Hacker News new | past | comments | ask | show | jobs | submit login
Edward Snowden Slams Sam Altman's Worldcoin: 'Don't Catalogue Eyeballs' (decrypt.co)
547 points by beambot 38 days ago | hide | past | favorite | 298 comments



Worldcoin issues tokens to people for scanning their retinas. Their magical orb device sends a biometric hash to their network.

Here's my take on it: You can possibly replace their biometric device with a random hash generator.

* If it works, it means the currency is not fairly distributed, but anyone sending valid hashes to their network is issued tokens, irrespective of whether the eyeballs described by those hashes exist. This is called a Sybil attack.

* If it doesn't work, it means there is some secret or centralized check that the network performs, which means the currency is not open.

This is why we still use proof-of-work in spite of its energy expense: it is simple to understand, it can not be faked, and it can be openly verified.

So, do not support this biometric-gathering enterprise.


Correct but efficacy of this process is pretty much irrelevant for the founders because the whole "fair distribution" is just a marketing gimmick to promote yet another shitcoin.

Only losers will provide their real retinas. Smart players will obviously game the system and then dump the shitcoin on yet another group of losers.


> Only losers will provide their real retinas.

Have you seen who they are going after?

> In order to test this model and technology, we have onboarded twenty-five Operators that run more than thirty devices in twelve countries across four continents (Africa, South America, Europe and Asia).

> To illustrate the success and potential of these Operators, we will dive deeper into the operations from the following five countries: Chile, Kenya, Indonesia, Sudan and France.

This is sickening.


Wait until you see the retina mining camps they set up in China.


Or... What if you had an AI randomly generate unique irises, you then print them on adhesive paper, and paste the cut-outs on the eyes of one of those robo-faces?

Unlimited money!


They allegedly do liveness checks with an IR sensor to make sure they are scanning a live eye


> They allegedly do liveness checks with an IR sensor to make sure they are scanning a live eye

If you control one of their devices, you could always just modify it fake a live input.

Even if they intend to control the scanners themselves, corruption can probably thwart that. This comment (https://news.ycombinator.com/item?id=29001214) makes it sounds like they may be operating in countries with endemic corruption.


Humans and eyeballs are just machines. Anything they check for liveness can be simulated if there's enough incentive to do it.


Assuming it was 99.99999% foolproof, then you may have some other problems which are even bigger: kidnapping, having children to collect their coins, etc.

The big logic flaw here is the same one as when the Soviet Union collapsed and shares of the state owned enterprises and assets were sold to the general public: poor people sell the assets to the wealthy.

The entire thing is strange, and doesn’t make sense.


I wonder if would also be able to distinguish between human eyes and the eyes of a different animal.


https://youtu.be/7FYb1gwi-30 seems relevant :)


easier to just monitor the network traffic, check the hash, generate your own and post.


Where's the fun in that though?


Anyone who isn’t aware of the value will be taken advantage of. “Here have 50 bucks, just look into my orb”


Too bad bodies decay quickly or we'd have an epidemic of grave robbing to literally mine retinas.


I wouldn't call the coin distribution fair if the creators can allocate arbitrary amounts to themselves, which the Worldcoin creators appear able to do.

Then again, even PoW coins with no premine can be unfair if most of the long-term supply gets distributed in just the first few years, leaving only crumbs for late adopters.


>Then again, even PoW coins with no premine can be unfair [...]

It's "fair" if you're referring to equal opportunity, not equal outcomes.


Equal opportunity not equal outcomes is a huge red herring when talking about equality.

Most public places used to have bathrooms which anyone could walk into but no one could easily roll into on a wheelchair. That was equal opportunity.

Nowadays many places have been mandated to have bathrooms such that anyone who uses the space can access a bathroom without difficulty. That is an enforced equal outcome.

Which is the correct approach?


When it comes to bathrooms I think most people agree with wanting equal outcomes. That does not mean wanting equal outcomes for all other aspects of life.


Sure, but it's a good way to frame the question. We don't want anyone to be unable to use toilets. Surely there's no clear line where this logic stops. It's fuzzy. Is there anything wrong with wanting everyone to be supremely happy and compassionate and wealthy and thriving? Of course not. The only question is whether efforts in that direction are counterproductive in practice.


> Equal opportunity not equal outcomes is a huge red herring when talking about equality.

No, it's an extremely relevant debate because a certain political faction has been trying to redefine "equality" from its original definition of "equal opportunity" to a completely different one of "equal outcomes".

> Which is the correct approach?

This is a false dichotomy. You can want equal opportunity in most places, and equal outcome in a select few (just like you can want freedom of speech for everything but a select few edge cases).

This is the correct way to do it, actually - enforced equal outcome is inextricably linked with tyranny and oppression, and invariably results in massive loss of human life when it has been ((ostensibly) attempted to be) implemented in the real world.

If you have to pick one, tell me, which is better - for tens of thousands of handicapped people to not be able to access some public bathrooms, or for tens of millions to die in another Cultural Revolution?


If you're going for implausible comparisons, I'll go with the tens of millions, since in the first case, you piss off the handicapped version of Hitler, and he goes on a killing spree that ends with hundreds of millions dead, or more likely deadly disease spreads due to a lack of hand washing. That's at quite a lot of millions now, and people have stopped caring


I rate this debate "-3/10, please do not attempt public discussions again"


Late adopters do not have equal opportunity when the coin distribution is heavily biased toward initial years.

Imagine if half of all gold on earth was already mined in the first 4 years (and over 99% in the first 27 years) of gold mining millenia ago.


Correct, but that does not mean its unfair. It just means being late, in the same way that I didn't buy early Apple stock. Nothing prevented me from buying that stock, the opportunity was equal at the time.

Whilst anybody is forgiven for not knowing about the very start of BTC at some obscure mailing list, since then there has been a decade of mainstream media exposure, a huge amount of time to acquire BTC. Failing to make use of this enormous time window is on the individual.

If I have to believe the below articles, miners own less than 10% of supply, so the gold comparison is misplaced:

https://insights.glassnode.com/bitcoin-supply-distribution/


The oppurtunity was never equal. It's directly related to net worth which is one of the most unequal things we have.


Of course that is true, but that's true of anything of value in society, it is unequally distributed. Surely nobody expects a software protocol to equalize any and all capital in the world?

What I mean by equal opportunity is that Bitcoin treats every wallet owner the same and does not favor any elite or closed group in any way. There's not been a "hidden" period where insiders could jump in, whilst others could not.

That's much different from almost any other crypto, where the development team pre-mines supply and rewards them to themselves before opening sales of their tokens.

Likewise, owning lots of Bitcoin does not reward additional Bitcoin. This rich get richer effect is simply not there. Although rich people do tend to get richer in other ways, but that's not Bitcoin's fault.

This too is different from PoS crypto, where owning lots of crypto rewards you even more of the token.


> It just means being late, in the same way that I didn't buy early Apple stock. Nothing prevented me from buying that stock, the opportunity was equal at the time.

Sure, and that's fine for equity but really bad for currency.

> Whilst anybody is forgiven for not knowing about the very start of BTC at some obscure mailing list, since then there has been a decade of mainstream media exposure, a huge amount of time to acquire BTC. Failing to make use of this enormous time window is on the individual.

Again, totally fine for equity, shameful for currency.


> It's "fair" if you're referring to equal opportunity, not equal outcomes.

Fairness and equality are different. Imagine 2 people of different heights who can't see over a wall - equality is giving them both a ladder of exactly the same height even if that means just the tallest person can now see over the wall, while fairness is giving them each potentially different height ladders so they can both see over the wall.

The PoW equivalent (not factoring in premine) would be to give the first person the tallest ladder, and each successive person vanishingly small ladders, which doesn't really come under fair or equal. PoW with premine puts you in front of the wall so you don't need a ladder, plus it gives you a pile of ladders which you can sell to the people behind the wall, and maybe even some bricks so you can arbitrarily make the wall higher if you want.


Regarding your first paragraph, from Oxford Dictionary, "fairness" means "impartial and just treatment or behavior without favoritism or discrimination."

The above poster was right — it's fair if you're referring to equal opportunity, not equal outcomes.

I've seen this whole ladder analogy commonly used in radical socialist, communist, CRT-type Instagram accounts, used to reframe discrimination in a positive light.


> "impartial and just treatment or behavior without favoritism or discrimination."

That doesn't imply simplistically equal treatment. If the definition was "equal treatment" that's what it would say instead of "impartial and just".

Impartial and just and no favoritism or discrimination isn't meant to literally complain "hey, you're discriminating in favor of car crash survivors getting physical therapy, that's not fair, everyone should get the same physical therapy".

The definition probably would be better to use the term "prejudice" instead of "discrimination". There's no reality in which people see fairness in absolute lack of discrimination. It's fair to discriminate based on something like medical diagnosis or any other sort of fair judgment of situations.

The false dichotomy of opportunity vs outcomes is stupid. We can't make true equality of either, and we can care about both. And just saying that you see extremists use an analogy is not a reason to reject an analogy. Extremists also wear pants or sleep at night. Anyway, an absolutist no-discrimination view is about as extreme as we can find.


Which version of the OED includes the phrase "without favouritism or discrimination" in the definition of "fairness"? The one I have access to, oed.com (OED Third Edition, December 2013; most recently modified version published online September 2021) doesn't include the phrase "without favouritism or discrimination" - its full definition of "fairness" (meaning 6) is "Honesty; impartiality, equitableness, justness; fair dealing. In quot. c1450: sound judgement, good sense."

I'm not an expert on "radical socialist, communist, CRT-type Instagram accounts", but I'd have thought they would be more into equality rather than fairness, e.g. everyone gets the same pay irrespective of how much effort they put in or the quality of results.


>Which version of the OED includes the phrase "without favouritism or discrimination" in the definition of "fairness"?

FWIW in the "Oxford Dictionary of English" that's built into iOS, if I look up "fairness" I get

> 1. impartial and just treatment or behaviour without favouritism or discrimination.

> [...]

(the other definitions refer to pale skin or beauty)


> Which version of the OED includes the phrase "without favouritism or discrimination" in the definition of "fairness"?

It sounds like your definition is more of a list of synonyms — I was using the current Oxford dictionary available on iOS and Google.

> I'm not an expert on "radical socialist, communist, CRT-type Instagram accounts", but I'd have thought they would be more into equality rather than fairness, e.g. everyone gets the same pay irrespective of how much effort they put in or the quality of results.

Yes, exactly that, and that's what your comment above was doing, no? You reframed fairness as meaning equality of outcome, and framed equality as meaning equality of opportunity. (Equality of outcome = same end-height, equality of opportunity = same ladder height)


It's not even fair in opportunity since not everyone starts from the same place. For example, It's based on your already existing resources (computing power).


Computing power, or capital to buy the coins. But I don't think this level of "fairness" is productive to discuss. Every human being on the planet having the exact same amount of wealth is an impossibility.


I'll buy "undesirable", for the sake of the argument. But I'm really not clear why you think it is "impossible".

We have had repeated instances throughout history of groups of people practicing common ownership, and they do seem to work reasonably well. (I completely grant they aren't super-popular, but, again, I'm not advocating change, I'm trying to understand why you think this qualifies as "impossible")

What do you think prevents this on a planet-level scale?


There's a few reasons as to why I believe it to be practically impossible to implement.

If everybody has the exact same amount of wealth, it means you've decoupled wealth from anything that is variable, most importantly human individual qualities like risk taking, hard work, talent, brilliance, persistence.

In a world where you can't better yourself economically, most incentives to innovate or produce would cease to exist. To still get a functioning society, a deeply oppressive regime is the only likely answer. After all, why would anybody work?

I suppose you're right that it's not impossible in the short term, just not sustainable in the long term. If nothing matters at all and is pointless, societies' output will degrade over time until the point it is unbearable.

That said, this is current thinking. It's possible to imagine a different equal wealth world that is futuristic. If we get so advanced as to achieve technical abundance, any citizen on the planet would have a high living standard, say upper middle class. Which satisfies almost everybody. And the standard is guaranteed over time, there's no insecurity to it. And those wanting even more things, have everything at their finger tips. Usage based, not owning things.

In such a world, money becomes meaningless. It's no longer a way to reflect scarcity, a way to secure your personal future, or a differentiator of status. Everybody is materially equal at a high and lasting standard. Differentiation might then be found intellectually or in social status. But probably the robots have taken over by then.


> We have had repeated instances throughout history of groups of people practicing common ownership

We also have repeated instances throughout history of groups claiming to try to implement common ownership, and instead killing millions and installing tyrannical governments (see: most communist revolutions), of consistently larger scale (orders of magnitude) than the successes.

Historically, it's far more probable that such a common ownership experiment will result in death and tyranny (and not actual common ownership!) than a success - and, given the relative difference in scale between the successes and failures, there's a strong argument to be made that as the scale goes up, the probability of tyranny goes up.

This is one of the justifications for it being impossible in a practical sense (yeah, it's annoying that there's more than one definition for "impossible"). It's a fact that power attracts corruption, and it's also a fact that planet-level-scale common ownership would require more power to implement than any government has achieved so far. So, while not "impossible" in the hard-science sense, it's improbable (with a correspondingly large chance of a catastrophically bad alternative) to the point that it's not reasonable to attempt.

That said, your comment is a measured and thoughtful answer to a potentially-inflammatory topic, and I hope that my response is equally thoughtful.


I certainly consider it very thoughtful, and appreciate the time it takes to craft a considered message.

I do hear the "scale" concern, and it's interesting to think about it. I.e. for me, it immediately pops the question "why is scale a problem for common ownership, but not for individual ownership". I suspect - without having any proof - that scale is the thing that makes the transition impossible, not that it's an inherent problem for community property itself. Practically, the outcome is indeed the same - if you can't safely transition, the end state is impossible, even if it itself would be a stable state.

This also raises the question of democracy & unequal ownership as a possible stable state - Plato was certainly concerned enough about it, and history has done nothing to discourage that belief since then. There are plenty of rather deadly examples of failed non-communist states.

If nothing else, your comment (and the subthread in general) has lead me to a rather interesting paper: "Social instability and redistribution of income", by Josef Falkinger. https://www.sciencedirect.com/science/article/abs/pii/S01762... (Yeah, as usual, paywalled. Elsevier)

It's a deliberate attempt at modelling outcomes based on income distribution - which I think attempts to get to the heart of the "impossible" issue. It only tackles income, not wealth, but there's a rich set of references :)


> even PoW coins with no premine can be unfair if most of the long-term supply get distributed in just the few years

The number of early adopters with “diamond hands”, as they say, who resisted the temptation to sell at $2, $10, $100, … is vanishingly small. History is littered with early adopters who bailed out. Everyone has had years of opportunity to buy into Bitcoin at a fraction of its current value, and if the gamble pays off then people can currently buy Bitcoin at a fraction of its presumptive future value. There’s no unfairness here.

Everyone has had equal access the entire time, and Bitcoin people have been doing their best to get as many people onboarded as possible so they’re not left with “crumbs” after a monetary transition.

Of course, it’s not totally unreasonable to have believed that Bitcoin wasn’t going to work out, but in that case people have no grounds to complain about unfairness - they simply made a wrong choice (by current appearances).


> Everyone has had years of opportunity to buy into Bitcoin at a fraction of its current value

Making money by buying and selling bitcoin is zero sum. People are only making money because other people are losing out. There is no possible way that everyone buys bitcoins and gets rich from it. Bitcoins depends on the existence of rubes and the continual expansion of the pyramid to make money for "investors".


This is a very common misunderstanding of how monetization works. The actual value of Bitcoin comes from demonetizing other currently monetary assets (dollars, gold, real estate, etc.), plus some additional (partially externalized) value from increased efficiency as a monetary mechanism. People who are long those assets and not adequately hedged with Bitcoin are losing money to people who are long Bitcoin (assuming Bitcoin people are correct and it works out).


Well it dramatically decreases the efficiency of the monetary system (requiring 60 days of electricity and 1 iPad of e-waste to scribble a few bytes into the ledger every 10 minutes), and only one of the other assets you pointed out create value, the others are unproductive.

Real estate is not a monetary asset, it's a productive asset - because people need a place to live and you can either live in a house yourself or you can rent it to others. This demand doesn't go away through the introduction of Bitcoin.

Gold is a commodity, not a monetary asset. While a large amount of its value is attributable to speculation it has myriad industrial uses, and jewelry use. Some of this demand may go away as there's a large overlap between goldbuggery and bitcoin maxis.

Dollars have no intrinsic value, but instead their value is derived from demand which is created for them when they enter circulation. They're created via fractional reserve lending meaning that when a loan is issued, new dollars are created but also a debt is recorded - creating demand for those same dollars. That means dollars are 100% backed by demand for those dollars. This demand doesn't go away through the introduction of Bitcoin.

Bitcoin is nothing. It has no intrinsic value, it has no demand, it's simply a speculative number-go-up machine. It's not money, that's for sure. You could try and use it as money but that would be an utter disaster from a macroeconomic perspective.

So yeah, parent is right, its roughly a pyramid shaped MLM with a negative-sum component - the $60,000,000 per day you have to pay to miners to keep the music playing.

[edit] Also note that gold and real estate are not classically defined as "monetary assets" - those are for instance cash, bank deposits, investments in debt capital markets and lease investments. Monetary assets need to have a prescribed value in exact dollar terms.


This post is riddled with misconceptions, but I’m just going to focus on these because they’re probably the most productive places for you to start:

> Real estate is not a monetary asset, it's a productive asset… Gold is a commodity, not a monetary asset.

This is wrong. Any asset with monetary properties can (and will, in the right environments) be monetized. When the primary medium of exchange is inflationary, people will use whatever non-inflationary value stores they can find with sufficient liquidity. Most of the value of gold, and much of the value of real estate, lie in their capacity as a wealth storage mechanism. They are monetized. Bitcoin does a better job of this and will likely subsume their monetization value.

> It has no intrinsic value

Invocation of “intrinsic value” is a 100% surefire sign of a dysfunctional economic mental model.


> This is wrong. Any asset with monetary properties can (and will, in the right environments) be monetized.

That is not the definition of a monetary asset.

"A monetary item is an asset or liability carrying a value in dollars that will not change in the future. These items have a fixed numerical value in dollars, and a dollar is always worth a dollar. The numbers do not change even though the purchasing power of a dollar can potentially change." [1]

Words have meaning, so I guess I'm not 100% sure what you're talking about.

> Invocation of “intrinsic value” is a 100% surefire sign of a dysfunctional economic mental model.

[citation needed]

[1] https://www.investopedia.com/terms/m/monetary-item.asp


I used the phrase “monetary asset” once to mean “an asset which behaves and is treated like money”, but it would have been less ambiguous for me to use the phrase “monetized asset”.

> citation needed

Give me a minute to find a copy of the Official Rules of Economic Epistemology.

If you’d like to put forward any particular theory that assigns “intrinsic value” to objects I could address it specifically.


> I used the phrase “monetary asset” once to mean “an asset which behaves and is treated like money”, but it would have been less ambiguous for me to use the phrase “monetized asset”.

Real estate is a productive asset and gold is a commodity. I'm not sure in what way they "behave like money" - their prices float with respect to a currency and have roughly zero of the attributes of money [1] - but monetization just means to find ways to make money off an unproductive asset, rather than transmuting it into something that's basically money.

> Give me a minute to find a copy of the Official Rules of Economic Epistemology.

I'll wait. If you're going to accuse someone of a "dysfunctional mental economic model" it's best to have a case made.

I'm referring to intrinsic value in the economic sense not in the epistemological sense. Economic intrinsic value is an independent mathematical derivation of the market value of an asset - based on its qualities and attributes - divorced from the price at which it trades.

For instance, the intrinsic value of a SPAC is the cash on hand, and its extrinsic value is whatever its trading at on the hopes of an acquisition.

[1] https://www.stlouisfed.org/education/economic-lowdown-podcas....


> Economic intrinsic value is an independent mathematical derivation of the market value of an asset - based on its qualities and attributes - divorced from the price at which it trades

This doesn’t exist except in the imagination. It has no causal bearing on any economic process except through the influence it has on the person imagining it.

> their prices float with respect to a currency

So does EUR with respect to USD

> and have roughly zero of the attributes of money

Scarcity, fungibility, liquidity, durability, portability - gold’s 5/5 and real estate is 4.5/5. What properties are you thinking about?


> This doesn’t exist except in the imagination. It has no causal bearing on any economic process except through the influence it has on the person imagining it.

No, it exists in math, with addition and subtraction. Like I said, a publicly traded bank account like a SPAC has an intrinsic value equal to its cash on hand. This is the economic definition of intrinsic value, and you're trying to once again substitute your epistemological definition. Same word, different meanings in different contexts, and it's disingenuous to try and substitute your definition as though it's the commonly accepted one in this context.

> So does EUR with respect to USD

This does not follow. Money isn't an asset, it's a currency, and a foreign exchange trade is a pair trade on the relative domestic purchasing power of the two. Currencies do not float with respect to other currencies because they are not priced in terms of each other.

> Scarcity, fungibility, liquidity, durability, portability - gold’s 5/5 and real estate is 4.5/5. What properties are you thinking about?

Ok let's talk about real estate. It's not fungible, each house is different. It's not liquid, in fact, sales take a substantial period of time. It's not necessarily durable, it decays without constant upkeep. It's totally not portable. And it's not broadly accepted as money. That's 0. Try bringing your deed to the Apple store to buy a MacBook. How is that 4.5 out of 5?

Gold of course isn't broadly accepted either, so that's a critical one. Try bringing a gold brick to the Apple store and see if you can buy an iPhone. Yes it could be money, it was at some point, but we replaced it because it was bad at being money, and these days it definitely is not.


> No, it exists in math, with addition and subtraction.

I’m sure you can imagine a formula. If you’d like to share a particular formula that works for determining the “intrinsic value” of any arbitrary asset I can explain why it’s wrong or meaningless.

> This does not follow

EUR literally floats wrt USD. There is no coherent way to disagree with this.

> Currencies do not float with respect to other currencies because they are not priced in terms of each other.

Yes they are, any time someone does an FX trade.

> Ok let's talk about real estate.

Typo, meant 3.5/5. Durable - yes, it persists better over arbitrary timescales than the dollar, especially raw land. Scarce - yes. Fungible - 0.5. Liquid - long settlement times don’t mean illiquid (although I probably should apply a penalty here) - yes. Portable - 0. I think you meant “1” since you didn’t disagree with scarcity.

> Try bringing your deed to the Apple store to buy a MacBook… Try bringing a gold brick to the Apple store and see if you can buy an iPhone

Try bringing EUR to a US Apple store.

> we replaced it because it was bad at being money

Do you really think that’s why Nixon suspended gold convertibility? That’s a… very charitable explanation


> I’m sure you can imagine a formula. If you’d like to share a particular formula that works for determining the “intrinsic value” of any arbitrary asset I can explain why it’s wrong or meaningless.

Sure. Net of assets minus liabilities. Book value.

> EUR literally floats wrt USD. There is no coherent way to disagree with this.

They both change value with respect to eachother but neither is priced in the other. Goods in the US are priced in dollars. Goods in Europe are priced in Euros. Euros are not priced in dollars, and dollars are not priced in euros. They're independent and exchangeable at a market rate based on relative purchasing power and demand.

The price of a euro is not determined by the dollar - although a rate of exchange exists. The price of an apple in the US is determined by the dollar. The price of a dollar isn't determined by the euro. The price of an apple in the EU is determined by the euro. I'm sure there's a name for this.

> Yes they are, any time someone does an FX trade.

I see what you mean, and yes the rate of exchange floats.

> I think you meant “1” since you didn’t disagree with scarcity.

It's not scarce, you can just build up. We impose artificial scarcity with zoning considerations, but it's not inherently scarce.

> Try bringing EUR to a US Apple store.

Why would I do that? I don't live in Europe, I don't participate in the European economy. I can exchange one for the other, or have Visa do it free of charge, as they participate in both. Currencies only apply within their boundaries of acceptance. The euro is not a currency in America which is kind of the point I'm making about acceptance. It's a currency somewhere but real estate is a currency nowhere like gold.

So given it carries few (or IMO very few) attributes of money and is not used as money anywhere and its price fluctuates with respect to a currency, it's not a monetary asset. It's not monetized. It's totally independent.

> Do you really think that’s why Nixon suspended gold convertibility? That’s a… very charitable explanation

I don't really care why we got where we got - the result is better. FDR really took the US off the gold standard in 1933 - following the UK ending the gold standard in 1931 "abruptly and unilaterally." [1] Nixon simply killed off the last vestiges.

[1] https://en.wikipedia.org/wiki/Gold_standard


> Sure. Net of assets minus liabilities.

Uh huh… and how do you calculate the values of these subterms? You told me you could calculate a number, not an expression with free variables doing all the work.

> It's not scarce, you can just build up.

Building land is not cost effective. Economists say land has an “essentially fixed supply”, cf analysis of Georgism.

> It's a currency somewhere but real estate is a currency nowhere like gold.

Bitcoin is a currency in El Salvador. More to come.

> I don't really care why we got where we got - the result is better

https://wtfhappenedin1971.com/


I had dozens of Bitcoins in 2010 when you could mine them like they were nothing. I lost them all and didn't care, because.. worthless. RIGHT?

I weep daily for my zombie coins.


> I wouldn't call the coin distribution fair if the creators can allocate arbitrary amounts to themselves, which the Worldcoin creators appear able to do.

I'm certainly not defending any of this … however, it should be noted that "creators can allocate arbitrary amounts to themselves" is a typical thing even in regulated markets. Notice how Trump's new social media became a public company through a SPAC? The man behind that move has two degrees from MIT.

If you want to go down that rabbit hole, go for it. But people become very wealthy, very fast, via allocating "arbitrary amounts to themselves" even in regulated markets. Financial shenanigans.

If you haven't heard of the $100 million deli in New Jersey, feel free to Google that one.



That's the one. Why I'm at -1 at the moment for that comment is beyond me. It could be because I am commenting on a site where VCs play similar games.

I only deal with facts.


I feel like many cryptocurrencies are attempting to achieve a metaphorical perpetual motion machine. The cryptocurrency world desperately needs its equivalent of the laws of thermodynamics / CAP theorem to help debunk dubious claims and prevent people from wasting efforts on futile endeavors.


No need to speculate, it's the second one and they even describe it on their web site:

    Orbs will be remotely monitored and compared to other Orbs. Such monitoring is based on non-biometric metadata from the Orb, including battery level, temperature, and network strength. Anomalies will be flagged and lead to Orbs being deactivated. This anomaly detection happens in the cloud and therefore comes with higher security guarantees than device-level spoof and tamper detection.
What you're mistaken about is that the "currency" is not the same as this biometric airdrop (initial distribution). The airdrop is not open at all. The currency itself, once distributed, is just a token on Ethereum (with optimistic rollups). It's essentially as open as any other Ethereum token.


I'm not here to support worldcoin because I think it's a bad idea. However, proof-of-work is also a bad idea. What bitcoin is is a decentralized clock rewarding random machines every tick. It produces bad dynamics. Parento distribution of reward, huge amount of energy waste. All so rich people (Yes, most bitcoin is held by a few rich people) can transfer wealth.

It's a stupid idea. You can appreciate it's simplicity and how everything fits together like puzzle pieces, but it is ultimately a stupid idea because it lives in the real world and has predictable real world consequences.


It's not a stupid idea. It's the invention of digital scarcity. It is supposed to be real world costly.

High energy use in itself is not the issue, it's CO2 emissions. Energy can be locally abundant, renewable, yet remote, hard to transport to civilization. That would be an idealistic example of sustainable mining. Bitcoin mining isn't fully at that level of sustainability yet, but it's a solvable problem.

Bitcoin isn't for rich people. It's for all people. It's highly popular in deeply inflationary regimes, amidst refugees and particular immigrants. The fastest growth in Bitcoin addresses for years has come from the African continent.


> Bitcoin mining isn't fully at that level of sustainability yet, but it's a solvable problem.

No it's not.

These sorts of arguments fundamentally misunderstand the Sisyphean design of Bitcoin's proof-of-work algorithm: difficulty is scaled to absorb any changes in hash power, and expending hash power is rewarded with a chance of minting coins and/or collecting fees.

Bitcoin could be made sustainable and clean today, with no extra infrastructure, no optimised hardware, no new solar panel breakthrough, etc.: miners simply have to turn off their equipment, then difficulty will adjust downwards, and Bitcoin would become efficient enough to run off a solar-powered RaspberryPi.

That won't happen; and for exactly the same reason miners won't stop burning cheap fossil fuels as well as diverting as much renewable power as they can away from useful projects like electrified transport, desalination, aluminium smelting, HVAC, etc.


Difficulty cannot scale downwards to the level you describe because then it ceases to be Bitcoin. It's supposed to be extremely difficult, this is what secures digital scarcity.

It doesn't help to speak in simplistic absolutes. Miners can definitely become more green and rapidly so. The massive move from China to the US that took place over the last few months likely has dramatically changed the energy mix to mine Bitcoin, for the better. There's also a Bitcoin mining council to promote best practices in renewable mining. There can be additional incentive structures (CO2 tax) to further discourage dirty mining.


> There can be additional incentive structures (CO2 tax) to further discourage dirty mining.

Bitcoin interprets carbon tax as damage and routes around it


Everything everyone else said plus e-waste. My lord, Bitcoin produces as much e-waste as the entirety of the Netherlands to scribble a few bytes into a ledger once every 10 minutes lol. 97% of all mining devices will never successfully mine a single block. Each transaction produces as much e-waste as throwing out an iPad. That's on top of the power demand. You cannot make that sustainable. It's grey goo.


The thing is, the discussion really isn't about Bitcoin's footprint. As a society, we don't care at all about high energy usage, CO2 output or waste.

We've ignored the issue for decades and fully embraced ACs, huge cars, big TVs, high-end gaming PCs, cheap products from China, air travel and the excessive eating of meat.

Even in these times of peak awareness, the typical consumer continues to add more electrical devices to their homes, install jacuzzis in their garden and get ever bigger cars.

Nobody is outraged about any of this behavior. We deserve these toys and justify them.

Bitcoin simply stands out as an easy scapegoat. It's not that people actually care about sustainability, they simply see something they don't understand or need, hence let's ban it. Compare it to the outrage regarding very large trucks, and people calling for a ban.

The trouble is, there's only a few of such trucks, so it does nothing. It would be much more fruitful to ban or heavily tax big TVs, as there's many more of them. And just like that, nobody's interested in sustainability anymore. Not when it personally hurts. So it's all optics, not outcomes.

I see no value in high-end gaming PCs and think they should be banned. They have no meaningful societal value to justify their energy use. You see no value in Bitcoin and think it should be banned.

Neither of us has the moral high ground. We're all a bunch of hypocrites that hand pick whatever we consider of personal value, and to disregard anything else that others may consider of value.


We're going to need to figure out how to recycle e-waste at massive scale irregardless of bitcoin.

Silicon brains are the spice of civilization. The only limit on who much e-waste we produce is how fast we can churn them out.


Cool and when we do we can revisit Bitcoin.


That's not how progress in anything, whether it's increasing complexity in evolution of life or the advance of civilization, has ever worked.

We do new things, and figure out how to manage the fallout for the successful things after the fact.


Also when we realize things are bad, we stop.


Not when the thing we're doing has a positive feedback loop. We continue until we overextend, collapse, and then start over. Humans are intelligent, so we usually try to do things differently after the collapse. Sometimes, individuals are smart enough to see the collapse coming and build an ark to ride out the chaos.

There is clearly is no strong consensus that bitcoin is bad, since it's worth over a trillion dollars. In fact, people are jumping into bitcoin because they believe the existing financial system is bad and on the verge of collapse.

We'll see.


> There is clearly is no strong consensus that bitcoin is bad, since it's worth over a trillion dollars. In fact, people are jumping into bitcoin because they believe the existing financial system is bad and on the verge of collapse.

Price is not consensus of goodness, and it's not value. You wouldn't believe what the market cap of heroin is. Market cap is the most recent trade price multiplied by supply. The price is overwhelmingly determined by USDT trading, not USD trading. According to Google Trends fewer people care now than in much of recent memory.

And further, they're quite mistaken about the impending doom. Just as the man with the megaphone yelling about the rapture has been wrong for decades too.

I guess what I'm saying is, it's time for an e-waste tax and a carbon tax.

[edit] You know, when the Cuyahoga River caught fire, the official response wasn't "well folks we should probably just keep dumping stuff into the river until we find a new process, nothing to worry about, just wear these brominated swim trunks when you go for a dip to avoid burns" -- it was to create the EPA and tell companies to immediately cease and desist until they found a better way forward.


The dollar is highly popular in inflationary regimes, crypto is a popular thing to write about, and a few use it but the main defacto backup currency almost always becomes the dollar. (For instance in Venezuala)


I bet the people who around with the orbs will get the iris hashes they collect as a downline and the whole thing will just be a new permutation of crypto MLM.


> If it doesn't work, it means there is some secret or centralized check that the network performs, which means the currency is not open.

I could be wrong, but isn't this because distribution of 'free' worldcoin is centralized? Meaning you can create identities on the network that may or may not be tied to a real person's eyeballs, but that identity only gets free Worldcoin if scanned by lets say an Approved™ Orb scanner operated by an Approved™ Orb operator, who is (presumably) verifying that the orb is scanning real humans only.

This is basically Yet Another Shitcoin With Airdrop, but with some effort to try and control 1 human adopter = 1 free coin in the airdrop.

Regardless, that doesn't imply that the network is centralized / controlled, just the distribution of the initial 8 billion worldcoins is (philosophically, you might say that the centralization of the initial distribution of coins means that the network is effectively not decentralized, but presumably the network is running similar code as any other blockchain).


Proof-of-work is also the only way to preserve decentralization. One CPU, one vote. Everyone can and should participate. Bitcoin failed at this because the hashing algorithm can be accelerated by specialized hardware, leading to professional miners setting up large centralized operations and taking over the network.


"One CPU, one vote" doesn't imply decentralization either - if you have lots of money, just buy lots of CPUs.


Sure, but that doesn't give you the disproportional advantage bitcoin miners get with their specialized hardware. With two CPUs you get two votes. Bitcoin miners get god knows how many.


It really doesn't matter to the game theory of the system.

If bitcoin somehow managed to create a system in which general CPUs were the only thing that can be used to mine, it would just mean that we'd have CPU shortages as the people with wealth and power would buy them all up. Or at least, they'd buy up all the best ones and the plebs would get the low clock speed units that can only hash at a fraction of the rate.

The "one CPU, one vote" idea sounds nice to those of us with democratic ideals believing all humans should have an equal vote, but it just fundamentally doesn't work in practice.


Indeed. Fiat currencies issued by central banks are in many ways more democratic than Bitcoin, because at least every citizen has a chance (albeit an indirect one) of influencing their policy via traditional voting, using the desired “one person, one vote” basis, which is common in countries whose currency you might want to use.

Any form of computing power, whether CPU-based or GPU-based or ASIC-based or memory-based, is a possession that can be accumulated by the wealthy in order to grant themselves power.


I don't think it follows that fiat is more democratic.

Mining is not (and cannot be) a perfectly private thing that the wealthy and powerful have full control over. Ultimately, they operate at the pleasure of governments. They are subject to political whims. A nation state could theoretically nationalize all miners in the country if the political capital to do so existed.

What makes bitcoin unique to fiat currencies, is that it is democratic on a global scale between organizations and entities that control energy production and the technological capacity to produce efficient computation. And how these organizations use their voting power is still ultimately driven by the politics within, whether that's democratic or otherwise. It's not "one person, one vote", it's "one hash, one vote". The distribution of voting power across the globe is a constantly evolving thing that depends on how much electricity and computational efficiency different localities can muster.

This is why I personally think bitcoin will be the next global reserve currency. It automatically gives proportional voting power to countries based on how effectively they can summon computation, rather than how effectively they can summon violence and destruction.


Perhaps. It would still be a lot better compared to the current situation. Buying up all CPUs would not render existing ones useless due to order of magnitude advantages like what happened to specialized BTC miner hardware. People would still be able participate in the network.


People can and do still participate by buying ASICs.


Where can one buy a Bitcoin mining ASIC that isn't already obsolete?


> somehow

Monero has implemented just such a system already (the RandomX PoW algorithm).


Yes. Monero is the only cryptocurrency project right now that could succeed bitcoin in the form it was envisioned to be. I hope its privacy guarantees continue to be tested and evolve.


Like the other guy said, it doesn't matter. It's always spend $X to get Y% of the network. That's just how reality is.

By the way, bitcoin miners do not vote. It's not a democracy. Proof of work is not voting. That's important. Democracy would be a terrible system for governing money. Bitcoin is not a democracy. (Some of the proof of stake coins are, and that's bad.)


Proof of work is like a regressive tax or the advantage of being born rich. It's not something available to the poor.

And why should CPUs get the vote?


you are implicitly excluding proof of stake... is it an omission or do you have an actual argument for that?


The argument against proof of stake is it leads to centralization of the network in the hands of those holding the most coin. Not everyone can participate. People need what, 32 ETH in order to run a node?


GP is explicitly excluding everything other than proof of work.


> So, do not support this biometric-gathering enterprise.

I wonder if the NSA is one of their investors?


TY for the explainer. To make sure I understand, it sounds like a Sybil attack can exploit a hash function because ultimately, what is being hashed does not matter and to verify what is being hashed requires centralization.


Not necessarily. Maybe the scanners have a key that only it's creators can derive from some master key. The hash could come signed and all the public verification has to do is match against a public key. You don't need a database of hashes and you don't need a centralized db of source scans. Each scan hash could even chain with a previous scan hash and you can limit the number of times a key is good for, hence limiting number of scans a device can have. Only way to fake this would be to have the master key.


Which, as always, raises the question of why a blockchain is necessary. If the creators' master key can be trusted with the power to decide who gets new coins, why don't the creators just store everyone's account balance in a database, and get rid of the enormous performance and energy costs of a distributed ledger?


> raises the question of why a blockchain is necessary

For marketing, of course. Blockchains are magic, the rubes won't flock otherwise.


I don't know anything about Worldcoin specifically, but you could argue a case for an initial period of semi-centralized "fair" distribution, after which the protocol would (verifiably) cease to allow minting of new coins.


Exactly!


The first half of your argument makes sense.

Justifying the use of proof-of-work appears to be a fallacy of relevance though


Proof-of-work was created precisely to prevent a Sybil attack, but while allowing an open network (i.e. not having to buy the token from the creators).

You need a form of scarcity to prevent a Sybil attack. Solved cryptographic puzzles of an adjustable difficulty is one such form of scarcity.

Does this address your concern about relevance?


I consider the energy expense exactly the reason (and the cost) of the decentralized trust afforded by PoW.

How is it irrelevant?


Proof of work, it’s inefficiency, or it’s security implications on transactions more generally are not relevant to your comments on the vulnerability of their coin faucet or the veracity of their claims.


They related these two points by saying that either it’s hackable, or there’s something weird going on under the hood, and that proof of stake alleviates these issues. Idk if I agree or disagree but it seemed straightforward and relevant what they were asserting.


There were three concepts being conflated in the comment I originally replied to: Sybil attacks, double spending prevention mechanisms like Proof of Work and Proof of Stake, and exactly-once delivery to members of a group (i.e. what a coin faucet does and the creepy biometric privacy destroying Orb thing TFA reacts to). TFA discusses an identification problem, and how this particular solution is creepy and privacy-destroying.

A Sybil attack is a single or a small number of entities counterfeiting multiple peer identities so as to compromise a disproportionate share of the system. The actual network of communicating nodes that have copies of the distributed ledger (whether they be participant wallets, miners, validators, stakers, or any other kind of node), and the append-only list or tree of wallet-to-wallet transactions (i.e. the distributed ledger) are distinct, and may be what's tripping up some.

Within that distributed ledger, proof of work or proof of stake aren't what prevents the Sybils from using your (or others') identities on a cryptocurrency's network without your private key. Transaction signatures alone are the mechanism that prevents impersonation. Sybils can flood a cryptocurrency network with transactions with fake signatures all they want, but the transactions would be invalidated the moment that any node appending to the distributed ledger attempts to verify those transactions against its copy of the blockchain or ledger. In Bitcoin's case, the wallet address is the public key for that wallet, and the transaction signature is easily verified by using the source wallet (the one that has a balance) address as the public key for signature verification. (The wallet address is a hash of the public key, and I'm oversimplifying.)

The function of Proof of Work is to mitigate double spending by the same identity, which is a different concept from a Sybil attack, and is not even a type of Sybil attack. That double spending would otherwise "fork" the distributed ledger, and cause two different parallel versions of the distributed ledger to exist - one in which the destination wallet A has the transacted coin, and another in which the destination wallet B has the transacted coin. The iterated game miners play in PoW makes it computationally infeasible for a single party to double spend without controlling more than 50% of mining (e.g. hashing) power in the communications network of participating nodes. In the case of Bitcoin, for example, spending the same Bitcoin wallet balance twice by signing two different transactions using the same wallet private key. That is not a Sybil attack because the double spend (i.e. both transactions) originate from the same wallet. Double spending by a single identity is irrelevant to TFA, and not what TFA is talking about.

TFA responds to a coin faucet proposal (Worldcoin's "Orb" mechanism) that uses a biometric challenge to verify that coins are distributed to flesh and blood humans only, and exactly once. They're mitigating an identity problem with coin faucets, not an integrity or double spending problem that Proof of Work mitigates. (And in a creepy, biometric privacy destroying way, we'll get to that later.)

Coin faucets can be used to give some value (e.g. a small amount of cryptocurrency) to as large a population as possible to enable, for example, developers to play around with the cryptocurrency and new users to try it out before buying in with their own money. The referenced coin faucet is proposed as a wealth (re?)distribution mechanism. Currently, coin faucets mitigate a single or small number of individuals from consuming all of their cryptocurrency by restricting IP addresses, browser cookies, wallet addresses, and other forms of identification. The "Worldcoin Orb" hardware device for that identification collects biometric information (i.e. facial recognition, eye recognition, etc.) centrally to ensure that only flesh and blood humans receive the initial grant of their cryptocurrency. One of the comments here previously mentioned that you might be able to just spoof the output phashes of these "Orb" devices to perform a Sybil attack on the coin faucet in TFA that uses biometric phashes.

Hopefully this helps explain why this type of Sybil attack is distinct from attacks on the proof of work or proof of stake mechanisms, such as owning 51% of the mining power on a POW network or all the validators on a POS network.

As an aside: An encoded, encrypted, or hashed version of your biometrics that can be used to identify you from those biometrics is still biometrics. As long as it is generated from the source material, and uniquely identifies an individual, it's still biometrics, and still creepy facial recognition, IMO.


Just wanted to say I really appreciate this long and thoughtful response - and sure you are probably proving the OP wrong, I just don't think that what they wrote was inconsistent, even if it turned out to be wrong.


In this case, there are 2 graphs/networks (3 if you count the "Orbs"), 3 different kinds of Sybil attacks, double spending, ECC signatures, and more. It's easy to lose track. I wrote it to check my own understanding.

https://xkcd.com/386/


Great one!


No you can't. The whole point is to every everybody have only 1 entry / key.

The concept is simple: give everybody an equal amount of coins. You need a unique identifier / derivative of it


> You need a unique identifier / derivative of it

What prevents anyone from mass-generating unique identifiers?


Presumably the fact it needs be done via The Orb which is (pinky promise) tamper-proof.


How would you mass-generate unique identifiers?


    for(;;) new GUID();


How does that introduce them into the network? Is that even the format of the identifiers they use?


As for the network, it's as easy. It creates a hash of a retina on a single device with no further confirmation or verification.

So al this comes down to several rather simple steps:

- if the algorithm for the hash is known, generate new hashes programmatically

- if not, but the hash is simple, reverse engineer/brute force the hash, generate new hashes programmatically

- if not, generate synthetic retina images and feed them to the algorithm

--- cut off point, and a really don't think you would need anything beyond this point for a shitty cryptocoin like worldcoin ---

- if the algorithm can differentiate between flat images and "actual" retinas, for some definition of "actual", iterate through artificial eyes until they trigger the required response


Same is true for all private keys


Scanning one's eye.


While I don't care about Worldcoin (I think it will fail, because they are solving the problem that does not exist), this post is false in multiple ways.

First, retina scanning output hash is deterministic - it is supposed to generate the same result for the same eyeball. So it can't be replaced with random number generation.

Second, network does not interpret hashes, except for making sure that single hash is awarded funds only ones. Network however pays attention to whom is sending the hashes. It must be "legitimate" Orb units, likely considered to be legitimate because their public keys were whitelisted.

Third, process of distribution of initial tokens is obviously NOT OPEN. You need a "legitimate" Orb unit to participate. Which has nothing to do with how the network will behave for users already on-boarded.

Fourth, PoW has nothing to do with it. PoW is antisybil for people who might add new blocks. PoW has nothing to do with people who just want to transfer or hold funds. Or even with people who can create money according to network rules.


> First, retina scanning output hash is deterministic - it is supposed to generate the same result for the same eyeball. So it can't be replaced with random number generation.

His argument is valid, what stops you from replacing the retina scan with a random hash replicating a different person scanning each time and collecting new tokens? What ties the hash to the actual retina other than the device that you can mess with?


DRM magic inside the Orb.


Who's to say that employees (physical orb administrators) won't be in on it?


This is a cryptocurrency project. The opportunity for scamming is much, much bigger than that.


Quality shitpost.

We’ve really come full circle when a blockchain relies on DRM to work.


It is a thing of beauty. "The DMCA says you aren't allowed to circumvent our attack on a central pillar of the modern nation state."


I've got it, we need kernel-level anti-cheat...


Presumably the orbs produce a verifiable type of hash. E.g. whatever output it has is also encrypted with their private key + some salt and you can always check if what a user provides has that.


Would it not just be a matter of time until the orbs are reverse-engineered and you can sign arbitrary input? Especially if this currency were to actually gain significant popularity.


You don't understand what a hash is.


Your confidence in your own reading comprehension is unjustified. They are simply describing signing the hash.


It can be done in following way. Orb can have a baked-in private key (on hardware level). Public keys are stored in the blockchain. Each hash is signed by the private key stored in the orb.


That's orthogonal to the point. Here's the scenario:

1. User has a "fake" biometric A, generated via GAN or [1], that's cheap and easy to produce.

2. Suppose they can present A to any orb device, generating hash(A), which signs hash(A) using its built-in private key as usual.

As long as the user can generate a fake iris biometric scan accepted by an orb, no other part of the system needs to be compromised for this attack to work.

1: http://iab-rubric.org/papers/ICPR14_1649_FI.pdf , note that liveness detection is a cat-and-mouse game


See my original post. It's pretty clear that process of initial distribution of tokens is not open. Volunteers are likely contributing lots of private data to the company to get their hands on orbs.


That implies a centralized signing authority though. We could do all of that without the retina scanning using normal old KYC


The orbs are centralized either way. And I personally am less worried about someone having a hash of my eyeball data than my passport and everything else.


I don't see how the deterministic nature of retinal scanning hashes means they couldn't be forged randomly. If there's secret sauce or a secret key in the algorithm that generates the hash then it's not an open platform. And given the stakes, it's only a matter of time until that gets cracked.


> it's only a matter of time until that gets cracked.

or leaked


>I think it will fail, because they are solving the problem that does not exist

Admittedly I never bothered to read about it but the problem they are solving is purely the distribution. Currently there's just no way to do a fair distribution where everyone gets equivalent amounts of it except perhaps with KYC but then they have to store way more personal data.

I'm much more comfortable with someone having a hash based on my biometric data than having my passport and other details.


> I'm much more comfortable with someone having a hash based on my biometric data than having my passport and other details.

Same here. My point is - fair distribution is just a means to achieve a goal of "more equality". As a mean it is an equivalent of giving man a fish instead of teaching him how to fish. At most a PR stunt.


Well a passport can always be faked. If the world became a totalitarian dystopia and you were a freedom fighter that had to elude detection, you can always use a fake passport. Faking biometrics is much harder if they already have your data.


I don't think I'd consider "it's harder to fake" a negative for the project if I was involved.


Yes. It’s very good for the project (and the NSA), not so great for users. I’m responding to the comment that prefers to give biometric data to some random private company


No biometric identifier is ever deterministic. Retinal scanning is no different. Your retina doesn't look exactly the same every time, every day, from all possible angles. Eyeballs swell, get infected, can be clouded. Retina signatures can even change over the course of a lifetime in somewhat rare circumstances, usually due to glaucoma or diabetes. Identification is always probabilistic.

Actually, the lowest state of the art false positive rates for biometric id is achieved by iris scans, so I have to wonder why they went with retinal scanning in this case.

Note that I'm not saying you can intentionally cause a false positive or false negative very easily. These are both highly reliable identification methods. But they're not deterministic, so if you're hashing the literal scanned signature, the hash output won't be deterministic, either. Presumably, what they're doing isn't hashing at all. Normally, for biometric id you just store the signature in a database and use a thresholding function to match against it when new scans comes in.


>I have to wonder why they went with retinal scanning in this case.

They didn't. It's an iris scan. The article just used "retina" and "iris" interchangeably for some reason. https://worldcoin.org/how-it-works


So… then why do they need retina scans? If the whole process has tons of checks and balances, it sounds a lot like the normal verification processes followed by governments for IDs/Visas.


Or banks, know your customer and all that. But the day some crypto project goes there the world implodes vor something.


> First, retina scanning output hash is deterministic - it is supposed to generate the same result for the same eyeball. So it can't be replaced with random number generation.

I don’t know much about retinal scanning. But for this use case, wouldn’t it be trivial to fake via something like different coloured contact lenses?


"20% of all Worldcoin tokens will be set aside for the development team. In crypto, this used to be known as a “premine” and ranks among the biggest red flags that a project is intended to enrich insiders." https://www.coindesk.com/tech/2021/10/25/why-everyone-is-mad...


So basically XRP but with even worse privacy implications.


Also ethereum.


Indeed, Ethereum not only had a ridiculous premine, but they forked the entire thing after a bunch of insiders were about to lose a ton of money in the DAO hack.


As I understand it, the distribution mechanism of Worldcoin is not part of the protocol. The protocol does not know anything about eyes.

So the distribution seems completely centralized. A central authority distributes the coins however they wish.

Today they might use a process involving eye scans. Or maybe not. There is no way to check. Tomorrow they might change their approach however they like. And we would have no way of knowing.

The issue that seems to be overlooked is that there is no way to look at a hash and decide if it was created via scanning an eye. The hash is signed via some key that - according to the makers of WC - sits in an eye scanning device which behaves a certain way. But we have no way of checking that.


Wait so I can fake a retina and get coins?


Time for "This retina does not exist"?


Correct.


I thought I'd look at the actual company after hearing about this. I'm just not a silicon valley person. Here's their how it works page - https://worldcoin.org/how-it-works .

It includes a projection graph that has a scale in 500m user increments and 2 years. Then you have the real data: over 6 months they've signed up 120k users. Or to put it another way - their real data doesn't even appear on the scale that their projections are displayed. They've basically extrpolated from 0 to 1.5bn. Oh and the graph lists sign ups per orb as if manufacturing the orbs is the limiting factor for signing people up to your shitcoin.

It also claims they're going to give out thousands of these orbs. But these orbs are the trusted hardware devices for generating unique hashes from biometric data. So if 1 of these thousands of devices falls into the hands of a hacker who can crack the hashing algo they're done. Not only will they have no guarantee that the users are unique, and probably they've also leaked huge amounts of biometric data. They actually mention this on their how it works page - don't worry guys, they'll make it hard to spoof! Honestly. It'll be tamper proof!

I kind of understand how you could try and argue that these devices are ok if you're going to have a small number of them extremely securely protected, but the plan is literally to manufacture 4,000 of these per month and hand them out to random people. Honestly, it's like they've just never had a conversation with someone who thinks critically about anything.


I don't think they can leak biometric data. Even if they figure out the hashing algo that doesn't mean they can invert someone's hash.


I don't think that's the rub. The issue is that with a hash and the algorithm, you can reproduce the hash. I think opponents to this are advising against having the retinal hashes in the first place, to eliminate their abuse in the future.


You don't need to invert it, if the hash is used to issue a token on a centralized system you can ping the centralized system. At minimum you can establish whether someone has an existing account, and at maximum you could identify that account.


To protect the device getting cracked, couldn't you just have it send a message if/when the device is opened in a way it shouldn't (e.g. for inspection) and thus make that key invalid?


Sure and maybe that slows people down a bit, but the second device they get their hands on they’ll be smarter. This isn’t a new issue, look at video games, look at blu ray and hd dvd, security against a sophisticated attacker with physical access is almost impossible. It’s rare for video games to last 1 week before being cracked, and that’s not even for something important.


Put it in a Faraday cage.


This is just so wrong in so many different ways, it actually fills me with despair to think that there are people somewhere who actually think this is in some ways a good idea. To the point of wondering if there is some way of organising more direct action to stop this kind of disaster from befalling the human race.


I should think the types of direct action needed against crypto scams are pretty straightforward, but I also think site policy largely prevents me from elaborating on them here.


At some point one needs to assume it is no longer a matter of ignorance, but instead one of malice. Not sure if this is near that point. Perhaps this guy is simply a fluff bunny who has never seen any evil in this world.


>Perhaps this guy is simply a fluff bunny who has never seen any evil in this world.

Having met Altman, "fluffy bunny" is not a too far off assessment.


I know there's the whole "never attribute to malice that which is adequately explained by incompetence", but is incompetence a more likely path to becoming a billionaire?


Maybe it's not quite malice.

Is there a word for knowingly becoming the villain because you've decided that the force of Moloch in civilization is unstoppable and if it's not you who uses your power to take control of something vulnerable and weak, someone else eventually will, and they might actually be malicious.


This might be an onpopular opinion on here, but I think that software (and hardware) development needs to be regulated, similar to pharma or other regulated industries.

The regulation can take into account several factors to make the barrier for smaller projects not too high.


Some people instinctively reach for "regulation" whenever they encounter a social problem. Oh, is that a problem? Easy - make it illegal. Viola, no more problem!

Except that making more rules doesn't actually remove social problems. You have to pay for judges, lawyers, courts and prisons; and the lives of rulebreakers get ruined. And the problem persists.


Regulation aside, I think we should take ethics much more seriously.

Engineers sign off on a building, if it falls hundreds could die. We don't do anything that grandiose usually, but sometimes software can have extreme impact on the world, and thus we should be prepared to consider the consequences of our actions thoroughly.


So what roughly would you regulate about "software (and hardware) development"?

FYI this project (and basically every cryptocurrency project) already falls under some kind of financial regulation in most jurisdictions.


The basic idea I have is that when you bring to market a new technological product, you need to register it with your government/jurisdiction and depending on a few params (maybe company size, revenue, funding, industry/vertical etc.) provide more information.

Similar to tax and accounting regulations, as you grow these regulations grow, too. For example you might need to provide risks and threats analyses for your technology.

You're liable to provide this information to the best of your ability given context (e.g., they wouldn't require a 30 page risk analysis from a indie hacker who has 20 users). If it turns out that you provided false information delibrately, or acted in bad faith, there are consequences like fines, bans, and so on.

Of course, based on your technology the government can prohbit you from bringing it to market, add constraints or require more info.


How confident are you that the government could accurately assess the risk of any technology? Why couldn't I just write the same risks for any given social networking site and copy-paste it every single time I was faced with a compliance form like the one you described. This all just sounds like an exercise in pointless box ticking but that just might be my deep skepticism of governments talking.


Even if they could assess those risks, how confident are we that the government wouldn't err far too much on the side of risk aversion? Bureaucrats and politicians would see no upside in allowing a medium-risk high-reward venture to go ahead, since the outcome is binary for them - get the same salary regardless or get fired if something goes wrong.

I think the idea is terrible. You want laws to be prescribed and debated, not allow some administrators to make shit up on the spot.


Ever since the movie "Demolition Man", it should be obvious why biometrics are a bad idea. (Yeah I know they also can try to scan for signs of life like blood flow - still, I don't like it).

Even without the Demolition Man scenario, an even worse issue is that you can't change your biometrics in case somebody steals them. Fake fingerprints are already easy to do, other things surely can be cloned, too.


Kids or coworkers are not going to make fake fingerprints to mess with me. What they can do is to see password or pin code while I am typing those over my shoulder. Someone on the street also won't be able to see my pin code for unlocking phone if I use fingerprint.

Those are scenarios that biometrics are handling really well.

Biometrics against sophisticated attackers is not good idea. I don't encounter in my life "sophisticated attackers" that would spend time making copy of my fingerprint.

If you are person that has risk of running into sophisticated attackers then don't use biometrics and biometrics are bad idea.


Yeah, similarly we have crap locks in doors. They are there more to make it somewhat laborious to open to door, hence signal privacy, than make it nigh impossible to break in. That's why we have bank vaults and so on when we really want to deny access.

For convenient security you want just enough complexity a bot wont automatically unlock it, for proper security something that can be even a bit unconvenient as long as it's more secure.

I agree, biometrics should probably be in the "breakable, convenient" category.


Exactly, every-day security is there to prevent random dudes. And even they can, to stay with homes, just break a window. Serious opponents, especially if they are really motivated, will be able to break into everything. The three letter agencies, and their counterparts in other countries, are obviously on the very professional and very motivated end of the spectrum.

Personally, I don't see any reason to make overly easy for any of those parties. So no biometrical data to be exchanged for some new form dogecoin.


> Kids or coworkers are not going to make fake fingerprints to mess with me.

Don't underestimate the lenghts some people will go through for a harmless prank. But you are probably correct a modern phone's fingperprint-reader is probably not fooled by an etched stick of gummibear.

Incidentally - I always wanted to have a device that you could stick your finger into, that would use a, let's say, laser to etch different fingerprints onto the tip of my finger.


>But you are probably correct a modern phone's fingperprint-reader is probably not fooled by an etched stick of gummibear

IIRC there was an attack that was able to get past the liveliness checks by putting the fingerprint replica (a thin piece of dried elmers glue) onto a real finger.


Somebody stealing your phone will likely be able to retrieve fingerprints from it? Maybe it is too much for a random thief. But what if there are "factories" for treating stolen phones, and random thieves just sell the phones to those factories? (Not saying that happens, but it seems likely to me that such things will eventually exist - down to trying to retrieve bank codes from stolen computers and phones and trying to exploit them).


A stolen phone has hashes, not scans – if memory serves, there were a couple of old Android phones which saved the images but even that was a developer’s mistake leaving logging on rather than the design.

The sensible approaches for biometrics use them to unlock strong keys which never leave the device. If implemented correctly, this is somewhat resistant to offline brute-force attacks — certainly not impossible but not economical for going after most people.


I meant retrieve actual physical fingerprints that are on the phone, not digital scans of fingerprints.

So if you use fingerprints to unlock your phone, and a dedicated attacker steals your phone, they could create fake finger prints from the prints you left on the phone (as surely you do touch your phone), and use them to unlock your phone.


That also doesn't work with any modern design: you don't leave a 3-D structure behind on the reader, and usually they're coated in a way which means that you don't even leave much of a print.

As another way to look at it, people have been spending considerable time attacking these sensors since they were first released. If it was that easy, you wouldn't see the academic attackers going to such lengths.


I would expect the academic attackers being interested in other aspects than the criminal attackers.

How 3d is a fingerprint - do the sensors really measure the depth of the creasing, and it is a significant distinguishing factor?

I think there are plenty of places to leave a print. For example my slim and elegant smartphone is covered with a "protector case" which probably doesn't have such a sophisticated coating.


> Kids or coworkers are not going to make fake fingerprints

In truth I have seen this done to mess with people using cellotape and creativity, so I have to warn you this is not a reasonable assumption.


> Kids or coworkers are not going to make fake fingerprints to mess with me

> Biometrics against sophisticated attackers is not good idea. I don't encounter in my life "sophisticated attackers" that would spend time making copy of my fingerprint.

You don’t yet, but we’re talking about a new form of currency in this thread, not unlocking your phone to text your spouse or show your kids a youtube video.

Money is power, which will draw in sophisticated attackers who want to amass more of both.


> Kids or coworkers are not going to make fake fingerprints to mess with me.

I know a few kids and coworkers who absolutely would, if it would get a laugh.


But you can "forget" your PIN, you can't forget your iris.


Yes that is also one additional point - people will pick pin like 0000 or 12345 not to forget them which makes pins in general less secure.

Some people would set their pin the same as their debit card just to remember one number instead of multiple.

That is why finger print unlocking is quite great for day to day use.

Of course it is not enough for more complex security scenarios, but as someone else mentioned lock on my doors is quite easy to pick but still it is good enough for most of people.


I put the first forget in quotes on purpose.

https://www.macrumors.com/2019/01/14/forced-biometric-unlock...

You can easier be forced to face unlock or fingerprint unlock your phone than be forced to remember your PIN


It could be damaged or destroyed.


I'm thinking more of cases like robbery.


Then it is even easier for the robbers to force you to unlock your phone?


That's what meant, mistyping or forgetting your PIN under stress is plausibel, but you can always face unlock or make a iris scan. You don't even need to be conscious to do it.


> says A World With Trillionaires Is Inevitable

> sends eye-scanning Orbs (his name) to Africa to pump up the value of Altmanbucks that his team owns 20% of

I'm laughing now at how cartoonish this guy is, but might not be laughing later when my children must Surrender to the Orb to pay off their fathers' crypto-debts.


This is one of the most disturbing things I’ve read in quite some time. The implications of all of it and all the bad avenues it could go down chill me. A person’s right to anonymity gone forever. I think all people should deserve the right to disappear and be unknown if they don’t have IDs on them.

I understand what Sam is going for here (equitable distribution of wealth) but this is absolutely the wrong way to go about it.


It seems Sam is going for his wealth before equal distribution of wealth.


Furthermore, according to https://worldcoin.org/how-it-works, it seems the billionaires are planning on enriching themselves by exploiting individuals in some of the poorer nations first (Chile, Kenya, Indonesia, Sudan). (According to GDP per capita at https://en.wikipedia.org/wiki/List_of_countries_by_GDP_(PPP)..., Chile is 80, Indonesia is 132, Kenya is 176, and Sudan is 181.)


Sam has enough money, seems highly unlikely he is doing it to get wealthier.

Not for or against Worldcoin with this comment just saying there is likely a different motive.


Then Sam would be the first rich Person mit persue additional wealth.


It's such a gross subversive of the technology. Satoshi created bitcoin so no one would have control of the money supply

So con artist and VCs created "crypto" where every con artist has there own money


True, VCs really hate Bitcoin. They can't control it, it doesn't give them data the rest of us can't already see, they can't roll out software updates, it's too late for early phase mining.

When VCs hate it, it means it really, really good.


> Satoshi created bitcoin so no one would have control of the money supply

There's no such thing as the money supply. There are many currencies, each one with its own supply.


I am kind of a yc fanboy but I never get why sama was chosen by paulg. He has no success story whatsoever and comes up with dumb ideas like this one.


Incredible how out of touch the Silicon Valley elite is with the real world.


When I left Silicon Valley, it was to escape the bubble. What you wrote is what I felt. But in hindsight, I think "Silicon Valley is out of touch with the real world" is too innocuous. Obviously, it is, but a lot of the "elite" aren't just happily enjoying their bubble. They are intent on shaping "the real world", and they have enough resources and influence to be successful some of the time.

I doubt very much that the masses will be scanning their retinas into The Orb so that they can get Worldcoin, but these people are not going to stop coming for your retina, your DNA, even more of your digital fingerprints, etc. Sadly, they're eventually likely to get it all.


There was a time, relatively recently, that the second half of your second paragraph was strictly in the realm of tin-foil hat weirdo.

But now, I can see a clear line between the data we're collecting today and the data that would be that much more useful like DNA.


> Sadly, they're eventually likely to get it all.

Not mine! But WTF, I'm just a paranoid weirdo.


Thing is, you don't matter.

If I have access to the data of 95% of people in a society, I have enough to model and predict behavior, and maybe even the hooks to inject information and influence future behavior.

The long tail of paranoid weirdos who spend all their time and energy fighting to maintain their privacy are irrelevant to the goal of societal domination.


Of course, you're right!

FWIW I don't spend a lot of energy; it's become habitual. I just don't hand out my PII simply because someone asked. And if people ask me for PII when I don't think they need it, I'll deal with the hassle of finding another way to solve my problem.

I know that my attitude is irrelevant to the behaviour of the snoopers. I'm not trying to train them.


This is sadly spot on.

I had a conversation that touched on privacy once with a person I met at a bar who works for Big Evil Tech Co. and she basically came out and said this in slightly more diplomatic terms.


???

SV elites have understood that you can wrangle money and control out of unsuspecting and uninformed consumers for decades. Which is exactly what they are doing here via. a new shitcoin; they get both control and money!

I'd say they are very much in touch with the real world.


I really don't understand all the outrage in most of the comments here. Seems to me like they're just trying to launch a new cryptocurrency, they're trying to find a reasonably equitable way to distribute the initial tokens to bootstrap it, and iris-scanning is the best non-centralized, technically and logistically feasible way to identify new unique human entrants that they came up with. The principle of it sounds great to me!

Does the specific mechanism they're attempting to employ raise some concerns? Sure. Instead of the vitriol though, how about some suggestions for a better mechanism?

Trying to tear people down who pretty clearly seem to be making a good faith attempt to make the world a better place is reprehensible in my opinion. What does that say about you?


The fundamental idea behind this of, "Here, take this shiny object that may or may not have some value at some point in exchange for enslaving your most personal data to us who want to work for 'your own good'" is just shitty and elitist regardless of how its pursued.

Also, >Trying to tear people down who pretty clearly seem to be making a good faith attempt to make the world a better place is reprehensible in my opinion.

Seriously? What an absurd notion. Oh hey, X attempt was in good faith! What a terrible person you are for criticizing it... Not to compare Altman with people like Lenin but I suppose that by this logic, one is bad for criticizing revolutionary demagogues because their hearts were always in the right place?


The worst privacy honeypot of all times.

You should never let your minors or relatives or friends close to this app. If somehow they scanned their eye with this Blockchain app, it will stay.

Your personality and opinions may change but this will be a mistake you will always regret.


Are you aware that the biometric data isn't stored or linked with the wallet that receives the distribution?


Are you aware that companies lie to make money off you?


My theory is Altman invested a shitload of money into a hardware startup that made an orb-shaped retina scanner. For whatever reason it doesn’t take off. Solution? Tie it to a cryptocurrency!


I registered the domain thiseyeballdoesnotexist.com - anyone interested in training a GAN for that page?



How will that help you? You need the orb, too and those operating the orb can presumably tell the difference between a real person and a jpg of an eyeball.


When they start handing them out, just figure out how to get one. Then the website listed and your orb can rake you in all that sweet crypto cash.

This seems like a solution to a problem that isn't really a solution.


Bribe them?


Tangentially related: For anyone else who is tired of the highly-dramatic word “slam”, you may appreciate SlamCount. A Twitter bot that keeps an eye on news orgs usage of the word: https://mobile.twitter.com/slamcount1


1) previously you had to worry only about browser fingerprinting to avoid being tracked

2) currently some countries planning/want to implement covid check-in at every place you wanna enter

3) and now you have to worry that some private company want to make a modern fingerprint (irisprint?) that most likely is going to be used to at least another way of ad tracking.

However with 3) you won't be able to easily protect yourself - you cannot change eyeballs. Maybe you will have to wear some special contact lenses.


I like the idea of a unique identity per person but I'm unsure about security:

- Iris scans have false positives at scale

- You can have eye surgery changing your iris

- Cheap scanners can be fooled by photos, so you'd need to require live-tissue scanners which are really expensive


The single biometric identity per person is a terrible idea because it cannot be discarded once compromised.


I'm also slightly unsure that Iris -> Hash is correct, I don't see why it wouldn't be Iris -> [Hash]. Maybe scanners are that good but I'd have thought depending on things like light reflection you'd end up with different hashes. Maybe not!


There is also an incentivization problem here. For every person that they get onboard, “Worldcoin will allow everyone to claim a free share of it.” That share is worth $0.07 in US dollars today. If I don't think it's worth 7 cents to produce my iris data, then the best strategy is to wait until the coin goes up to my price point before entering that market. It makes the most sense to hold off until the coin hits $65,000 US before getting the "free share" and immediately converting it into another currency.


Wow I feel I just came out of a cave, to discover only now about Worldcoin..

Apart from the arguable concept itself, I'm genuinely wondering why betting on yet another scanning device, instead of using fingerprint scan, which is now available on most smartphones ?

Is it that much more reliable that it's worth going through the pain of engineering a new hardware ?

Finally, how they could expect any other reactions than doubt, fear, and reject, out of this solution, while fingerprint and face detection already go through so much ethical issues ?


If the problem is "make money from a blockchain" then things may look different.


> how they could expect any other reactions than doubt, fear, and reject, out of this solution,

It looks to me like they're targeting people who are not as concerned or thoughtful about such issues.


First OpenAI launches the code laundering tool CoPilot, now Altman wants to scan the world's irises.

Could Altman perhaps sit down and fucking program something himself? Show us your code.


How is Altman's code relevant?


I wish I could see the pitch from the hardware people who told Sam Altman that the orbs were not going to be cracked... the whole project will fall apart as soon as (if) Worldcoins have significant value and an orb falls in a moderately-skilled hacker's hands. Or someone will just do it for the lolz.

That or orb-owners will just set up a booth in poor areas of the world and give people cash for a scan, pocketing the distributions forever.


Snowden is assuming that Worldcoin is saving hashes of eyeballs. That is not what Worldcoin is doing. Zero Knowledge proofs allow the system to prove that an eyeball exists without actually tying the biometric hash directly to an ID.

From the article: "We use the open-source Semaphore[19] zero-knowledge proof system to transfer the uniqueness of IrisHashes to the uniqueness of user accounts, without linking them."

Now, of course, one needs to trust that Worldcoin is actually doing what they say they are doing, but that is a different discussion.

Edit: I see now that they are saving this data during field testing. But it looks to me that the long term plan is to use ZK crypto to unlink the hash from the account. Snowden's "hot take" ignores this.

https://semaphore.appliedzkp.org/ https://z.cash/technology/zksnarks/


That's only true if everything works perfectly and they're also able to solve some unsolved problems. This is why, for the current phase, they're scanning and storing people's bodies, faces, eyes, and other metadata.

See this page: https://worldcoin.org/privacy-during-field-testing

We collect the following data through the Orb after the user gives us their consent: Images of users’ body, face, and eyes, including users’ irises (visible, near infrared and far infrared spectrum) Three-dimensional mapping of users’ body and face

If their system were hacked or misused by authoritarian governments, the damage would be huge. And they're basically telling the world "trust us, we'll figure it out" without proving they can do it.


This is a privacy nightmare.


Huh? They’re collecting and saving them, at least up to the point of confirming all new user accounts which happens sometime after they scan irises. I might have missed it but I don’t see anywhere in their docs where it says they discard the hashes even after they’ve minted a unique user account for the new user. They need to store the hashes at least until they’ve registered all possible users - how else will they confirm that a new user hasn’t previously registered.


All iris hashes are publicly saved, but not linked to wallets. Details here: https://worldcoin.org/how-it-works#crypto (Account Privacy section)


I think it's the idea of collecting them in the first place that most people are uncomfortable with. It's still a lot of trust to put in the hands of a private company. It reminds of the whole brouhaha with Apple and their CSAM privacy measures.


I normally would align with Snowden, but Worldcoin using ZK-proofs is an important discussion to have. It is going to take a while for the world to understand the benefits that zero knowledge proofs offer in terms of privacy, but they are starting to be found everywhere, and privacy advocates (of which I consider myself one) need to understand what they offer to the consumer in exchange for some real benefits that we cannot get through public policy, etc.


Zk proofs have nothing to do with Snowden’s criticism. They’re collecting and storing iris hashes regardless of whether they’re using Zk proofs downstream in their tech stack.


Why is this problematic?

The risks as I see it are authoritarian governments figuring out the tech and using it. Or compelling Worldcoin to do their bidding.

Storing hashes in itself doesn't seem like it can be abused. Suppose Worldcoin has a database of a billion hashes, then an authoritarian government decides to compel Worldcoin for some nefarious purposes. What then? What bad stuff could happen?


"What then? What bad stuff could happen?" I leave that to your imagination. It comes down to individual preference and where you draw the line at privacy. I personally wouldn't trust my biometric data to any FAANG let alone some shit-coin startup that could potentially decide to monetize that data any which way at some point in the future.


That's farfetched. How would they monetize eye scans? 23andme and Facebook have clear commercial use cases for the data they collect. What's the commercial use case for collecting mere eye scan data? At best the data set is worth a few million dollars and that's not a conspiracy worth running, especially when they can make billions off the actual crypto.


> one needs to trust that Worldcoin is actually doing what they say they are doing

Right, and that's a big part of the problem.

With all of the data abuse that the industry has already engaged in, it's silly to trust any company just because they say "trust us". Worldcoin has given no reason to trust them.


I think the idea to introduce WorldCoin now, using the method as described, during the current climate, basically sums up everything that is wrong with today's Tech, VC and Silicon Valley.


Doesn’t seem fair for those people without retinas to scan.

I guess if you want to be part of the new world currency you better not have any disabilities or disfigurements.


Again per Gibson:

"“What’s in the case, Buschel?” Seersucker bunched in his fist, knuckles white and shaking.

“Damn it, Turner,” the man jerking free, the handle of the case clutched in both hands now. “They weren’t damaged. Only some minor abrasion on one of the corneas. They belong to the Net. It was in her contract, Turner.”"


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: