I'm a flaming atheist but holy fuck do I get uncomfortable with universal IDs and the growing drumbeat of identity verification.
Borders, passports, IDs, personal documentation, it's all just a modern caste system. Yes, it's uncomfortable to think of a world without them but to me, after global warming, digital class slavery is probably the second biggest issue of our time. So much of the world works because bureaucracy is inefficient and non-omniciant, just like humans, yet so many people want the world to be one big TSA checkpoint where everyone must be unnaturally perfect at all times. It's utopian thinking that is leading us towards a type of hell I don't think any of us can even begin to imagine.
Borders and passports have been with us for a while now and are not really a tech thing.
I'll give you modern KYC stuff is annoying - it seems you have to provide proof of identity, address where you live, and often now where your money came from which can be tricky if you haven't documented it.
Worldcoin is actually a step away from the KYC situation where you can prove you are a unique person but not have to give them your name address and finances etc. But so far that's a bit theoretical - all the financial institutions I deal with want KYC stuff and don't accept Worldcoin.
I'm not a huge fan of borders and passports and the like and in favour of practical solutions to reduce it like the EU border free travel. Also things like in the UK there is no obligation to have any sort of ID. Occasionally the government try to bring in an ID card but people revolt.
If it was down to me I'd have fairly free travel within the developed world - say EU, UK, USA, maybe Japan, and limited term work permits for people coming from less well off countries.
Doesn't Worldcoin produce Zero Knowledge Proofs of biometric data? If yes i do not see what kind of personal data the ledger may hold. It holds the proof of their data, not their data.
If some people are not aware of ZKP here is a short really like [1].
If they use ZKP's correctly then what you are proving is membership in a set.
However, they are collecting iris scans which means they are the ones building the set and therefore own all the data about all the members of that set.
To do it properly the government should be the ones who build the set.
There are also problems with respect to stolen identities. If addressed, it's not fully private - you are given a token which you must reuse, making you pseudonymous. Or else a single stolen identity may be used infinitely without anyone realizing it.
>If they use ZKP's correctly then what you are proving is membership in a set.
>However, they are collecting iris scans which means they are the ones building the set and therefore own all the data about all the members of that set.
Totally agree, but any other official of any kind can do the same and create their own membership set. A mayor of a town can create a similar set of citizens. A football's team coach can create their own membership set, of players and fans.
I don't see why that particular membership set is more special than any other.
> To do it properly the government should be the ones who build the set.
To do it properly governments around the world should agree on a standard or two, and use that standard worldwide for the next 50 to 100 years. See for example screws and screwdrivers [1] which are effectively identical for so many years.
When a standard is established for identity, for ownership, for ownership transactions, for signatures, for contracts, for passports and many other things then it is government's job to keep the data safe and private, we agree on that. As soon as identities for example are a technological screw, then we don't want incompatibilities between governments.
> There are also problems with respect to stolen identities.
The ZKP does not need to be the identity by itself. Another identity can be tied to the ZKP proof, and use it's children identities for everyday use. They implemented something like that for Python to avoid supply chain attacks [2].
> The ZKP does not need to be the identity by itself. Another identity can be tied to the ZKP proof
Which is exactly what I said:
> you are given a token which you must reuse, making you pseudonymous
The way it's usually done with ZKP's is through the use of a nullifier, a cryptographic product of hidden information which will always be static. In this case the nullifier may be a public key.
It's all a bit confusing, but I think there are two separate parts to the process of joining and using Worldcoin. To join up they scan your iris and keep a record of the iris scans to stop you applying for multiple accounts. It's anonymous apart from the iris scan - they don't need your name or dob or anything like that.
The second part is once you have an account you can use it to prove you are the person with that account, and this is probably where the zero knowledge proofs come in. In this second stage your irises are irrelevant, they only come up when first applying.
The accounts are very much like crypto wallet public/private key accounts I think although they try to hide the details from you a bit in the app.
Thanks for the info. That's what i thought the process would be. Although i do consider worldcoin to be irrelevant, and eventually to fail at some point in the future.
> Those three codes, which are extremely difficult to break are then stored in databases that are owned by third parties, which include the University of Berkeley, Zurich, Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU) university and NeverMind
> As a result, despite the improvements already introduced, adjustments are still required to bring the company's data processing in line with the applicable provisions Among other things, the company will be obliged to provide a deletion procedure that complies with the provisions of the GDPR within one month of the decision taking effect. In addition, “Worldcoin” will be obliged to provide explicit consent for certain processing steps in the future. Moreover, the deletion of certain data records previously collected without a sufficient legal basis was ordered ex officio. The company has already received the decision and has informed us that it is going to appeal it.
The allusion to "improvements already introduced" would seem to refer (though I'm uncertain of this) to https://world.org/blog/announcements/worldcoin-foundation-un... - which was described there as "reinforced after conversations with data protection authorities focused around further biometric template protection, particularly the Bavarian Data Protection Authority (“BayLDA”), the Worldcoin Foundation’s Lead Supervisory Authority in the EU."
Cryptographic systems that ensure no single party can access data at rest, even if that party were to be compromised, corrupted, or forced to reveal secrets by law enforcement, are absolutely incredible technical achievements - but it seems that, at least in this case, they are insufficient solutions in the eyes of EU regulators. (Not a lawyer, this is not legal advice.)
I hope the stance towards cryptographic erasure evolves thoughtfully over time in general, but World's approach here, beginning to collect data for seemingly unlimited purposes before having a completed system for SMPC, was never going to be one that would lend itself towards establishing positive regulatory precedent.
Will they delete it for real? I feel like many companies either just hide the data or have it sitting in older backups, leaving everyone’s privacy vulnerable.
I usually wonder if they do that as well. In some cases it may be hard to depending on how data is stored. In vertica, a database I worked with would never truly delete data on disk.
Only marking as “deleted” while indefinitely keeping it is illegal in the EU/EEA. The GDPR _requires_ a hard deletion in cases like this, but allows a grace period of a few weeks for the deletion to propagate throughout systems.
Facebook used an encryption key per user for their backups. For deletion they just delete the encryption key which makes the data unreadable. There was an article years ago about their cold storage infrastructure, Blueray discs if I recall. https://www.datacenterfrontier.com/cloud/article/11431537/in...
You could replay this backup, and skip problematic record when writing new copy of the backup. Delete old backup. What’s important is to keep such log of „records to be deleted from backup”.
Our approach would be to add some filters into our 'restore' pipeline which drops the problematic data should we ever attempt a restore, but I don't think it's good enough, and we have to maintain a list of user id hashes or such to power the filters.
Edit: I mean, in a way that won't eat a lot of costs. I can imagine a malicious group opening and demanding deletions for 1000s of users which would mean a deletion job running on a large number of these 20TB backups, say 100 daily backups and for multiple users?
You don't need to delete data instantly, you just need to do it within a reasonable timeframe. So batching data deletion requests and running a clear out once a week should be fine.
You may even be okay to just reply to the user that you've deleted all active copies of the data and it'll be fully gone when your backups expire in 30 days.
> a malicious group opening and demanding deletions for 1000s of users
I am not aware of any provision within GDPR that allows anyone else but the individual person (and courts) to request deletion of their personal data. So I think your example is highly unlikely to ever happen.
This is a solved problem as far as I am concerned.
We have automated systems to deal with requests in that category, it would probably have to be in the double-digit percentage of our customer base before we see any significant impact on our ability to conduct business.
We know which dat belongs to which customer, we know which data we must delete if requested, we know which data (eg invoice related for bookkeeping) we must keep even if requested to delete personal data.
If we ever piss off such a large portion of our customers, that they want to delete their accounts, GDPR-related requests will be the least of our concern.
That cost real money and requires literally throwing out the old backup (which may or may not be destroyable). Think optical media and stuff like that.
The GDPR was proposed and discussed in 2014, it was voted on in 2016, and went into effect in 2018. As 2025 is at the door, what excuses are there really to use a non-compliant tech stack when handling personal data?
I’ve had a cursory look into that recently (just a simple googling) and it seems that it’s considered OK to keep the data in backups.
Which does seem weird… but to be fair, it would be near impossible to delete from backups as they exist today, it would be a law that can’t be practically applied.
Depends on which country's GDPR authorities you ask. At one point the French authorities said you don't have to delete data from backups, the Danish authorities said you have to delete when technically feasible, and the UK authorities said you had to put the data "beyond use" which has been interpreted to mean that if you ever restore from the backup you have omit the "deleted" data.
My guess is that most places go with not taking any active steps to delete things from the backups themselves, counting on media rotation to eventually overwrite the data. When restoring they omit anything that is on the "should be deleted" list.
Illegality matters only if you get caught - and when it comes to the GDPR it turns out even "getting caught" isn't actually a problem, as the continued existence of Facebook, Google, the data broker industry, etc demonstrates.
That seems like nonsense. Software cannot constrain the physical world. I could touch the bits on the drive itself, or I could physically destroy the hard-drive. Both would "truly delete" the data.
Good luck deleting data from my 5th backup drives that I didn't tell you about. It's not hard because destroying a hard drive is hard, it's hard because you need to find not one, but all of the drives that are likely replicated and distributed around the globe already if you ever intended to do business with that data.
It's not a technical problem to solve, it's a legal one. If there is a crushing penalty if data that was supposed to be deleted shows up one day, companies will find a way to delete it.
Umm you can. You can force companies to pass their code through an examination (even by a third party) and define a procedure of ensuring strict data hygiene. If they cannot pass each year, they will be subject to fines.
At least before GDPR it was a common wisdom among backend people that deleting things is just not worth it. I remember when I joined an otherwise cloud-focused team as an embedded engineer and suggested that we add a way to delete an account it was made clear to me that I am asking for an impossible thing. I hope GDPR has managed to change something
Which is why when people make it to mars it will thrive. No taxes, no debt and no government regulation. Just build, build, build baby.
Hopefully 3D printing and materials science will have some cool tech in the future otherwise it could be a slow start.
Assuming humans make it to Mars is already a leap, but assuming a government won’t form almost immediately, if somehow one doesn’t exist from the beginning of colonization, seems even less likely
You'd be entirely dependent on Musk City with its regulations for having resources to stay alive. At least on Earth you can go live in the woods or become a tax exile or some such.
Fun little thought experiment: what differentiates World(coin) from any other "airdrop, pump, and dump" crypto scheme, beyond the eye scanning gimmick?
I was raised in the evangelical south to conservative parents.
World(coin) sounds like it's right out of the plot of some Sunday morning preacher's sermons [1] about Revelations and the "mark of the Beast".
Central organization scanning people and controlling how they transact? Literally the antichrist's M.O.
[1] https://youtu.be/zjHrExOM-ww
I'm a flaming atheist but holy fuck do I get uncomfortable with universal IDs and the growing drumbeat of identity verification.
Borders, passports, IDs, personal documentation, it's all just a modern caste system. Yes, it's uncomfortable to think of a world without them but to me, after global warming, digital class slavery is probably the second biggest issue of our time. So much of the world works because bureaucracy is inefficient and non-omniciant, just like humans, yet so many people want the world to be one big TSA checkpoint where everyone must be unnaturally perfect at all times. It's utopian thinking that is leading us towards a type of hell I don't think any of us can even begin to imagine.
Borders and passports have been with us for a while now and are not really a tech thing.
I'll give you modern KYC stuff is annoying - it seems you have to provide proof of identity, address where you live, and often now where your money came from which can be tricky if you haven't documented it.
Worldcoin is actually a step away from the KYC situation where you can prove you are a unique person but not have to give them your name address and finances etc. But so far that's a bit theoretical - all the financial institutions I deal with want KYC stuff and don't accept Worldcoin.
Slavery has existed a lot longer than either of those but you don't see many rational people using that as an argument in favor of it
I'm not a huge fan of borders and passports and the like and in favour of practical solutions to reduce it like the EU border free travel. Also things like in the UK there is no obligation to have any sort of ID. Occasionally the government try to bring in an ID card but people revolt.
If it was down to me I'd have fairly free travel within the developed world - say EU, UK, USA, maybe Japan, and limited term work permits for people coming from less well off countries.
Together with the vision of the future where all labour is automated and controlled by a few megacorps it paints a truly apocalyptic picture
[flagged]
Doesn't Worldcoin produce Zero Knowledge Proofs of biometric data? If yes i do not see what kind of personal data the ledger may hold. It holds the proof of their data, not their data.
If some people are not aware of ZKP here is a short really like [1].
[1] https://www.youtube.com/shorts/c6gpq9nKogo
If they use ZKP's correctly then what you are proving is membership in a set.
However, they are collecting iris scans which means they are the ones building the set and therefore own all the data about all the members of that set.
To do it properly the government should be the ones who build the set.
There are also problems with respect to stolen identities. If addressed, it's not fully private - you are given a token which you must reuse, making you pseudonymous. Or else a single stolen identity may be used infinitely without anyone realizing it.
>If they use ZKP's correctly then what you are proving is membership in a set.
>However, they are collecting iris scans which means they are the ones building the set and therefore own all the data about all the members of that set.
Totally agree, but any other official of any kind can do the same and create their own membership set. A mayor of a town can create a similar set of citizens. A football's team coach can create their own membership set, of players and fans.
I don't see why that particular membership set is more special than any other.
> To do it properly the government should be the ones who build the set.
To do it properly governments around the world should agree on a standard or two, and use that standard worldwide for the next 50 to 100 years. See for example screws and screwdrivers [1] which are effectively identical for so many years.
When a standard is established for identity, for ownership, for ownership transactions, for signatures, for contracts, for passports and many other things then it is government's job to keep the data safe and private, we agree on that. As soon as identities for example are a technological screw, then we don't want incompatibilities between governments.
> There are also problems with respect to stolen identities.
The ZKP does not need to be the identity by itself. Another identity can be tied to the ZKP proof, and use it's children identities for everyday use. They implemented something like that for Python to avoid supply chain attacks [2].
[1] https://www.youtube.com/watch?v=MXWSn8rMeEo
[2] https://news.ycombinator.com/item?id=42136375
> The ZKP does not need to be the identity by itself. Another identity can be tied to the ZKP proof
Which is exactly what I said:
> you are given a token which you must reuse, making you pseudonymous
The way it's usually done with ZKP's is through the use of a nullifier, a cryptographic product of hidden information which will always be static. In this case the nullifier may be a public key.
It's all a bit confusing, but I think there are two separate parts to the process of joining and using Worldcoin. To join up they scan your iris and keep a record of the iris scans to stop you applying for multiple accounts. It's anonymous apart from the iris scan - they don't need your name or dob or anything like that.
The second part is once you have an account you can use it to prove you are the person with that account, and this is probably where the zero knowledge proofs come in. In this second stage your irises are irrelevant, they only come up when first applying.
The accounts are very much like crypto wallet public/private key accounts I think although they try to hide the details from you a bit in the app.
Thanks for the info. That's what i thought the process would be. Although i do consider worldcoin to be irrelevant, and eventually to fail at some point in the future.
It's been quite fun from the free shitcoin handout point of view but hasn't had enough uptake to be practical as a form of id.
> Those three codes, which are extremely difficult to break are then stored in databases that are owned by third parties, which include the University of Berkeley, Zurich, Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU) university and NeverMind
What do they mean by "Zurich" here?
I guess university
ETH Zurich I assume, their Chief Economist is professor there.
Isn't Germany a country where you have to publish your name, home address and phone if you have a blog or twitter/bluesky.
Normally not for Twitter, but for a standalone blog, yes, you do.
Press release primary sources from the German watchdog, BayLDA:
https://www.lda.bayern.de/media/pm/pm2024_08_en.pdf (EN)
https://www.lda.bayern.de/media/pm/pm2024_08.pdf (DE)
Quote from the officlal English version:
> As a result, despite the improvements already introduced, adjustments are still required to bring the company's data processing in line with the applicable provisions Among other things, the company will be obliged to provide a deletion procedure that complies with the provisions of the GDPR within one month of the decision taking effect. In addition, “Worldcoin” will be obliged to provide explicit consent for certain processing steps in the future. Moreover, the deletion of certain data records previously collected without a sufficient legal basis was ordered ex officio. The company has already received the decision and has informed us that it is going to appeal it.
The allusion to "improvements already introduced" would seem to refer (though I'm uncertain of this) to https://world.org/blog/announcements/worldcoin-foundation-un... - which was described there as "reinforced after conversations with data protection authorities focused around further biometric template protection, particularly the Bavarian Data Protection Authority (“BayLDA”), the Worldcoin Foundation’s Lead Supervisory Authority in the EU."
Cryptographic systems that ensure no single party can access data at rest, even if that party were to be compromised, corrupted, or forced to reveal secrets by law enforcement, are absolutely incredible technical achievements - but it seems that, at least in this case, they are insufficient solutions in the eyes of EU regulators. (Not a lawyer, this is not legal advice.)
I hope the stance towards cryptographic erasure evolves thoughtfully over time in general, but World's approach here, beginning to collect data for seemingly unlimited purposes before having a completed system for SMPC, was never going to be one that would lend itself towards establishing positive regulatory precedent.
Will they delete it for real? I feel like many companies either just hide the data or have it sitting in older backups, leaving everyone’s privacy vulnerable.
I usually wonder if they do that as well. In some cases it may be hard to depending on how data is stored. In vertica, a database I worked with would never truly delete data on disk.
Only marking as “deleted” while indefinitely keeping it is illegal in the EU/EEA. The GDPR _requires_ a hard deletion in cases like this, but allows a grace period of a few weeks for the deletion to propagate throughout systems.
There are backup systems that are write-only. What’s to be done then?
Facebook used an encryption key per user for their backups. For deletion they just delete the encryption key which makes the data unreadable. There was an article years ago about their cold storage infrastructure, Blueray discs if I recall. https://www.datacenterfrontier.com/cloud/article/11431537/in...
You could replay this backup, and skip problematic record when writing new copy of the backup. Delete old backup. What’s important is to keep such log of „records to be deleted from backup”.
How does one do this with a 20TB SQL database?
Our approach would be to add some filters into our 'restore' pipeline which drops the problematic data should we ever attempt a restore, but I don't think it's good enough, and we have to maintain a list of user id hashes or such to power the filters.
Edit: I mean, in a way that won't eat a lot of costs. I can imagine a malicious group opening and demanding deletions for 1000s of users which would mean a deletion job running on a large number of these 20TB backups, say 100 daily backups and for multiple users?
You don't need to delete data instantly, you just need to do it within a reasonable timeframe. So batching data deletion requests and running a clear out once a week should be fine.
You may even be okay to just reply to the user that you've deleted all active copies of the data and it'll be fully gone when your backups expire in 30 days.
IANAL tho.
> a malicious group opening and demanding deletions for 1000s of users
I am not aware of any provision within GDPR that allows anyone else but the individual person (and courts) to request deletion of their personal data. So I think your example is highly unlikely to ever happen.
A group of individuals could do a gdpr flashmob and make any data admin miserable.
This is a solved problem as far as I am concerned.
We have automated systems to deal with requests in that category, it would probably have to be in the double-digit percentage of our customer base before we see any significant impact on our ability to conduct business.
We know which dat belongs to which customer, we know which data we must delete if requested, we know which data (eg invoice related for bookkeeping) we must keep even if requested to delete personal data.
If we ever piss off such a large portion of our customers, that they want to delete their accounts, GDPR-related requests will be the least of our concern.
That cost real money and requires literally throwing out the old backup (which may or may not be destroyable). Think optical media and stuff like that.
The GDPR was proposed and discussed in 2014, it was voted on in 2016, and went into effect in 2018. As 2025 is at the door, what excuses are there really to use a non-compliant tech stack when handling personal data?
It's imprudent to use technology that makes it impossible to comply with the law.
I’ve had a cursory look into that recently (just a simple googling) and it seems that it’s considered OK to keep the data in backups.
Which does seem weird… but to be fair, it would be near impossible to delete from backups as they exist today, it would be a law that can’t be practically applied.
Depends on which country's GDPR authorities you ask. At one point the French authorities said you don't have to delete data from backups, the Danish authorities said you have to delete when technically feasible, and the UK authorities said you had to put the data "beyond use" which has been interpreted to mean that if you ever restore from the backup you have omit the "deleted" data.
My guess is that most places go with not taking any active steps to delete things from the backups themselves, counting on media rotation to eventually overwrite the data. When restoring they omit anything that is on the "should be deleted" list.
Encrypt it and delete keys.
Encrypt write-once backups and store the keys on rewritable backups.
Simple. Destroy the backup physically.
The acid bath.
Store everything on a decentralized P2P server for privacy enhancing technologists (PETs) to deconstruct.
Illegality matters only if you get caught - and when it comes to the GDPR it turns out even "getting caught" isn't actually a problem, as the continued existence of Facebook, Google, the data broker industry, etc demonstrates.
That seems like nonsense. Software cannot constrain the physical world. I could touch the bits on the drive itself, or I could physically destroy the hard-drive. Both would "truly delete" the data.
Good luck deleting data from my 5th backup drives that I didn't tell you about. It's not hard because destroying a hard drive is hard, it's hard because you need to find not one, but all of the drives that are likely replicated and distributed around the globe already if you ever intended to do business with that data.
It's not a technical problem to solve, it's a legal one. If there is a crushing penalty if data that was supposed to be deleted shows up one day, companies will find a way to delete it.
One issue I foresee is that you can't legislate bugs away.
A bug is just a mistake, and the legal system already deals with mistakes in a variety of ways.
Umm you can. You can force companies to pass their code through an examination (even by a third party) and define a procedure of ensuring strict data hygiene. If they cannot pass each year, they will be subject to fines.
Agree.
The file locker site i use said my account was deactivated due to inactivity.
But after a simple email pw reset all my uploads are back online.
Makes me aware any deletion i do is probably NOT done server side.
At least before GDPR it was a common wisdom among backend people that deleting things is just not worth it. I remember when I joined an otherwise cloud-focused team as an embedded engineer and suggested that we add a way to delete an account it was made clear to me that I am asking for an impossible thing. I hope GDPR has managed to change something
Right. Most all users want the restore option much more than a clean delete.
Now imagine backups stored on tapes. How many companies would resort to rewinding all of them in search of this single record.
Easy:
- Rotate old tapes to store the freshest backup (according to retention policy)
- Store row ID for each deletion request
- Replay deletions during restore
Either way you want (or already have) a scrubbing procedure to import production data into a staging environment, so this is not a technical issue.
Yeah during restore. But is this still compliant with GDPR deletion request when you still physically have access to a copy of user's data?
I mean, sure, it's very theoretical, you can't prove that Meta or Google doesn't delete your data until a leak.
I'd quite like if they deleted my iris data as they've given me about $300 so far and if so I could open another account or two and do it over.
The history of modern technology is the history of running away from government regulation.
Which is why when people make it to mars it will thrive. No taxes, no debt and no government regulation. Just build, build, build baby. Hopefully 3D printing and materials science will have some cool tech in the future otherwise it could be a slow start.
Assuming humans make it to Mars is already a leap, but assuming a government won’t form almost immediately, if somehow one doesn’t exist from the beginning of colonization, seems even less likely
You'd be entirely dependent on Musk City with its regulations for having resources to stay alive. At least on Earth you can go live in the woods or become a tax exile or some such.
If you understood TESCREAL, you wouldnt think this a good thing.
[dead]
[dead]
[flagged]
Surely we are not talking about Worldcoin?
Fun little thought experiment: what differentiates World(coin) from any other "airdrop, pump, and dump" crypto scheme, beyond the eye scanning gimmick?
Nothing? The whole thing is a scam.
That's not coincidence. He's the head of one of the most "transformative" companies because he's a brazen liar.
Yeah, what a shame. Which company did you mean here?
yes