Here I am, resurrecting my blog like a dusty necromancer coming back for one last summon.
And what brought me back from the digital grave?
Larpers. Everywhere. People posing as crypto 'experts' when they haven’t done the actual work of researching whatever the hekk it is they are talking about. It’s all vibes and appearances and no substance.
Lately, the Orb and World has been made an antagonist in the Filipino crypto scene. And everyone suddenly became a data privacy expert and morality champion overnight.
But y’all… the code is literally open-source. Public. On GitHub. Verifiable and transparent. Yet most of the noise came from people whose deepest technical dive was into Tiktok, probably. I mean opinions are fine. Sure, pop off. But when you're out here spreading crypto misinformation like it's your side hustle, that’s not just lazy. That’s lying. Please don’t do that, it’s bad.
Anyway, because nobody’s doing it, Danki went through World’s codebase to dissect and translate it for humans. But first…
We are entering a phase of the internet where:
Bots have social media accounts
Bots make video calls and phone calls
Bots make fake IDs
Bots have crypto wallets
Bots can vote on-chain
Bots have fans clubs
My fren, it has become normal to not know whether you're reading content from a person or a language model. It’s already bad. But it’s gonna get weirder.
AI systems are already powerful enough to influence, deceive, vote, and even transact like humans. It’s already anarchy, albeit one where you only detect the tip of the iceberg.
My point being.. Proof of Humanity, or a system that makes it easy to prove that you’re a human is going to impact people who don’t even know about crypto.
Just some ways that immediately come to mind:
Preventing Deepfakes: Video calling and communication platforms can integrate PoH to make sure that the user is talking to a real human.
Pseudonymous Communication: You can even prove humanity without doxxing who you are
Aid distribution: Not saying it’s UBI, but any aid system can eliminate ghost beneficiaries, fraud, and identity duplication through PoH.
Secure KYC over the Internet: You don’t have to travel miles and queue up to register a government ID. If you have a valid PoH then it will be possible to do it at home.
So as you can see, it isn’t just some crypto flex. It’s more like a universal captcha but one that cannot be ‘outsourced’ and one that doesn’t annoy u by asking to find traffic lights in 144p JPEGs.
Now, going back to the code.
++++++
There’s a large codebase, but here are the main components you can look into if you want to know what the system does to your iris scan:
open-iris: a pipeline that converts raw iris images into iris codes (has three parts: segmentation → normalization → feature extraction).In human language: It takes note of your iris’ features and extracts those to generate a binary code that serves as your identifier.Open Iris Repo
orb-software: Orb Software Repo
orb-core/do_signup calls image capture, iris processing, then signs iris codes and sends them to the backend uniqueness service, which is closed-source (bleh)In human language: It calls all the code needed to process your iris data and signs it to make sure everything came from the orb and not somewhere else
orb-secure-element & orb-attest modules that generate hardware-backed attestations; the backend validates these signatures. In human language: It shows how your iris code data is encrypted both at rest and in transit.
signup-sequencer: takes your identity commitments, or 32-byte hashes that were produced after an iris is verified and updates the Merkle Tree. In human language: Generates a ZK proof that says “this person was added to our list of real humans”. This ZK proof will not tell who you are or where you scanned or what your iris code is, nothing. Just that you were part of the listSignup Sequencer Repo
Ok, now let’s begin with the lines we’re most concerned about:
Do they delete the iris scans? Yes. But not by calling a delete() function. The Orb processes iris images entirely in memory and (because this is written in Rust) it discards it automatically right after use.
let frame = eye_tracker.capture_frame().await?;
let iris_code = compute_iris_code(&frame)?;
The image variable is processed in these lines, but never written to disk or saved.
I asked my AI to scan of the codebase for any file I/O routines (File::create, fs::write, etc.) during the processes in the Orb-core pipeline. Looks like there’s none. So they’re really not saving it.
Then what are they getting from the scans?
An iris code that looks like a nonsensical bunch of 1’s and 0’s. You can check the open-iris repo to see how they transform it. The binarization algorithm is explained here in a more understandable language, but you can knock yourselves out analyzing the code here and here.
Do they even save that garble of a binary number that is your iris code? Also no.
They only use it to check whether you’re a unique human being. They split it up into three parts and use SMPC (Secure Multiparty Computation) to compare chopped up shares of it with all the chopped up shares of the other iris codes that were ever created. Do note that this part is closed-source. But it’s still nice to read their paper about large scale MPC.
There’s no more need for that iris code once your humanity has been proven. This is where ZK comes in. The iris code is made into a commitment hash through a (boo) another closed-source but audited code by Trail of Bits.
Now your commitment hash is hang by the Merkle Tree, any application that integrates with World ID can verify the proofs generated by your account.
Side: I would personally trust Trail of Bits because they’re one of the reputable auditing names out there (and they basically taught me how to fuzz test), but to each his own.
So let’s go back to what these clout-chasers were saying:
No, Chad. They don’t even have your iris code. What they have is an encrypted representation of the existence of your iris code. Which can’t be unhashed by anyone, not even by World themselves.
If you can follow the flow: no biometric data stored = no breach of trust. Unless you plan to sell your fingers, phone, and World private key to the same person on Facebook Marketplace, nobody's getting anything from anyone.
An even spicier conspiracy. What will they sell? The commitment hash of the existence of your iris code that not even them can decrypt? Who’s gonna buy that Chad?
Okay, I get it somehow. But here’s a reality check:
Most people don’t know why everyone needs PoH
Most people don’t know how Web3, PoH, or even single-factor authentication works.
But they all need the protection that PoH provides.
Not everyone has to understand combustion engines to ride a bus. They just need a ride.
You can’t onboard 8 billion people by giving them a 5-hour cryptography lecture. So what do you do? You incentivize adoption.
It’s kind of a lesson in game theory. If you can’t convince the granmas to care, then flip the incentives. Make doing the right thing the easiest option. World is not paying you for your data. It’s rewarding you so that you would participate.
LOL. Bro. Danki tries to be an honest, accurate, kind person with integrity. But guess what wins people over most of the time? Appearances. Loss aversion and chasing incentives. You think people lined up for an Orb because they read the World whitepaper? No. They heard they’d get free money.
And yes, politicians got involved. Is that ideal? No. Is that efficient? Yes. Is it dangerous? Only if they can tamper with the Orb.
Which leads me to…
Yes, but it’s extremely difficult to do so undetected. There are many layers of detection in the orb:
The open-source orb-attest component interacts directly with the Orb’s secure element, which holds private signing keys in a tamper-resistant hardware chip.
Measured Boot & Orb OS - closed source but if we’d believe the README, it uses secure enclave and secure element for key operations.
The orb-firmware project includes tamper-detection logic and secure runtime that monitors hardware tampering, power glitches, physical access, etc. It’s undisclosed and IP’d but that’s understandable.
Anyway, spending this whole night reviewing World's codebase is like reading an autist's work. There's no effort to dumb things down so that the general public can understand, because they know the average person won't even try. But I’m blown, the amount of thought and detail put into its design is interesting.
Could be the case. But it's too much effort to construct a very complicated system with hundreds of commits and multiple deployment signatures, all just to cover a lie. I would have stopped at giving cash for iris data. But nah, they went full nerd.
Now, if you'd still like to throw arguments against cold hard code, let me help you, here are some suggestions for a more believable counterpiece. Despite multiple opportunities, da danki herself hasn’t put her eyeballs anywhere near the Orb.
Because I do have a few legitimate questions, and it’s okay to be skeptical if your skepticism is informed:
What happens to the encrypted iris code after it gets sent to the backend for uniqueness checking?
Hamming distance comparisons via partial key shares are cool and all, but who are the entities running the three MPC nodes? If they’re all affiliated with World, then yes it's cryptographically secure, but not decentralized. And in that case these three entities can collude to reconstruct all the iris codes that were ever created.
If the MPC protocol and architecture is open-sourced and shown to have sufficient decentralization, then I’ll feel much safer about it.
What happens if I lost my World ID, can I regenerate a new one via my previously scanned eyeballs?
I think there’s no answer to this yet, but Danki would love some clarity.
What happens if you want to delete your World ID?
Spoiler: because it’s a protocol and I don’t see any code or mention of a component that will delete your PoH, you probably can’t.
World is not perfect. But it’s trying. And it’s doing it in the open. You know what’s worse? All these other KYC systems in the planet hoarding your data in privately managed servers, then leaking it in some sketchy DeepWeb dump.
Sometimes saying you don’t know and asking questions is a more pro move than making up stories and building on clout. And before you spin things at least check the source.
I’m touching grass now. Hope the world heals. Hope you lerned something. 🐴
0xDanki ( Tin Erispe )On RWAs
0xDanki ( Tin Erispe )Blockchain for Enterprise
People tend to overestimate how easy it is to create a blockchain. Just because you were able to deploy a network doesn’t make you an expert on blockchain. As a matter of fact, even an intern can do it in minutes. Here, try it. You know what else is easy to deploy? A webpage. Creating a blockchain is easy, and you can do it at zero cost and effort for as long as you don’t care about the design and spec of your network. Understanding the engineering constraints to design a secure and functiona...
0xDanki ( Tin Erispe )Blockchain Legos: The Modular Stack
If you’ve been here long enough, you would have already heard of the blockchain trilemma where you can only pick two out of three between security, speed, and decentralization. But that is so 2020. Some years ago, we expect one single blockchain to perform various functions for us. For instance, Ethereum has become congested because it was juggling between validating incoming transactions, arranging them into blocks, executing them, and finally keeping all these growing records available at a...
A Friendly Donkey
Here I am, resurrecting my blog like a dusty necromancer coming back for one last summon.
And what brought me back from the digital grave?
Larpers. Everywhere. People posing as crypto 'experts' when they haven’t done the actual work of researching whatever the hekk it is they are talking about. It’s all vibes and appearances and no substance.
Lately, the Orb and World has been made an antagonist in the Filipino crypto scene. And everyone suddenly became a data privacy expert and morality champion overnight.
But y’all… the code is literally open-source. Public. On GitHub. Verifiable and transparent. Yet most of the noise came from people whose deepest technical dive was into Tiktok, probably. I mean opinions are fine. Sure, pop off. But when you're out here spreading crypto misinformation like it's your side hustle, that’s not just lazy. That’s lying. Please don’t do that, it’s bad.
Anyway, because nobody’s doing it, Danki went through World’s codebase to dissect and translate it for humans. But first…
We are entering a phase of the internet where:
Bots have social media accounts
Bots make video calls and phone calls
Bots make fake IDs
Bots have crypto wallets
Bots can vote on-chain
Bots have fans clubs
My fren, it has become normal to not know whether you're reading content from a person or a language model. It’s already bad. But it’s gonna get weirder.
AI systems are already powerful enough to influence, deceive, vote, and even transact like humans. It’s already anarchy, albeit one where you only detect the tip of the iceberg.
My point being.. Proof of Humanity, or a system that makes it easy to prove that you’re a human is going to impact people who don’t even know about crypto.
Just some ways that immediately come to mind:
Preventing Deepfakes: Video calling and communication platforms can integrate PoH to make sure that the user is talking to a real human.
Pseudonymous Communication: You can even prove humanity without doxxing who you are
Aid distribution: Not saying it’s UBI, but any aid system can eliminate ghost beneficiaries, fraud, and identity duplication through PoH.
Secure KYC over the Internet: You don’t have to travel miles and queue up to register a government ID. If you have a valid PoH then it will be possible to do it at home.
So as you can see, it isn’t just some crypto flex. It’s more like a universal captcha but one that cannot be ‘outsourced’ and one that doesn’t annoy u by asking to find traffic lights in 144p JPEGs.
Now, going back to the code.
++++++
There’s a large codebase, but here are the main components you can look into if you want to know what the system does to your iris scan:
open-iris: a pipeline that converts raw iris images into iris codes (has three parts: segmentation → normalization → feature extraction).In human language: It takes note of your iris’ features and extracts those to generate a binary code that serves as your identifier.Open Iris Repo
orb-software: Orb Software Repo
orb-core/do_signup calls image capture, iris processing, then signs iris codes and sends them to the backend uniqueness service, which is closed-source (bleh)In human language: It calls all the code needed to process your iris data and signs it to make sure everything came from the orb and not somewhere else
orb-secure-element & orb-attest modules that generate hardware-backed attestations; the backend validates these signatures. In human language: It shows how your iris code data is encrypted both at rest and in transit.
signup-sequencer: takes your identity commitments, or 32-byte hashes that were produced after an iris is verified and updates the Merkle Tree. In human language: Generates a ZK proof that says “this person was added to our list of real humans”. This ZK proof will not tell who you are or where you scanned or what your iris code is, nothing. Just that you were part of the listSignup Sequencer Repo
Ok, now let’s begin with the lines we’re most concerned about:
Do they delete the iris scans? Yes. But not by calling a delete() function. The Orb processes iris images entirely in memory and (because this is written in Rust) it discards it automatically right after use.
let frame = eye_tracker.capture_frame().await?;
let iris_code = compute_iris_code(&frame)?;
The image variable is processed in these lines, but never written to disk or saved.
I asked my AI to scan of the codebase for any file I/O routines (File::create, fs::write, etc.) during the processes in the Orb-core pipeline. Looks like there’s none. So they’re really not saving it.
Then what are they getting from the scans?
An iris code that looks like a nonsensical bunch of 1’s and 0’s. You can check the open-iris repo to see how they transform it. The binarization algorithm is explained here in a more understandable language, but you can knock yourselves out analyzing the code here and here.
Do they even save that garble of a binary number that is your iris code? Also no.
They only use it to check whether you’re a unique human being. They split it up into three parts and use SMPC (Secure Multiparty Computation) to compare chopped up shares of it with all the chopped up shares of the other iris codes that were ever created. Do note that this part is closed-source. But it’s still nice to read their paper about large scale MPC.
There’s no more need for that iris code once your humanity has been proven. This is where ZK comes in. The iris code is made into a commitment hash through a (boo) another closed-source but audited code by Trail of Bits.
Now your commitment hash is hang by the Merkle Tree, any application that integrates with World ID can verify the proofs generated by your account.
Side: I would personally trust Trail of Bits because they’re one of the reputable auditing names out there (and they basically taught me how to fuzz test), but to each his own.
So let’s go back to what these clout-chasers were saying:
No, Chad. They don’t even have your iris code. What they have is an encrypted representation of the existence of your iris code. Which can’t be unhashed by anyone, not even by World themselves.
If you can follow the flow: no biometric data stored = no breach of trust. Unless you plan to sell your fingers, phone, and World private key to the same person on Facebook Marketplace, nobody's getting anything from anyone.
An even spicier conspiracy. What will they sell? The commitment hash of the existence of your iris code that not even them can decrypt? Who’s gonna buy that Chad?
Okay, I get it somehow. But here’s a reality check:
Most people don’t know why everyone needs PoH
Most people don’t know how Web3, PoH, or even single-factor authentication works.
But they all need the protection that PoH provides.
Not everyone has to understand combustion engines to ride a bus. They just need a ride.
You can’t onboard 8 billion people by giving them a 5-hour cryptography lecture. So what do you do? You incentivize adoption.
It’s kind of a lesson in game theory. If you can’t convince the granmas to care, then flip the incentives. Make doing the right thing the easiest option. World is not paying you for your data. It’s rewarding you so that you would participate.
LOL. Bro. Danki tries to be an honest, accurate, kind person with integrity. But guess what wins people over most of the time? Appearances. Loss aversion and chasing incentives. You think people lined up for an Orb because they read the World whitepaper? No. They heard they’d get free money.
And yes, politicians got involved. Is that ideal? No. Is that efficient? Yes. Is it dangerous? Only if they can tamper with the Orb.
Which leads me to…
Yes, but it’s extremely difficult to do so undetected. There are many layers of detection in the orb:
The open-source orb-attest component interacts directly with the Orb’s secure element, which holds private signing keys in a tamper-resistant hardware chip.
Measured Boot & Orb OS - closed source but if we’d believe the README, it uses secure enclave and secure element for key operations.
The orb-firmware project includes tamper-detection logic and secure runtime that monitors hardware tampering, power glitches, physical access, etc. It’s undisclosed and IP’d but that’s understandable.
Anyway, spending this whole night reviewing World's codebase is like reading an autist's work. There's no effort to dumb things down so that the general public can understand, because they know the average person won't even try. But I’m blown, the amount of thought and detail put into its design is interesting.
Could be the case. But it's too much effort to construct a very complicated system with hundreds of commits and multiple deployment signatures, all just to cover a lie. I would have stopped at giving cash for iris data. But nah, they went full nerd.
Now, if you'd still like to throw arguments against cold hard code, let me help you, here are some suggestions for a more believable counterpiece. Despite multiple opportunities, da danki herself hasn’t put her eyeballs anywhere near the Orb.
Because I do have a few legitimate questions, and it’s okay to be skeptical if your skepticism is informed:
What happens to the encrypted iris code after it gets sent to the backend for uniqueness checking?
Hamming distance comparisons via partial key shares are cool and all, but who are the entities running the three MPC nodes? If they’re all affiliated with World, then yes it's cryptographically secure, but not decentralized. And in that case these three entities can collude to reconstruct all the iris codes that were ever created.
If the MPC protocol and architecture is open-sourced and shown to have sufficient decentralization, then I’ll feel much safer about it.
What happens if I lost my World ID, can I regenerate a new one via my previously scanned eyeballs?
I think there’s no answer to this yet, but Danki would love some clarity.
What happens if you want to delete your World ID?
Spoiler: because it’s a protocol and I don’t see any code or mention of a component that will delete your PoH, you probably can’t.
World is not perfect. But it’s trying. And it’s doing it in the open. You know what’s worse? All these other KYC systems in the planet hoarding your data in privately managed servers, then leaking it in some sketchy DeepWeb dump.
Sometimes saying you don’t know and asking questions is a more pro move than making up stories and building on clout. And before you spin things at least check the source.
I’m touching grass now. Hope the world heals. Hope you lerned something. 🐴
0xDanki ( Tin Erispe )On RWAs
0xDanki ( Tin Erispe )Blockchain for Enterprise
People tend to overestimate how easy it is to create a blockchain. Just because you were able to deploy a network doesn’t make you an expert on blockchain. As a matter of fact, even an intern can do it in minutes. Here, try it. You know what else is easy to deploy? A webpage. Creating a blockchain is easy, and you can do it at zero cost and effort for as long as you don’t care about the design and spec of your network. Understanding the engineering constraints to design a secure and functiona...
0xDanki ( Tin Erispe )Blockchain Legos: The Modular Stack
If you’ve been here long enough, you would have already heard of the blockchain trilemma where you can only pick two out of three between security, speed, and decentralization. But that is so 2020. Some years ago, we expect one single blockchain to perform various functions for us. For instance, Ethereum has become congested because it was juggling between validating incoming transactions, arranging them into blocks, executing them, and finally keeping all these growing records available at a...
Share Dialog
Share Dialog
A Friendly Donkey
Subscribe to 0xDanki ( Tin Erispe )
Subscribe to 0xDanki ( Tin Erispe )
<100 subscribers
<100 subscribers
No activity yet