Analysis of the WorldCoin Project: Biometric Data Privacy and Risks in Prospective National Defense Scenarios
Palavras-chave:
digital governance, data privacy, ; cryptocurrencyResumo
As technology advances, the demand for information security solutions in applications grows to keep pace with disruptive technologies. In this context, World Network has developed a new Single Sign-On (SSO) login format, using individual iris photo collection for two-factor banking authentication. In this project, World Network encountered regulatory challenges in several countries due to data privacy concerns. Given this scenario, the present study aims to analyze the risks associated with the collection and storage of such data, as well as its implications in prospective national defense scenarios. This research is justified, given that emblematic cases involving data privacy and mass population control in the governmental sphere have already marked the past, such as the National Security Agency (NSA) scandal denounced by Edward Snowden in 2013 and Cambridge Analytics in 2018, pointing to potential risks of informational instrumentalization and loss of digital sovereignty. The research adopts an exploratory and documentary approach, with technical audits in open source code hosted on GitHub and analysis of vulnerabilities related to authentication and data management. The results indicate that, although the system features advanced security mechanisms, such as Zero Knowledge Proofs (ZKP), uncertainties remain about governance, transparency, and the final destination of the information collected. It is concluded that the lack of transparency in the management of biometric data represents a strategic challenge for national defense and privacy protection on a global scale, requiring stricter regulations and international cooperation to balance technological innovation and security.
Downloads
Referências
AEPD. Worldcoin commits to halting its activities in Spain. Available at: https://www.aepd.es/en/press-and-communication/press-releases/worldcoin-commits-to-stop-its-activity-in-spain. Accessed on: Oct. 13, 2025.
Akerlof, G.; Kranton, R. Identity Economics: How Our Identities Shape Our Work, Wages, and Well-Being. Harvard University Press, 2010.
Amnesty International. Uncovering the global spyware scandal: Pegasus Project revelations. London: Amnesty International, 2021. Available at: https://www.amnesty.org/en/latest/research/2021/07/pegasus-project-revelations/. Accessed on: Oct. 30, 2025.
ANPD. ANPD determines suspension of financial incentives for iris data collection. Available at: https://www.gov.br/anpd/pt-br/assuntos/noticias/anpd-determina-suspensao-de-incentivos-financeiros-para-arrecadação-de-íris. Accessed on: Oct. 13, 2025.
BBC News. Barack Obama defends US surveillance tactics. 2013. Available at: https://www.bbc.com/news/world-us-canada-22820711. Accessed on: Oct. 13, 2025.
BBC News. US confirms collection of Verizon phone records. 2013. Available at: https://www.bbc.com/news/world-us-canada-22793851. Accessed on: Oct. 13, 2025.
Ben-Sasson, E.; Chiesa, A.; Genkin, D.; Tromer, E.; Virza, M. Zerocash: Decentralized Anonymous Payments from Bitcoin. IEEE Symposium on Security and Privacy, 2014.
Blocknews. OpenAI's Sam Altman raises $290 million for cryptocurrency and startup fund Worldcoin. 2023. Available at: https://www.blocknews.com.br/financas-corporativo/sam-altman-da-openai-capta-us-290-milhoes-para-cripto-worldcoin-e-fundos-de-startup/. Accessed on: Oct. 13, 2025.
Bradshaw, S.; Howard, P. The Global Disinformation Order: 2019 Global Inventory of Organized Social Media Manipulation. Oxford: Oxford Internet Institute, 2019.
Brazil. Law No. 12,737, of November 30, 2012 – Carolina Dieckmann Law – Criminal classification of cybercrimes. Available at: https://www.planalto.gov.br/ccivil_03/_ato2011-2014/2012/lei/l12737.htm. Accessed on: Oct. 13, 2025.
Brazil. Law No. 12,965, dated April 23, 2014 – Brazilian Civil Rights Framework for the Internet. Available at: https://www.planalto.gov.br/ccivil_03/_ato2011-2014/2014/lei/l12965.htm. Accessed on: Oct. 13, 2025.
Brazil. Law No. 13,709, of August 14, 2018 – General Data Protection Law (LGPD). Available at: https://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm. Accessed on: Oct. 13, 2025.
Brazil. Law No. 14,155, of May 26, 2021 – Amends the Penal Code to classify cybercrimes. Available at: https://www.planalto.gov.br/ccivil_03/_ato2019-2022/2021/lei/l14155.htm. Accessed on: Oct. 13, 2025.
Cadwalladr, C.; Graham-Harrison, E. Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach. The Guardian, March 17, 2018. Available at: https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election. Accessed on: Oct. 30, 2025.
Clearview AI. Facial recognition and privacy violations in the EU. Euronews, 2021. Available at: https://www.euronews.com/my-europe/2021/12/16/facial-recognition-clearview-ai-breaks-eu-data-privacy-rules-says-french-watchdog. Accessed on: Oct. 30, 2025.
Clearview AI. Use of facial recognition by Clearview AI. n.d.
CoinMarketCap. Worldcoin (WLD) – Price, charts, and data. 2023. Available at: https://coinmarketcap.com/pt-br/currencies/worldcoin-org/. Accessed on: Mar. 18, 2025.
Couldry, N.; Mejias, U. The Costs of Connection: How Data is Colonizing Human Life and Appropriating It for Capitalism. Stanford: Stanford University Press, 2019.
Damasceno, G. WorldID Security Audit: Iris Biometrics, Zero-Knowledge Proofs, and the Risks of Global Digital Identity. 2025. Available at: https://medium.com/@gustavoxaviercontato/security-audit-of-worldid-iris-biometrics-zero-knowledge-proofs-and-the-risks-of-global-digital-1c5553f51fc7. Accessed on: Oct. 11, 2025.
Deibert, R. Reset: Reclaiming the Internet for Civil Society. Toronto: House of Anansi Press, 2020.
DeNardis, L. The Global War for Internet Governance. Yale University Press, New Haven, USA, 2020.
DeNardis, L. The Internet in Everything: Freedom and Security in a World with No Off Switch. Yale University Press, 2020.
Decrypt. France and Germany coordinate investigation into Worldcoin. Available at: https://decrypt.co/150473/france-germany-corrinate-worldcoin-investigation. Accessed on: Oct. 13, 2025.
Doneda, D. From privacy to personal data protection: elements of the formation of the General Data Protection Law. Rio de Janeiro: Forense, 2021.
ENISA. Guidelines on Securing Digital Identity Systems. European Union Agency for Cybersecurity, 2022.
Floridi, L. The Ethics of Information. Oxford University Press, 2013.
GitHub Worldcoin. Worldcoin Open Source Repositories. Available at: https://github.com/worldcoin. Accessed on: Oct. 13, 2025.
Goldfarb, A.; Tucker, C. Digital Economics. Cambridge, MA: National Bureau of Economic Research (NBER), 2019. Available at: https://www.nber.org/chapters/c15121.pdf. Accessed on: Oct. 30, 2025.
NSO Group. Spyware Pegasus. n.d.
Hardt, D. The OAuth 2.0 Authorization Framework. IETF RFC 6749, 2012.
Humby, C. Data is the new oil. 2006. Available at: https://randhirhebbar.medium.com/data-is-the-new-oil-but-are-we-making-the-most-of-it-e636fa30e9ce. Accessed on: Oct. 30, 2025.
Isaak, J.; Hanna, M. User data privacy: Facebook, Cambridge Analytica, and privacy protection. IEEE, 2018, 51(8). Available at: https://ieeexplore.ieee.org/abstract/document/8436400. Accessed on: Oct. 13, 2025.
Jr, A. WorldCoin case study. 2025. Available at: https://medium.com/@r3dd1t/case-study-worldcoin-1e8b351563ee. Accessed on: Oct. 11, 2025.
Kello, L. The Virtual Weapon and International Order. New Haven: Yale University Press, 2017.
Laney, D. 3D Data Management: Controlling Data Volume, Velocity, and Variety. META Group, 2001. Available at: http://blogs.gartner.com/doug-laney/files/2012/01/ad949-3D-Data-Management-Controlling-Data-Volume-Velocity-and-Variety.pdf. Accessed on: Oct. 11, 2025.
Liboreiro, J.; Huet, N. European Commission bans its staff from using TikTok over China cybersecurity concerns. Euronews, Feb. 23, 2023. Available at: https://www.euronews.com/next/2023/02/23/european-commission-bans-its-staff-from-using-tiktok-over-china-cybersecurity-concerns. Accessed on: Oct. 30, 2025.
Mayer-Schönberger, V.; Cukier, K. Big Data: A Revolution That Will Transform How We Live, Work, and Think. Houghton Mifflin Harcourt, Boston, USA, 2013.
Monteiro, R. Challenges of the National Data Protection Authority in Brazilian digital governance. Brazilian Journal of Digital Law, v. 8, n. 2, 2023.
Narayanan, A.; Bonneau, J.; Felten, E.; Miller, A.; Goldfeder, S. Bitcoin and Cryptocurrency Technologies. Princeton University Press, 2016.
Nilekani, N. Data has become the new oil, says Nilekani. The Times of India, 2017. Available at: https://timesofindia.indiatimes.com/business/india-business/data-has-become-the-new-oil-says-nilekani/articleshow/59703145.cms. Accessed on: Oct. 30, 2025.
NPC Observer. China's National Intelligence Law. 2017. Available at: https://npcobserver.com/legislation/national-intelligence-law/. Accessed on: Oct. 13, 2025.
Nye, J. S. Do Morals Matter? Presidents and Foreign Policy from FDR to Trump. Oxford: Oxford University Press, 2021.
Palantir Technologies. Government Partnerships Overview. n.d. Available at: https://www.palantir.com/government. Accessed on: Oct. 30, 2025.
Putri. These are 8 countries banning Worldcoin: from Spain to Indonesia. Tempo, 2025. Available at: https://en.tempo.co/read/2004666/these-are-8-countries-banning-worldcoin-from-spain-to-indonesia. Accessed on: Oct. 17, 2025.
Rid, T. Cyber War Will Not Take Place. Oxford University Press, London, United Kingdom, 2013.
Silva, J. Critical infrastructure and cybersecurity in Brazil. Revista Defesa & Sociedade, v. 5, n. 1, 2022.
Silva, R.; Almeida, J.; Souza, T. Deep learning approaches for real-time video processing. IEEE Trans. Image Process., 2023, 32, 1234–1245. Available at: https://ieeexplore.ieee.org/document/10006664/. Accessed on: June 2025.
Swissinfo. OpenAI wins US$200 million contract with the US Army. Available at: https://www.swissinfo.ch/por/openai-obt%C3%A9m-contrato-de-us$-200-milh%C3%B5es-com-o-ex%C3%A9rcito-americano/89530738. Accessed on: Oct. 20, 2025.
TechCrunch. Kenya suspends Worldcoin scans due to security, privacy, and financial concerns. 2023. Available at: https://techcrunch.com/2023/08/02/kenya-suspends-worldcoin-scans-over-security-privacy-and-financial-concerns/. Accessed on: Oct. 13, 2025.
The Guardian. NSA files: decoded – what the revelations mean for you. 2013. Available at: https://www.theguardian.com/world/interactive/2013/nov/01/snowden-nsa-files-surveillance-revelations-decoded#section/1. Accessed on: Oct. 13, 2025.
Trail of Bits. WorldCoin Security Review. 2023. Available at: https://worldcoin.org/security. Accessed on: Oct. 13, 2025.
UOL/TILT. Who is behind the company that pays to scan people's irises? 2025. Available at: https://www.uol.com.br/tilt/noticias/redacao/2025/01/20/quem-esta-por-tras-da-world.htm. Accessed on: Oct. 13, 2025.
World Economic Forum. Personal data: The emergence of a new asset class. Geneva: World Economic Forum, 2011. Available at: https://www.weforum.org/reports/personal-data-emergence-new-asset-class. Accessed on: Oct. 30, 2025.
World.org. How will the World Wide Web comply with laws regulating the collection and transfer of biometric data? Available at: https://world.org/pt-br/faqs. Accessed on: Oct. 13, 2025.
World.org. What is World Chain and why do I need to migrate to it? Available at: https://support.world.org/hc/pt-br/articles/34190114835475. Accessed on: Oct. 13, 2025.
World.org. Open Source. n.d. Available at: https://world.org/pt-br/open-source. Accessed on: Oct. 13, 2025.
World.org. User Terms and Conditions. n.d. Available at: https://worldcoin.org/terms. Accessed on: Oct. 13, 2025.
World.org. Unique Humans. n.d. Available at: https://world.org/pt-br. Accessed on: Oct. 13, 2025.
World.org. World ID. n.d. Available at: https://developer.worldcoin.org. Accessed on: Oct. 13, 2025.
World.org. WorldCoin Project Data Dashboard. n.d. Available at: https://worldcoin.org. Accessed on: Oct. 13, 2025.
WorldCoin. Whitepaper: Introducing the WorldCoin Protocol. 2023.
Zuboff, S. The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power. PublicAffairs, 2019.
Zyskind, G.; Pentland, A. Decentralizing Privacy: Using Blockchain to Protect Personal Data. IEEE Security and Privacy Workshops, 2015.
Downloads
Publicado
Como Citar
Edição
Seção
Licença
Copyright (c) 2025 Revista Interdisciplinar de Pesquisa em Engenharia
Este trabalho está licenciado sob uma licença Creative Commons Attribution-NoDerivatives 4.0 International License.
Autores que publicam nesta revista concordam com os seguintes termos:
Autores mantém os direitos autorais e concedem à revista o direito de primeira publicação, sendo o trabalho simultaneamente licenciado sob a Creative Commons Attribution License o que permite o compartilhamento do trabalho com reconhecimento da autoria do trabalho e publicação inicial nesta revista.
Autores têm autorização para assumir contratos adicionais separadamente, para distribuição não-exclusiva da versão do trabalho publicada nesta revista (ex: publicar em repositório institucional ou como capítulo de livro), com reconhecimento de autoria e publicação inicial nesta revista.
Autores têm permissão e são estimulados a publicar e distribuir seu trabalho online (ex: em repositórios institucionais ou na sua página pessoal) a qualquer ponto antes ou durante o processo editorial, já que isso pode gerar alterações produtivas, bem como aumentar o impacto e a citação do trabalho publicado.
