Proofs to ensure that no one (including core Worldcoin contributors) can:
    • Link a user to a specific person (unless they explicitly do so with a third-party app).
    • Link users across applications, or even across anonymous actions.
    • Know a person's iris code (even if they have verified at an Orb).
  • World ID can be used without providing personal information. No emails, no phone numbers, no social profiles, no names, everything is optional.
  • The Protocol is self-custodial by default and users are in full control.
    • The user's World ID is stored in their device, encrypted, following best practices.

Private verifications

When a user goes through the orb verification process, all the required computations are performed within the orb. The orb runs multiple neural networks to rule out fraud, recognize the iris and position it properly in the frame. The pictures are then converted to an iris code. Any images taken during the verification process are immediately deleted from memory and never transferred (unless the user opted to allow storage for research or convenience purposes, see below).

The orb receives an identity commitment from the user (created in the World app) and uses that commitment to submit a new verified identity to the source-of-truth of verified identities (which is public on-chain). When the user utilizes their identity, a Zero-knowledge proof is used, so not even the identity commitment (analogous to a wallet public key or address) is publicly shared. This prevents global identifiers that could be misused for cross-application tracking.

The iris processing system is currently being developed and improved, in particular the way we extract the iris features. While we work on this, users have the option to store or not store their iris images. If they choose to store their images, whenever the algorithm changes, their World ID will be automatically updated. This is fully optional, most users don't opt-in, and no data collected will ever be sold.

Unlinked verifications

All World ID verification requests use Zero-knowledge proofs. This process allows the user to prove they have a specific credential and/or a verified World ID. The proof reveals no information as to which identity signed the request.

The above also means that even if you sign multiple verification requests for multiple projects (or even the same one, but different actions), there's no way for anyone other than the identity holder to know that a certain identity has signed X number of requests, let alone know which ones.