Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy

Portugal Orders Altman's Worldcoin To Halt Data Collection (reuters.com) 24

Portugal's data regulator has ordered Sam Altman's iris-scanning project Worldcoin to stop collecting biometric data for 90 days, it said on Tuesday, in the latest regulatory blow to a venture that has raised privacy concerns in multiple countries. From a report: Worldcoin encourages people to have their faces scanned by its "orb" devices, in exchange for a digital ID and free cryptocurrency. More than 4.5 million people in 120 countries have signed up, according to Worldcoin's website. Portugal's data regulator, the CNPD, said there was a high risk to citizens' data protection rights, which justified urgent intervention to prevent serious harm. More than 300,000 people in Portugal have provided Worldcoin with their biometric data, the CNPD said.
This discussion has been archived. No new comments can be posted.

Portugal Orders Altman's Worldcoin To Halt Data Collection

Comments Filter:
  • by presidenteloco ( 659168 ) on Tuesday March 26, 2024 @11:47AM (#64346221)
    by another nanny state.

    FFS give adult humans in the 21st century some f**king autonomy to make their own decisions.

    Worldcoin is an anonymous service verifying only that the same identity is doing things at various places and times and services. The organization operating it retains no identifying data for each person who signs up.

    Innovation is under serious threat by the dullards.
    • Re: (Score:2, Informative)

      by Narcocide ( 102829 )

      - operation stores high res scans of your eyeballs
      - operation doesn't store identifying information

      You have to pick one.

      • Re: (Score:2, Informative)

        The information they store is, roughly speaking, a fuzzy hash of iris image data. The original iris image cannot be recreated from it.

        No other personally identifying info is stored with it (e.g. name, email, crypto keys etc).

        So the only thing it's good for is if you walk back in to a worldcoin scanning center to try to create a second, different unique anonymous id in worldcoin, it would recognize that you already have one and reject creation of a new different one for you.

        It verifies your unique human-ness
        • The information they store is, roughly speaking, a fuzzy hash of iris image data. The original iris image cannot be recreated from it. No other personally identifying info is stored with it (e.g. name, email, crypto keys etc).

          There are entire companies whose only reason to exist is to link bits of personally identifiable information together. So that hash is not linked to you personally, till one day either by accident or on purpose it is. And then, unlike changing a username or password, it can never be undone.

          • This is true of any kind of digital id. Or stolen credit card number etc.

            We need a way where on finding out your digital id has been doxxed, you can get a new one, with different salt, with a revocation method for the validity of the old one. Similar to how TLS trust-root certificates can be invalidated.
            • This is true of any kind of digital id. Or stolen credit card number etc. We need a way where on finding out your digital id has been doxxed, you can get a new one, with different salt, with a revocation method for the validity of the old one. Similar to how TLS trust-root certificates can be invalidated.

              The problem as I see it is the relative immutability of biometric data. Unlike your name or address or passwords or usernames or card numbers or root certificates it adds a variable that can never (at least conveniently) be changed. It is easy to say that is great for the ultimate security, till one day you consider the downsides to be greater than the benefits, but then there is no going back.

              You could hash your DNA data as well, but if that hash is ever broken, that is you, forever.

              • Yeah the biometric data is relatively immutable.

                So that's why only secondary identifiers (analogy: session keys) should be used in day to day authentication / authorization in third party systems.

                Ideally, there should be no way back from the secondary identifier to the source biometric hash.

                I feel in a technically semi-literate way (notice waving hands) in the area that ZKSNARKs (not just simple hashes) may eventually play a role in these kind of "one directionally associated" or non-leaking associated rel
        • by higuita ( 129722 )

          how to you know that is what they are doing?

          one of the main problems is that all this is very little transparent, the company, the owners, the objective, the oversight and even what law to apply is very shady. They said several things, but never proved anything. That alone rises many problems and is one of the main reasons for the temporary suspension. to keep people more protected until more data is found or proofs are presented

    • by higuita ( 129722 ) on Tuesday March 26, 2024 @12:43PM (#64346317) Homepage

      the question is that they announce one use, but how to really prove that it is the only use they are doing to a critical biometric (that may be useful in the future)
      If the Portuguese and Spanish data regulator knew that the use was ONLY really what is announced, they would probably not mind... but there is lot of obscurity about the company and hidden usage of this info... and better to be safe, suspend that and wait for more info

      About "autonomy to make their own decisions" ... how about drug consumption? Abortion? public nudity? allowing banks to invest wildly without control? Over-control on the banking system? Allowing full inherence control, or force a limit for inherence donations and have the rest reserved to the family in balanced shared?

      you see, there are MANY different opinions about all the issues, your opinion may not be the opinion of the next person. In the USA, people care little about privacy, but in Europe, people do care lot more. This data regulators are there exactly to this, to protect their people privacy, even if that can take a little of liberty from people that are not experts on the topic. In the USA, people can carry guns, in Europe, most countries limit that freedom... what is better, each one should decide when they vote.

      As European, i support those limits, it better to have a balanced system than a wild west with no control

    • The CNPD's suspension refers instead to the Worldcoin Foundation - a Cayman Islands entity described on its website as "memberless", having no owners or shareholders.

      "no owners or shareholders" real meaning -> nobody's going to take responsibility for whatever TH we'll do.
      "a Cayman Islands entity" real meaning -> you'll never catch us anyway

      That's some red flags here.

      • The thing about this is it is opt-in. No one has a gun to anyone's head forcing them to get a iris-scan-based world id.

        The government overreach is governments not permitting people to opt in to something like this.

        It's a little bit like the government banning the opt-in possession of a bitcoin, because "Oh the potential horror!"

        It's just the fear-dominated, terrified of novelty half of the population, with some government power, dictating to and trying to fence in the explorer half of the population. Each h
    • Imagine framing as "innovation" the practice of exploiting starving people for their biometrics in return for your shitcoin. You worldcoin people are such ghouls.
      • I'm not "one of them". Just speaking in support as an independent observer, on principles of freedom where the balance of harm vs benefit has not been clearly demonstrated yet.

        If you got that surmise wrong, what else do you routinely get wrong when pondering about the world around you I wonder? Or you should wonder.
        • The "principles" of freedom, where your biometrics are treated as a commodity to move around in someone else's money market? From the country that brought you Afghanis selling their own organs for money so they can eat, we bring you: Worldcoin!

          And because it's all free market forces setting the precedent that we don't own our own biometrics, then it's all good! Or if the TSA did it first, then it's all good.

          Surprisingly, you manage to look more and more like a plant with everything you say.

    • Worldcoin is an anonymous service verifying only that the same identity is doing things at various places and times and services. The organization operating it retains no identifying data for each person who signs up.

      Both those sentences can't be right. They either verify you are who you say you are, or they don't retain any information about you. The fact of the matter is Worldcoin. So far several jurisdictions have said Worldcoin is in breach of the GDPR. If your "innovation" can't survive a 90 day cool off period to talk to regulators then your company and or product should not exist.

      No innovation here is under threat, and there's no nanny state here. Just a regulator asking to show cause. I suspect you spent too muc

      • That's not correct. Here's a unique identity:

        0xA4D38FFL9W742V

        I can track what this does and what reputation it has.
        By the way it was generated (the system it is a valid public key in), I can know that it corresponds uniquely to one of the unique humans that has recently existed.

        That doesn't tell me who this is, even if I'm the entity that validated their unique human-ness, generated a unique key-pair for them, told them to use the public key publicly, and keep the private key private, then forgot (did not s
    • by vbdasc ( 146051 )

      by another nanny state.

      FFS give adult humans in the 21st century some f**king autonomy to make their own decisions.

      NO.

      This crosses a red line. People must not be allowed to trade their inalienable rights (one of which is privacy) for money. Else we enter a slippery slope that can lead to a libertarian dystopia that allows, for example, slavery. And who else to enforce this rule but the "nanny" state?

      A state that protects the less bright and capable of its citizens from making certain bad decisions is properly called a sensible state, not nanny state.

  • In the countries that this was rolling out there were plenty of "extra eyeballs" you could scan. Hundreds of villagers could be scanned for the "sell your soul" scheme. The arbitrage of personal data is huge and many countries laws are too weak to stop them. Remember when Squidward gave everything he owned for a worthless piece of paper, this what crypto, nfts, tokens and what other schemes they come up with are in a nutshell.
  • kind of escaped out of hexadecimal there for a brain-fart moment lol.

There is very little future in being right when your boss is wrong.

Working...