Iyus Ruswandi, a 35-year-old furniture maker in the village of Gunungguruh, Indonesia, was woken up by his mother on a sunny morning last December. She urged him to leave the local Islamic elementary school where a technology company was holding a social assistance handout.
Some of the people who had been waiting since 6 a.m. were Ruswandi, who joined a long line of residents. Any kind of assistance was welcomed.
At the front of the line, representatives of Worldcoin Indonesia were collecting emails and phone numbers, or aiming a futuristic metal orb at villagers. Village officials were handing out numbered tickets to the waiting residents to keep order.
Ruswandi's mother told him that Worldcoin was giving away money, but he didn't know what charity it was.
Gunungguruh was not the only one who received a visit. In villages across West Java, Indonesia, as well as college campuses, metro stops, markets, and urban centers in two dozen countries, most of them in the developing world, Worldcoin representatives were showing up for a day or two and collecting data. They were known to give everything from free cash to Airpods to promises of future wealth. They made payments to local government officials. They weren't giving much information on their real intentions.
Ruswandi was perplexed as to what was happening with the iris scans.
MIT Technology Review interviewed over 35 people in six countries who either worked for or on behalf of World to answer the question. We observed scans at a registration event in Indonesia, read conversations on social media and in mobile chat groups, and consulted reviews of Worldcoin's wallet in the Google Play and Apple stores. We submitted a detailed list of reporting findings and questions to the company after interviewing Alex Blania.
Wide gaps were found between Worldcoin's public messaging, which was focused on protecting privacy, and what users experienced. The company's representatives used deceptive marketing practices, collected more personal data than they acknowledged, and failed to obtain meaningful informed consent. These practices may violate the European Union's General Data Protection Regulations, as well as local laws.
To support MIT Technology Review's journalism, please consider becoming a subscriber.
In a video interview conducted in early March from Germany, where the company manufactures its orbs, Blania acknowledged that there was somefriction, which he attributed to the fact that the company was still in its startup phase.
I am not sure if you are aware of this, but you looked at the testing operation of a Series A company. Some people are trying to make something work. It's not like a ride-sharing service, with hundreds of people doing this many, many times.
The San Francisco-based company called Tools for Humanity emerged from stealth mode two months before World coin appeared. World coin was its product.
Everyone in the world would get a free share of Worldcoin, the company suggested on its website.
The orb was necessary because of Worldcoin's commitment to fairness, and no more, the website continued. To make sure there was no double-dipping, the chrome orb would use a proprietary algorithm that the company was still developing to confirm that participants were human and unique.
I've been interested in things like universal basic income and what will happen to global wealth redistribution. He explained that Worldcoin was intended to answer the question of whether or not there is a way to use technology to do that at a global scale.
The company was just getting started—its aim is to garner a billion sign-ups by 2023.
Many people around the world don't have access to financial systems yet, according to Blania, who joined Worldcoin straight out of a physics masters program at Caltech. Blania and others have used the word "world coin" to refer to the company as well as the currency.
Worldcoin would solve key technical problems for the third iteration of the internet, where data and content could be distributed and controlled by individuals and groups rather than a handful of tech companies.
Blania told that giving ownership in this new protocol to everyone would be the fastest and biggest one to date.
The risk of so-called Sybil attacks, which occur when one entity in a network creates, would be solved by World coin. This is dangerous in networks where pseudonyms are expected. It has been difficult to come up with a proof of personhood that is resistant to the Sybil.
The promotional images were taken in Sudan, Indonesia, Chile, and Kenya.
Blania said that with these two solutions, Worldcoin could become an open platform that everyone can use. If World coin succeeds, it will become the universal authentication method for a whole new generation of the internet. The company said that investors hope that the project will bring value to the world and that this equity and/or these token will appreciate in value.
This may be the reason that some of Silicon Valley's biggest names are pouring money into it, as evidenced by the $100 million investment round that tripled the startup's valuation from an already heady $1 billion to $3 billion.
By the time we spoke to Blania, Worldcoin had scanned 450,000 eyes, faces, and bodies in 24 countries. The World Bank says that 14 are developing nations. Africa has eight locations. Its aim is to get a billion sign-ups by 2023.
The high-tech orb was armed with advanced cameras and sensors that scanned irises and took high-resolution images of users' body, face, and eyes. In response to our questions, Worldcoin said it never implemented vital sign detection techniques. The language remains as of press time.
The code that is stored on the orb is generated by using the fingerprints. The code is used to check whether or not the irisHash is in the database. The company says it uses a zero-knowledge proof to protect its privacy. A person has already tried to sign up if the algorithm finds a match. If the individual passes the unique check, they can register with an email address, phone number, orQR code to access a World coin wallet. All of this is supposed to happen in a few seconds.
Once the company has finished training its neural network to recognize irises and detect fraud, the orb will be deleted. It is unclear how this data is being handled.
In response to our questions, Worldcoin said the public version of their system would soon eliminate the need for new users to share their data with the company, though it hasn't explained how this will work.
We know how it works. The company contracts with local operators to manage the signups for their countries or regions.
Operators apply for the job and are interviewed and approved by the Worldcoin team, but they are not employees according to an email from a company spokesman. They must obey with local laws and regulations.
Operators receive their commission in the stable coin. Stable coins are pegged to a traditional currency, usually the US dollar. They determine the rates they pay their contractors, as well as the working conditions. Both country-level and subcontracted orb operators are incentivized by commission-based payment structures to register as many people as possible.
On the other side, new users can earn at least 15 worth of Worldcoin for submitting to the biometric scans, and $5 more when they log in to their Worldcoin wallet, though the total amount available has changed to $25 for later recruits. Some users get the sum all at once, while others get it at a rate of $2.50 per week. Blania says that differences are used to test the most effective incentives. Since the currency has not yet launched, the company is not sure how manyWLD token would be equivalent to US$20.
To understand user incentives, some people were given the option to receive $20 worth of Bitcoins instead. Most of our interviewees said the opposite of what Worldcoin said, that the most engaged users elected to hold on to theirWLD.
With the ability to cash out ending last fall, the promise of $20 or $25 worth of World coin is an IOU from the company. Any token users have in their digital wallet is worthless.
There were a lot of reasons why Worldcoin's users joined.
It was a common refrain to say "out of curiosity". The orb operator could have been their brother, cousin, or classmate. Some people wanted to be the first to know about what could become the next digital currency. Others lost their jobs during the Pandemic. Civil war was threatening to reignite around them. At least one wanted to buy lunch. Few could pass it up if it was not a scam.
Ruswandi was in several of the categories. He lost most of his work as a furniture maker during the Pandemic and spent his free time trading stocks and cryptocurrencies.
He said that the money was attractive because of his reduced income.
He had doubts very quickly. The company representatives and the village officials couldn't answer basic questions about Worldcoin. He came to the conclusion that it was a scam after doing more research. He thought the mystery was a mass data collection effort that was hidden from the public.
Before prospective users were even able to receive the new currency, Worldcoin representatives had to help many residents in setting up. If it was about getting people to use a new currency, he wondered, why didn't Worldcoin target lower-income communities?
The announcement of Worldcoin's "We're here!" was met with immediate backlash.
It was put in a thread by Edward Snowden. Don't use fingerprints for anti-fraud. Don't use fingerprints for anything. The human body is not a punching bag.
The company had yet to issue a white paper or open its code for outside evaluation, so many doubted Worldcoin's privacy protocols. There are parallels that match future scans.
There were questions about the security of hardware. The machine itself will have some security protections, but no, says Jeremy Clark, an associate professor at the Concordia Institute for Information Systems Engineering. If the project is successful, it will become more profitable to try and tackle.
Some took issue with the company's focus on fairness, given that 20% of the coins had already been allocated.
The underlying premise of what Worldcoin was trying to build was not accepted by many in the field.
Others are unconvinced that Worldcoin can reach everyone in the world, and instead it serves as a distraction from ongoing work to create new identity paradigms. Kaliya Young, an identity expert, says that it is common for companies to claim that if everyone in the world were in our system, everything would be fine.
Blania told MIT Technology Review that the criticism misses the point.
The director of the Center for Identification Technology Research at Clarkson University says that it's not out of the realm of possibility. template security is one of the newest trends and it uses cryptography to make a transformation of your data.
She says that the reason that it hasn't been sold is that it leads to performance degradation. It's more difficult to match a person's fingerprints in this space because of the room for error, Schucker says, though recent advances in template security have addressed some of those drawbacks.
It was hard to say for sure if template security was a possibility for what Worldcoin was doing. Since we first contacted the company in February, Worldcoin has promised to open source its code, including repeating to MIT Technology Review on multiple occasions.
The company said in a statement that they don't collect data for the purpose of profit or surveilling their users. Rather, our goal is to use the data for the sole purpose of developing our algorithms to minimize fraud and enhance user privacy.
Many of the people that the MIT Technology Review spoke to said that representatives of Worldcoin used questionable tactics to get people to use their product.
Operators in Sudan found it hard to explain the concept of digital currencies to people who don't have email. They ran a contest to encourage registration that resulted in 20,000 sign-ups.
Worldcoin applied to teach a workshop at an Islamic high school in Indonesia. The school's student activity leader, Muhammad Hilham Zein, read the application and recommended it for approval because it was not to encourage students to invest in digital currency.
"Why did Worldcoin target lower-income communities in the first place, instead of crypto enthusiasts or communities?"
At least one of the attendees was 15 years old, which is in violation of World coin's own terms of use, as well as our reporter's first-hand observations. During the 45 minute sessions, Worldcoin staff were too busy to help the students register, download the app, and sign up for emails, and they were also too busy to provide information on Worldcoin, or how participants could give or take away consent. The students received their allotted Worldcoin, which would vest weekly.
In roughly 20 villages in West Java that hosted recruitment events, many new users, like Iyus Ruswandi, were attracted by the freebies.
The principal of an elementary school was told the night before that his school was to be used as a shelter during the Pandemic. I couldn't refuse the request because the instructions came from a higher-level official.
According to Mulyana, he was paid a fee of 2,000 IDR for each scanned person. 170 people made the cut for a total of 340,000 IDR, which is roughly $23.80, just under 10% of the average monthly pay of a government worker.
Heni Mulyani, the sub- district leader who approved the events, said the money was given for coffee and cigarettes to facilitate desired actions. She said that the money was not coming from the village fund or budget.
The money came from a company co-founded by a man named Muhammad Ichsan, who is the best-performing operator in the world. Ichsan's mother was the head of recruitment for Worldcoin Indonesia and she was responsible for reaching out to local government officials.
Ichsan told MIT Technology Review that they don't pay the village, but they have an operational fund for people who helped them.
Even if Mulyani did not misuse village funds, these gratuities are illegal under Indonesia's anti-corruption and anti-bribery laws, with potential criminal penalties for both the giver and receiver.
In response to questions about payments to village officials, Worldcoin representatives said they were unaware of the incident and had launched an investigation to learn more. It appears that some or all of the payments may have been for legitimate operating expenses, such as fees to set up operations in a school or other facility, or to pay for permits.
The other examples we put to them were the Air Pod in Sudan and the deception of school officials in Indonesia, as well as independent and isolated efforts by local Orb Operators.
Mulyana, the school principal, said that many villagers thought the event was run by the government and that they were not told about it.
The time when villagers were told Worldcoin representatives would come back to the village to give out funds has come and gone, and now they are not sure if they will get any money at all. The ability to trade Worldcoin from the wallet has not been made available.
The mixed messages and misinformation were not intentional. The orb operators we spoke to often mentioned how little information they received from the Worldcoin representatives who recruited them, even as they were made acutely aware that their payment was tied to the number of people they could sign up. Worldcoin said that it provides its country-level orb operators with a code of conduct, which sub-operators must also abide by, and that it is moving away from commissions based on number of sign-ups.
Bryan Mtembei was an operator. Mtembei, a civil engineer who recently graduated from college in the fourth-largest city in Africa, was scanned on campus last September.
He would have liked to have gotten a brief training about World coin, but instead he was told to bring in more people to get more money.
Roughly 40% of the people he approached had concerns about sharing their data, according to Mtembei. He was assured by a representative that all his questions were addressed in the white paper. According to the company, people would be unlikely to read a long, highly technical academic-style paper and its shorter posts could be thought of as white papers. Mtembei says that he signed up between 150 and 200 people at 50 US cents per scans, because he needed money.
He was not alone. Mtembei got involved because of the money, as did a college student in Nairobi named Willis Okach, who got involved because of his own scans.
All users who sign up for field testing are provided full disclosure about what is being collected and how that data is used, and are required to provide their consent before they are allowed to sign up. Any individual who consents to our collection and use of their data may withdraw their consent at any time, and this data will be deleted.
None of the people we interviewed were told that they were test users, or that they had photographs and videos of their faces.
The security guard for the Santiago Metro in Chile recalled checking a box agreeing to the terms of service, but recalled the instructions being in English, a language that he does not read. The link to the data consent forms was not available until late 2021, according to World coin, at which point field testing had been going on for at least a year.
New users were sometimes asked to provide additional personal data, which World coin never requests. Almost all of the people we spoke to were asked to provide email addresses to log into their wallet. Some people were asked for phone numbers.
We do make certain features available to users who choose to provide their phone number or email address, like the ability to send and receive Worldcoin, though Golovina has denied in multiple email statements that emails or phone numbers were required for sign-up. Users can use the token without the ability to send or receive it.
Several students said that orb operators took a photo of their national ID cards to confirm that Okach was not a robot.
They did not recognize their own experiences when we shared these comments with them. There was no way to sign up without both email and phone, and personal details were never optional.
One of the four orb operators hired in Sudan said that it was his team's efforts that convinced Worldcoin to add phone numbers as a sign-in method. He said that many college students don't have email and use their phones to register in social media.
Researchers that study the tech sector's relationship with the global south were not surprised by Worldcoin's behavior.
Payal Arora is a digital anthropologist and author of The Next Billion Users: Digital Life Beyond the West. She says that the most ambitious entrepreneurs in Europe and the United States can't get all the training data they need from their own populations, so they have to look to the developing world.
According to its launch post, Worldcoin is unavailable in either the United States or China due to regulatory constraints, and it has also shut down field tests in other countries for similar reasons. The company does not consider its US activities to be a form of field testing.
It’s just cheaper and easier to run this kind of data collection operation in places where people have little money and few legal protections.
Pete Howson, a senior lecturer at Northumbria University who is researching cryptocurrencies in international development, categorizes Worldcoin's actions as a sort of "Crypto-colonialism", where they are being imposed on vulnerable communities.
Howson explained that the decentralization of the core of the coin makes it more harmful than other forms of data colonialism.
It's impractical for many people in developing regions to do their own research because of the inequalities in information and internet access. The promise of just under half a US dollar could be a compelling incentive for someone to give up their data in a country with a bigger economic disparity.
It is cheaper and easier to run a data collection operation in places where people have little money and few legal protections.
Worldcoin has always tried to conduct field tests in a sample of countries around the globe.
This has its own challenges. Any person within the European Union, including citizens, residents, and potentially visitors whose data is being collected, is a data subject.
In order to be fully informed about why their data is collected, how it will be used, who will be processing it, where it will be transferred, how they can erase it, and how they can stop its processing, data subjects must be fully informed. Failure to sufficiently safeguard data can lead to fines of up to 5% of global revenue or 20 million euros, depending on the severity of the infraction. World coin is not exempt from the law because it is a company registered in Delaware and based in San Francisco.
The data consent form that Worldcoin has claimed in is the same one MIT Technology Review submitted.
A former Member of the European Parliament reviewed the document and says that the policy tries to create carve-outs. She says that there are no exceptions under theGDPR and that Worldcoin has a German subsidiary.
As an EU citizen, you have the right to challenge any potential violation. Those challenges would be reviewed by European data protection authorities and eventually argued in European courts.
Worldcoin has registered with the Bavarian Data Protection Authority and is compliant with the General Data Protection Regulation. It said that it employs a data protection officer and that it has conducted a data privacy impact assessment, but that it has not made either of them available for public scrutiny. The statements in their consent policy were previously included in an abundance of caution, and they no longer appear in the latest version of our Data Consent Form.
Aida Ponce del Castillo is a researcher at the European Union Trade Institute who studies regulations for emerging technology and serves as her organization's data protection officer.
The MIT Technology Review requested that the Bavarian Data Protection Authority confirm the company's registration.
Beyond the ethical questions, lie more practical ones, like how well World coin works.
For some test users and orb operators on the ground, the answer has been not well at all.
Sometimes it was due to issues with the orb. It would take as many as six attempts for the orb to recognize someone's face in Sudan, according to the local orb operator.
Repairs were needed in Germany due to the malfunction of orbs. When a similar orb malfunction was found in a recent investigation, Worldcoin used language that it has repeated with us.
The transition from a web-based wallet to an app-based wallet has caused a number of users to lose all of their coins. The app has proved to be buggy, draining battery life or leading them into a spiral of loading and reloading.
Rodriguez has been trying to resolve his wallet issues since he was scanned. After signing up for the app, he was asked to input his email, phone number, and use a QR code, which caused performance issues for his phone, so he deleted it. When he tried to re-download the app, he found that his password was no longer valid.
He was told by the orb operator that he would have to find the orb and re-analyze his data. If World coin works, re- scanning his iris would result in the orb linking his iris with his old one. There is no way to recover an account once it is lost.
The orb has been unable to detect instances of identity spoofing. A businessman in Indonesia was able to register and access the wallet of over 200 users after they had been scanned and verified as humans, and transfer out their contents. When the wallet was still accessible via a web log-in rather than a mobile app, we have not detected this type of fraud.
Okach, the university student that spent money on the project, says that it is not enough to give an eyeball.
The World Bank classified three of the five countries cited as case studies for successful field testing as low or lower-middle income. We began digging because the power and economic differentials seemed ethically fraught.
We wanted to know what it was like to serve as an early user. What were the participants told about the ramifications of giving up their data, and what did they know about cryptocurrencies? What would informed consent look like in this context? Sharing the same question voiced by many of our interviewees, what were the iris scans really for?
The neighbors of Ruswandi were among the 170 villagers scanned.
It was something that Blania said during our interview in early March that helped us understand World coin.
We will let privacy experts take our systems apart, over and over, before we deploy them on a large scale, he said, responding to a question about the privacy-related backlash last fall.
Blania shared that his company had onboarded 450,000 individuals to World coin and that it had scanned 450,000 sets of eyes, faces, and bodies to train its neural network. The company wanted to stop doing this collection. It didn't give these early users the same privacy protections. We wondered if we were the ones lacking in vision and ability to see the bigger picture. 450,000 is small compared to the company's stated goal of one billion users.
Each one of those 450,000 is a person with his or her own hopes, lives, and rights that have nothing to do with the ambitions of a Silicon Valley startup.
Speaking to Blania, we were able to understand how a company could speak so passionately about its privacy-protecting protocols while clearly violating the privacy of so many. The interview helped us see that the test users were not intended to be the end users. Their eyes, bodies, and very patterns of life were used for World coin's neural networks. The lower-level orb operators were paid pennies to feed the program. The massive effort to teach World coin's artificial intelligence to recognize human beings was dehumanizing to those involved.
The company's response when we put seven pages of reporting findings and questions to them was that nearly everything negative that we uncovered were isolated incidents. Almost half a million people had already been tested.
What really matters is that Worldcoin will have an attractive user number to bolster its sales pitch as Web3's preferred identity solution. Everything will be ready when the real, monetizable products are the orbs, the Web3 passport, the currency itself, or all of the above.
Additional reporting by Lujain Alsedeg and Antoaneta Rouss