1. Common Concerns and Questions

It's natural to feel concerned when you hear "iris scanning." Here are answers to frequently asked questions.

"What if my iris data is leaked?"

→ Since the actual iris image is not stored, there's no risk of leakage. Only "IrisCode," an irreversible binary code, is stored.

"Can governments or companies track me?"

→ World ID is designed to maintain anonymity. No personally identifiable information is sent during verification.

"Is the Orb harmful to my eyes?"

→ The Orb uses near-infrared LEDs and meets the same safety standards as medical devices. It uses technology similar to ophthalmology equipment.

"Can I undo registration?"

→ You can request data deletion. However, once data is deleted, you cannot obtain a World ID again.

2. How is Iris Data Handled?

Process from Scan to Verification

Iris Scan

Orb captures iris pattern using near-infrared light (~10 seconds)

Convert to IrisCode

Iris image is immediately converted inside the Orb to an IrisCode (a 12,800-digit binary number representing iris characteristics). The IrisCode is a one-way conversion that makes it mathematically impossible to reconstruct the original iris image

Iris Image Deleted

Original iris image is immediately deleted. Never sent to servers

Duplicate Check

Verify IrisCode doesn't match any existing ones (one ID per person guarantee)

World ID Issued

If no duplicates, World ID is issued and registered in World App

🔐

IrisCode Characteristics

IrisCode is a one-way conversion, making it mathematically impossible to reconstruct the original iris image from the code. Generated through feature extraction using Gabor wavelet filters, the original data information is lost.

3. What is Zero-Knowledge Proof?

Let's explain "Zero-Knowledge Proof," the core technology behind World ID.

Understanding Through a Simple Example

Traditional Identity Verification:

Show your ID to prove you're over 20 → The other party also learns your birthdate, address, name, and other unnecessary information

Zero-Knowledge Proof:

Prove only the fact that you're over 20 → No need to reveal your birthdate or name

How World ID Uses It

With World ID, when logging into a service, you only prove the following:

✓You are a real human verified by Orb
✓This is your first verification on this service (no duplicate accounts)

No personally identifiable information such as name, age, nationality, or iris data is ever sent.

4. What is Shared During Verification?

✓ Information NOT Shared

•Name
•Address / Location
•Date of Birth / Age
•Phone / Email
•Iris Image / IrisCode
•Verification History on Other Services

Information Sent

•Proof of being an "Orb-verified human"
•Proof of "first time on this service"
•Service-specific anonymous ID (Nullifier)

* Nullifiers differ for each service, so you cannot be linked across multiple services

5. Where is Data Stored?

Decentralized Storage

World ID data is stored on a decentralized network, not just on a specific company's servers.

•
Duplicate Detection Data (AMPC shares): Distributed across multiple independent institutions
Used for duplicate detection. AMPC ensures no single institution holds complete data
•
Private Key: Only on user's smartphone
Key that proves "ownership" of World ID. Never stored on servers
•
Iris Image: Not stored anywhere
Immediately deleted after conversion to IrisCode inside the Orb

Distributed IrisCode Storage

IrisCode is not stored in one place. Instead, it is split into multiple "shares" using Secret Sharing. All shares must be combined to reconstruct the original IrisCode, and each share is stored on different servers. This means that even if one server is compromised, there is no risk of the complete IrisCode being leaked.

⚠️

Important Note

Since the private key is only stored on your smartphone, losing your device may result in losing access to your World ID. Be sure to set up a login method (Passkey/Google/Apple) and backup password in Personal Vault.

6. Potential Risks and Countermeasures

No system is perfect. Here are potential risks and World ID's countermeasures.

Risk 1: IrisCode Leakage

Impact: Since IrisCode is a one-way conversion code, the iris image cannot be reconstructed even if leaked. However, theoretically it could be misused to block re-registration of the same person.

Countermeasure: Tamper resistance through decentralized storage, encryption protection

Risk 2: Fake Orb

Impact: Malicious parties could create fake Orbs to collect iris data

Countermeasure: Each Orb has a unique cryptographic key and only works on the official network. Verification sites are official partners only

Risk 3: Future Technology

Impact: Future quantum computers could theoretically break the cryptography

Countermeasure: Design allows cryptographic algorithm upgrades. Uses industry-standard encryption

Risk 4: Organizational Changes

Impact: Tools for Humanity policy changes or business closure

Countermeasure: Open-source protocol design. World Chain is decentralized, not dependent on a single company

7. Can Data Be Deleted?

World ID allows you to request data deletion.

Data That Can Be Deleted

✓World App account information
✓Profile information, backup, Personal Vault

Data That Cannot Be Deleted

✗Anonymized data for duplicate detection (AMPC shares)

* AMPC shares are explained in detail in Section 8.

⚠️

About Re-registration After Deletion

Even after deleting your World ID, anonymized data for duplicate detection (AMPC shares) remains, so the same person cannot re-register. Please consider deletion carefully.

8. Enhanced Privacy with AMPC

AMPC not only enhances privacy protection but also serves as the technical foundation for the "data that cannot be deleted" explained in Section 7.

World ID has introduced AMPC (Anonymous Multi-Party Computation), an advanced cryptographic technology that further strengthens privacy protection.

🔒

What is AMPC?

AMPC is a technology where multiple independent servers cooperate to perform calculations. This allows duplicate checking without any single server knowing the complete iris data.

Key Benefits of AMPC

✓IrisCode is not stored in complete form by any single organization
✓Design requires server cooperation for duplicate checking
✓Further reduces data leakage risk

Learn More About AMPC

9. Conclusion: Should You Get Orb Verified?

World ID's Orb verification has been carefully designed with privacy protection in mind. The final decision depends on personal values, but consider the following:

Who Should Consider Verification

• Value "proof of personhood" in the AI era
• Want to demonstrate credibility as a creator
• Want to receive WLD tokens
• Understand and are satisfied with the technology

Who Should Consider Carefully

• Have concerns about biometric authentication in general
• Have strong anxiety about new technology
• Don't feel the need for World ID
• Still have unresolved questions about how it works

If you have concerns, there's no need to force yourself to get verified. World ID is an opt-in system, and whether or not to get verified is entirely your choice. Make your decision after understanding the details and weighing the pros and cons for yourself.

View Registration Guide Check Pros & Cons

1. Common Concerns and Questions

It's natural to feel concerned when you hear "iris scanning." Here are answers to frequently asked questions.

"What if my iris data is leaked?"

→ Since the actual iris image is not stored, there's no risk of leakage. Only "IrisCode," an irreversible binary code, is stored.

"Can governments or companies track me?"

→ World ID is designed to maintain anonymity. No personally identifiable information is sent during verification.

"Is the Orb harmful to my eyes?"

→ The Orb uses near-infrared LEDs and meets the same safety standards as medical devices. It uses technology similar to ophthalmology equipment.

"Can I undo registration?"

→ You can request data deletion. However, once data is deleted, you cannot obtain a World ID again.

2. How is Iris Data Handled?

Process from Scan to Verification

Iris Scan

Orb captures iris pattern using near-infrared light (~10 seconds)

Convert to IrisCode

Iris Image Deleted

Original iris image is immediately deleted. Never sent to servers

Duplicate Check

Verify IrisCode doesn't match any existing ones (one ID per person guarantee)

World ID Issued

If no duplicates, World ID is issued and registered in World App

🔐

IrisCode Characteristics

3. What is Zero-Knowledge Proof?

Let's explain "Zero-Knowledge Proof," the core technology behind World ID.

Understanding Through a Simple Example

Traditional Identity Verification:

Show your ID to prove you're over 20 → The other party also learns your birthdate, address, name, and other unnecessary information

Zero-Knowledge Proof:

Prove only the fact that you're over 20 → No need to reveal your birthdate or name

How World ID Uses It

With World ID, when logging into a service, you only prove the following:

✓You are a real human verified by Orb
✓This is your first verification on this service (no duplicate accounts)

No personally identifiable information such as name, age, nationality, or iris data is ever sent.

4. What is Shared During Verification?

✓ Information NOT Shared

•Name
•Address / Location
•Date of Birth / Age
•Phone / Email
•Iris Image / IrisCode
•Verification History on Other Services

Information Sent

•Proof of being an "Orb-verified human"
•Proof of "first time on this service"
•Service-specific anonymous ID (Nullifier)

* Nullifiers differ for each service, so you cannot be linked across multiple services

5. Where is Data Stored?

Decentralized Storage

World ID data is stored on a decentralized network, not just on a specific company's servers.

•
Duplicate Detection Data (AMPC shares): Distributed across multiple independent institutions
Used for duplicate detection. AMPC ensures no single institution holds complete data
•
Private Key: Only on user's smartphone
Key that proves "ownership" of World ID. Never stored on servers
•
Iris Image: Not stored anywhere
Immediately deleted after conversion to IrisCode inside the Orb

Distributed IrisCode Storage

⚠️

Important Note

6. Potential Risks and Countermeasures

No system is perfect. Here are potential risks and World ID's countermeasures.

Risk 1: IrisCode Leakage

Impact: Since IrisCode is a one-way conversion code, the iris image cannot be reconstructed even if leaked. However, theoretically it could be misused to block re-registration of the same person.

Countermeasure: Tamper resistance through decentralized storage, encryption protection

Risk 2: Fake Orb

Impact: Malicious parties could create fake Orbs to collect iris data

Countermeasure: Each Orb has a unique cryptographic key and only works on the official network. Verification sites are official partners only

Risk 3: Future Technology

Impact: Future quantum computers could theoretically break the cryptography

Countermeasure: Design allows cryptographic algorithm upgrades. Uses industry-standard encryption

Risk 4: Organizational Changes

Impact: Tools for Humanity policy changes or business closure

Countermeasure: Open-source protocol design. World Chain is decentralized, not dependent on a single company

7. Can Data Be Deleted?

World ID allows you to request data deletion.

Data That Can Be Deleted

✓World App account information
✓Profile information, backup, Personal Vault

Data That Cannot Be Deleted

✗Anonymized data for duplicate detection (AMPC shares)

* AMPC shares are explained in detail in Section 8.

⚠️

About Re-registration After Deletion

Even after deleting your World ID, anonymized data for duplicate detection (AMPC shares) remains, so the same person cannot re-register. Please consider deletion carefully.

8. Enhanced Privacy with AMPC

AMPC not only enhances privacy protection but also serves as the technical foundation for the "data that cannot be deleted" explained in Section 7.

World ID has introduced AMPC (Anonymous Multi-Party Computation), an advanced cryptographic technology that further strengthens privacy protection.

🔒

What is AMPC?

AMPC is a technology where multiple independent servers cooperate to perform calculations. This allows duplicate checking without any single server knowing the complete iris data.

Key Benefits of AMPC

✓IrisCode is not stored in complete form by any single organization
✓Design requires server cooperation for duplicate checking
✓Further reduces data leakage risk

Learn More About AMPC

9. Conclusion: Should You Get Orb Verified?

World ID's Orb verification has been carefully designed with privacy protection in mind. The final decision depends on personal values, but consider the following:

Who Should Consider Verification

• Value "proof of personhood" in the AI era
• Want to demonstrate credibility as a creator
• Want to receive WLD tokens
• Understand and are satisfied with the technology

Who Should Consider Carefully

• Have concerns about biometric authentication in general
• Have strong anxiety about new technology
• Don't feel the need for World ID
• Still have unresolved questions about how it works

1. Common Concerns and Questions

"What if my iris data is leaked?"

"Can governments or companies track me?"

"Is the Orb harmful to my eyes?"

"Can I undo registration?"

2. How is Iris Data Handled?

Process from Scan to Verification

Iris Scan

Convert to IrisCode

Iris Image Deleted

Duplicate Check

World ID Issued

IrisCode Characteristics

3. What is Zero-Knowledge Proof?

Understanding Through a Simple Example

How World ID Uses It

4. What is Shared During Verification?

✓ Information NOT Shared

Information Sent

5. Where is Data Stored?

Decentralized Storage

Distributed IrisCode Storage

Important Note

6. Potential Risks and Countermeasures

Risk 1: IrisCode Leakage

Risk 2: Fake Orb

Risk 3: Future Technology

Risk 4: Organizational Changes

7. Can Data Be Deleted?

Data That Can Be Deleted

Data That Cannot Be Deleted

About Re-registration After Deletion

8. Enhanced Privacy with AMPC

What is AMPC?

Key Benefits of AMPC

9. Conclusion: Should You Get Orb Verified?

Who Should Consider Verification

Who Should Consider Carefully

Get bonus WLD with this invite code

1. Common Concerns and Questions

"What if my iris data is leaked?"

"Can governments or companies track me?"

"Is the Orb harmful to my eyes?"

"Can I undo registration?"

2. How is Iris Data Handled?

Process from Scan to Verification

Iris Scan

Convert to IrisCode

Iris Image Deleted

Duplicate Check

World ID Issued

IrisCode Characteristics

3. What is Zero-Knowledge Proof?

Understanding Through a Simple Example

How World ID Uses It

4. What is Shared During Verification?

✓ Information NOT Shared

Information Sent

5. Where is Data Stored?

Decentralized Storage

Distributed IrisCode Storage

Important Note

6. Potential Risks and Countermeasures

Risk 1: IrisCode Leakage

Risk 2: Fake Orb

Risk 3: Future Technology

Risk 4: Organizational Changes

7. Can Data Be Deleted?

Data That Can Be Deleted

Data That Cannot Be Deleted

About Re-registration After Deletion

8. Enhanced Privacy with AMPC

What is AMPC?

Key Benefits of AMPC

9. Conclusion: Should You Get Orb Verified?

Who Should Consider Verification

Who Should Consider Carefully

Get bonus WLD with this invite code