Decentralization is key to Worldcoin. The Worldcoin protocol is powerful and could be misused, especially if under centralized control. There have been countless occasions where people’s trust in digital services has been abused. Therefore, to ensure that the Worldcoin protocol maximally benefits humanity, it is imperative that the protocol, ecosystem, technical computation, development, and governance are transparent, verifiable, and most importantly, decentralized. Decentralized community governance, in particular, is imperative to maintain the protocol’s alignment with the people it serves—which is to say, everyone. This section focuses on all non-governance dimensions of decentralization that contribute to the overall integrity of the Worldcoin ecosystem.
The Worldcoin protocol is designed to be decentralized in order to make it resilient, remove single points of failure, and place control over the proof of personhood primitive in the hands of the people who use it. The decentralization goals of the protocol include:
- Permissionless operation, enabling anyone to issue and use credentials without central approval;
- Decentralized operation, allowing use without needing to trust or rely on a centralized party, including the ability to independently run off-chain infrastructure components;
- Support for credentials on custom wallets, offering flexibility and interoperability i.e. users should be able to choose their wallet and not be tied to a specific platform; and ultimately the
- Ability to build on open standards with independent implementations and interpretations (e.g., DIDs and verifiable credentials) to increase interoperability.
To use the protocol, certain open source, community-mainted components are or will be required:
Today, all protocol components are already open source. The protocol already supports privacy by enabling verification through zero-knowledge proofs, which lets a person prove ownership of a credential without revealing any details about it (e.g., one can prove today they have been verified at an Orb without revealing which verification belongs to them or when and where they were verified).
Community members may continue to contribute to, and develop new functionalities for the Worldcoin Protocol, like:
Decentralizing the issuance of this credential comes down to four parts:
- the uniqueness verification service,
- the development and production of biometric verification devices,
- the deployment of devices all over the world; and
- fraud prevention mechanisms.
Design and manufacturing of biometric verification devices will be gradually decentralized to increase the resilience of the verification process against censorship and minimize the trust requirements in the manufacturing entity:
Once manufactured, Orbs are operated by independent entrepreneurs and their organizations around the world. Those entities receive a reward for every successful verification, and, to some extent, the actual operation of Orbs is already decentralized. The Foundation will soon be responsible for issuing operator rewards, and has engaged TFH to help support and audit Orb operations. Eventually, operations will include a decentralized process for operators to qualify and receive an Orb, receive verification rewards, and audit operations that could potentially be enforce by on-chain smart contracts:
- Orb Allocation: Today, Orbs can only be borrowed but not rented, sold or auctioned off to operators. When an Operator joins the project, Orbs (and other equipment) are lent to Operators for a specified period of time. Short-term lending ensures that only Operators who use Orbs efficiently for verification purposes (i.e., not merely verifying a handful of people per week) get access to them, optimizing hardware production capacity and minimizing overhead. In a future-state with abundant Orb supply at low cost, Operators could simply buy biometric verification devices.
- Signup Rewards: Operators receive rewards for each successful verification. Eventually, governance could refine how the signup reward mechanism works or is calculated (e.g., to increase the likelihood of compliance with the Foundation’s Operator Code of Conduct, a fraction of the signup reward could be locked-up. Governance could define the lock-up criteria, including any cap or other features).
- Signup Quality: It is important that Operators provide users with a high-quality experience by educating them about the project and supporting them during the verification process. To align the Operators’ financial interests with the objectives of the Worldcoin project, Operator rewards are impacted by measures of sign-up quality. Governance could also refine the criteria for determining signup quality.
Decentralizing the issuance and custody of World ID is challenging given the need to maintain high credential integrity (i.e., making it hard to illegitimately acquire and use the World ID of others). Different mechanisms across all participants—from hardware manufacturers to individual Orb operators to users—are required to prevent actions that undermine the integrity of the credential:
There are several scenarios that could result in the illegitimate creation or fraudulent ownership of proof of personhood credentials:
- Verification Device Compromise: A third party submits fraudulent verifications by compromising the hardware or spoofing the verification process.
- Identity Theft: The device operator or a third party manipulates individuals into verifying or compromising their phone to access their credentials.
- Identity Sale: An individual decides to sell their credentials to a fraudulent actor.
- Issuer Fraud: Organizations developing the firmware for verification devices secretly generate identities.
Each scenario decreases the utility of the proof of personhood credential issued by the Orb, so measures to make these attacks more costly are important. The following first five examples are integrity-strengthening measures on the Foundation’s roadmap:
The following four measures are not on the Foundation’s immediate roadmap but still ideas being considered:
- In-Person Audits: To ensure compliance with the Operator Code of Conduct and to prevent any organization from secretly generating fake identities, operations should be audited. Today, third-party organizations audit on-the-ground signup operations. A potential path to decentralize this process could be publishing a list of all verification devices, their locations, and verification counts. This would enable decentralized and in-person verification of all devices. Auditors could balance the published verification numbers against a count of real people verifying live, and thereby discover illegitimate identity generation. Such a process would require careful mechanism design to avoid unintended side effects.
- Anomaly Detection: Metadata from Orbs could be made public to be utilized for decentralized anomaly detection, informing decisions on which Orbs to audit in person. However, what data to publish would require careful consideration to preserve the privacy of individuals who verify. Community input would likely be necessary to strike that balance.
- Revocation: If a particular firmware version of a verification device is deemed insecure or an operating organization is found to be fraudulent, the verification credentials can be retrospectively revoked in line with the Foundation's governance, to eliminate potential fraudulent identities. Eventually, there might be the need for a separate adjudication body. If there were any real and legitimate individuals affected, they could re-verify at an Orb.
- Expiry: As biometric verification devices and their security standards evolve, it might become useful to version World IDs. Over time, older World IDs might be deprecated to increase security, similar to passport expiration.
Eventually, users will be able to either easily export their accounts into other wallets or use a third-party wallet at the time of verification with an Orb. Additionally, a World ID WalletKit could incorporate all the required capabilities, so that other wallets could easily integrate World ID, allowing the use of World ID various wallets of choice.
On the frontend, World ID is already available to any developer that wants to use sybil protection in their application through the IDkit and developer portal. Users are able to use any third-party application through World App.
Some parts of the Worldcoin ecosystem are already decentralized and open source. However, decentralization is an ongoing process that requires significant community contributions and participation. A gradual transition towards a decentralized ecosystem allows for careful assessment and refinement at each stage, ensuring that the transition is sustainable in the long term. Decentralization is core to the mission of Worldcoin and requires active participation of the broader community.
Some AI models might become very powerful. In that case, it might be required to develop governance mechanisms that reach beyond the organization running the model to decide on the guardrails and actions of such models. ↩