The famous Route 66 bisects Upland, California, and on that route you can find the C&M Classy Mart. Here is a video that I filmed there this morning.
Classy by Definition
Category Archives: Uncategorized
Quick Tech Takes on Speech Neuroprosthesis, AEM Dynamic Media, and Graph Databases in IAM
Yes, I’m stealing the Biometric Update practice of combining multiple items into a single post, but this lets me take a brief break from identity (mostly) and examine three general technology stories:
- Advances in speech neuroprosthesis (the Pat Bennett / Stanford University story).
- The benefits of Dynamic Media for Adobe Enterprise Manager users, as described by KBWEB Consult.
- The benefits of graph databases for Identity and Access Management (IAM) implementations, as described by IndyKite.
Speech Neuroprosthesis
First, let’s define “neuroprosthetics/neuroprosthesis”:
Neuroprosthetics “is a discipline related to neuroscience and biomedical engineering concerned with developing neural prostheses, artificial devices to replace or improve the function of an impaired nervous system.
From: Neuromodulation (Second Edition), 2018
Various news sources highlighted the story of amyotrophic lateral sclerosis (ALS) patient Pat Bennett and her somewhat-enhanced ability to formulate words, resulting from research at Stanford University.
Because I was curious, I sought the Nature article that discussed the research in detail, “A high-performance speech neuroprosthesis.” The article describes a proof of concept of a speech brain-computer interface (BCI).
Here we demonstrate a speech-to-text BCI that records spiking activity from intracortical microelectrode arrays. Enabled by these high-resolution recordings, our study participant—who can no longer speak intelligibly owing to amyotrophic lateral sclerosis—achieved a 9.1% word error rate on a 50-word vocabulary (2.7 times fewer errors than the previous state-of-the-art speech BCI2) and a 23.8% word error rate on a 125,000-word vocabulary (the first successful demonstration, to our knowledge, of large-vocabulary decoding). Our participant’s attempted speech was decoded at 62 words per minute, which is 3.4 times as fast as the previous record8 and begins to approach the speed of natural conversation (160 words per minute9).
From https://www.nature.com/articles/s41586-023-06377-x
While a 125,000 word vocabulary is impressive (most adult native English speakers have a vocabulary of 20,000-35,000 words), a 76.2% accuracy rate is so-so.
Stanford Medicine published a more lay-oriented article and a video that described Bennett’s condition, and the results of the study.
For Bennett, the (ALS) deterioration began not in her spinal cord, as is typical, but in her brain stem. She can still move around, dress herself and use her fingers to type, albeit with increasing difficulty. But she can no longer use the muscles of her lips, tongue, larynx and jaws to enunciate clearly the phonemes — or units of sound, such as sh — that are the building blocks of speech….
After four months, Bennett’s attempted utterances were being converted into words on a computer screen at 62 words per minute — more than three times as fast as the previous record for BCI-assisted communication.
From https://med.stanford.edu/news/all-news/2023/08/brain-implant-speech-als.html
The Benefits of AEM Dynamic Media
Now let’s shift to companies that need to produce marketing collateral. Bredemarket produces collateral, but not to the scale that big companies need to produce. A single company may have to produce millions of pieces of collateral, each of which is specific to a particular product, in a particular region, for a particular audience/persona. Even Bredemarket could potentially produce all sorts of content, if it weren’t so difficult to do so:
- A YouTube description of the Bredemarket 400 Short Writing Service, targeted to fingerprint/face marketing executives in the identity industry.
- An Instagram carousel post about the Bredemarket 400 Short Writing Service, targeted to voice sales executives in the identity industry.
- A TikTok reel about the Bredemarket 400 Short Writing Service, targeted to marketing executives in the AI industry.
All of this specialized content, using all of these different image and video formats? I’m not gonna create all that.
But as KBWEB Consult (a boutique technology consulting firm specializing in the implementation and delivery of Adobe Enterprise Cloud technologies) points out in its article “Implementing Rapid Omnichannel Messaging with AEM Dynamic Media,” Adobe Experience Manager has tools to speed up this process and create correctly-messaged content in ALL the formats for ALL the audiences.
One of those tools is Dynamic Media.
AEM Dynamic Media accelerates omnichannel personalization, ensuring your business messages are presented quickly and in the proper formats. Starting with a master file, Dynamic Media quickly adjusts images and videos to satisfy varying asset specifications, contributing to increased content velocity.
From https://kbwebconsult.com/implementing-rapid-omnichannel-messaging-with-aem-dynamic-media/
For those who aren’t immersed in marketing talk:
- “Omnichannel personalization” refers to the need to get a personalized message out across all channels.
- “Content velocity” means getting stuff out fast.
The article also discusses further implementation issues that are of interest to AEM users. If you are such a user, check the article out.
Graph Databases in Identity and Access Management (IAM)
I previously said that I was MOSTLY taking a break from identity, but graph databases impact items well beyond identity.
A graph database, also referred to as a semantic database, is a software application designed to store, query and modify network graphs. A network graph is a visual construct that consists of nodes and edges. Each node represents an entity (such as a person) and each edge represents a connection or relationship between two nodes.
Graph databases have been around in some variation for along time. For example, a family tree is a very simple graph database….
Graph databases are well-suited for analyzing interconnections…
From https://www.techtarget.com/whatis/definition/graph-database
The claim is that the interconnection analysis capabilities of graph databases are much more flexible and comprehensive than the capabilities of traditional relational databases. While graph databases are not always better than relational databases, they are better for cerrtain types of data.
To see how this applies to identity and access management (IAM), I’ll turn to IndyKite, whose Lasse Andersen recently presented on graph database use in IAM (in a webinar sponsored by Strativ Group). IndyKite describes its solution as follows (in part):
A knowledge graph that holistically captures the identities of customers and IoT devices along with the rich relationships between them
A dynamic and real-time data model that unifies disconnected identity data and business metadata into one contextualized layer
From https://www.indykite.com/identity-knowledge-graph
So what?
For example, how does such a solution benefit banking and financial services providers who wish to support financial identity?
Identity-first security to enable trusted, seamless customer experiences
From https://www.indykite.com/banking
Yes, I know that every identity company (with one exception) uses the word “trust,” and they all use the word “seamless.”
But this particular technology benefits banking customers (at least the honest ones) by using the available interconnections to provide all the essential information about the customer and the customer’s devices, in a way that does not inconvenience the customer. IndyKite claims “greater privacy and security,” along with flexibility for future expansion.
In other words, it increases velocity.
What is your technology story?
I hope you provided this quick overview of these three technology advances.
But do you have a technology story that YOU want to tell?
Perhaps Bredemarket, the technology content marketing expert, can help you select the words to tell your story. If you’re interested in talking, let me know.
- Email me at john.bredehoft@bredemarket.com.
- Book a meeting with me at calendly.com/bredemarket.
- Contact me at bredemarket.com/contact/.
- Subscribe to my mailing list at http://eepurl.com/hdHIaT.
Customs Becoming Artificial, Thanks to Pangiam
I missed this story when it came out in May.
MCLEAN, Va., May 2, 2023 /PRNewswire/ — The West Virginia University Research Corporation (WVURC) and Pangiam, a leading trade a travel technology company, announced a new partnership to conduct research and develop new, cutting-edge artificial intelligence, machine learning and computer vision technologies for commercial and government applications.
Pangiam and WVURC will work together to launch Pangiam Bridge, a cutting-edge artificial intelligence driven solution for customs authorities worldwide. Pangiam Bridge will allow customs officials to automate portions of the customs inspection process for baggage and cargo. Jim McLaughlin, Pangiam Chief Technology Officer, said, “we are excited to grow Pangiam’s artificial intelligence work in partnership with West Virginia University and continued development of Pangiam Bridge for customs authorities.”
From https://www.prnewswire.com/news-releases/pangiam-and-west-virginia-university-research-corporation-partner-to-develop-artificial-intelligence-and-computer-vision-technology-301813334.html
Pangiam Bridge is obviously not ready for prime time yet; it’s not even mentioned on Pangiam’s Products and Services page, nor is it mentioned anywhere else on Pangiam’s website. The only mention of Pangiam Bridge is in this press release, which isn’t surprising considering that this is a research effort. But if the research holds out, then many of the manual processes used by customs agents may be significantly reduced or eliminated entirely.
And this isn’t Pangiam’s only artificial intelligence research effort.
Project DARTMOUTH is the collaboration between Pangiam and Google Cloud, named after the 1956 Dartmouth Summer Research Project on Artificial Intelligence. Project DARTMOUTH utilizes AI and pattern analysis technologies to digest and analyze vast amounts of data in real-time and identify potential prohibited items in carry-on baggage, checked baggage, airline cargo and shipments.
From https://pangiam.com/projectdartmouth/
Geographical Confusion Strikes Again, Eh?
Companies always strive to obtain some sort of recognition. I tried to do the same for Bredemarket, but my effort got derailed into a common local Inland Empire joke.
Aware’s biometric blog recognition
So what recognition did I want to receive? The same recognition that noted biometric company Aware received in 2020.
The Best Biometrics Blogs from thousands of Biometrics blogs on the web using search and social metrics. Subscribe to these websites because they are actively working to educate, inspire, and empower their readers with frequent updates and high-quality information.
From https://www.aware.com/blog-top-25-biometric-blogs-aware/
Aware announced that its blog made a list of the top 25 biometric blogs. It maintains this top 25 ranking to this day.
And I wanted in.
Not that I necessarily consider myself equal to Aware or some of the other noted companies on the current list, but as the self-acknowledged identity/biometric blog expert, with hundreds of identity posts over the last three years, I figured I had a shot of making the list. The benefit to me, of course, is that if I made the list, I had a better chance of securing identity blog post writing clients and other clients.
So far I haven’t made the biometric blogs list.
But I did make another list.
Which is somewhat problematic.
Ontario blogs? True.
You see, earlier this morning I received an email that stated the following.
I would like to personally congratulate you as your blog Bredemarket Blog has been selected by our panelist as one of the Top 45 Ontario Bloggers on the web.
https://blog.feedspot.com/ontario_bloggers/
I personally give you a high-five and want to thank you for your contribution to this world. This is the most comprehensive list of Top 45 Ontario Bloggers on the internet and I’m honored to have you as part of this!
We’d be grateful if you can help us spread the word by briefly mentioning about the Top 45 Ontario Bloggers list in any of your upcoming post.
From email received August 22, 2023.
Now that sounds pretty nice.
Until I checked my listing.
Did you see it?
Here, let me help you.
Yup. The people who created the feed think that I’m in CANADA.
But if you think my listing is messed up, take a look at the number 1 listing, for the official news site for the Government of Ontario. This IS a Canadian website, as evidenced by its URL of https://news.ontario.ca/newsroom/en, and the fact that it discusses people like Doug Ford. But take a real close look at the logo at the left of the listing.
Yup. That’s the logo for Ontario, CALIFORNIA, which to my knowledge appears nowhere on the Government of Ontario (Canada) website.
And I know the difference: I’m not the Ontario Canada content marketing expert, but I am the Ontario California content marketing expert.
And our websites down here don’t offer French as one of the two main languages.
If you live in Canada, don’t read this section
But at least the Bredemarket blog is listed SOMEWHERE, because I help a lot of U.S. companies (sorry, no Canadian companies) create the words they need to drive awareness and eventually revenue. Services such as the Bredemarket 400 Short Writing Service let Bredemarket collaborate with you to create the text your firm needs.
If I can help your firm:
- Email me at john.bredehoft@bredemarket.com.
- Book a meeting with me at calendly.com/bredemarket.
- Contact me at bredemarket.com/contact/.
- Subscribe to my mailing list at http://eepurl.com/hdHIaT.
You Need a Laptop AND a Smartphone For This To Work. Or You Don’t.
If you are reading this on your laptop (or your desktop), point your smartphone to the QR code on your laptop (or desktop) screen to read my first e-book, “Six Questions Your Content Creator Should Ask You.”
(UPDATE OCTOBER 22, 2023: “SIX QUESTIONS YOUR CONTENT CREATOR SHOULD ASK YOU IS SO 2022. DOWNLOAD THE NEWER “SEVEN QUESTIONS YOUR CONTENT CREATOR SHOULD ASK YOU” HERE.)
If you are reading this on your smartphone, just click on this link: https://bredemarket.com/wp-content/uploads/2022/12/bmteb6qs-2212a.pdf.
As I said before, QR codes are sometimes useful, and sometimes not.
If you want to know the “why” about the e-book-see what I did there?-visit my announcement of the e-book. You can view the e-book there also.
By the way, I just checked my WordPress stats. Since this e-book was published in December 2022, it’s been downloaded over 160 times. I hope it’s helping people.
How Unusual Gambling Portals Drive the Need for Age Verification and Estimation
Gambling is becoming acceptable in more and more places.
When I was young, and even when I got older, the idea of locating a pro sports team in Las Vegas, Nevada was unthinkable. In the last few years, that has changed dramatically.
The Roblox “Robux” gambing lawsuit
Well, now that gambling for adults has become more and more acceptable (although adults in my home state of California still can’t gamble by phone), now attention is focusing on child gambling.
And no, the kids aren’t gambling U.S. currency, according to TechCrunch.
In a new class action lawsuit filed in the Northern District of California this week, two parents accuse Roblox of illegally facilitating child gambling.
While gambling is not allowed on the platform, which hosts millions of virtual games that cater to children and teens, the lawsuit points to third-party gambling sites that invite users to play blackjack, slots, roulette and other games of chance using Roblox’s in-game currency.
From https://techcrunch.com/2023/08/18/roblox-children-gambling-class-action-lawsuit-robux/?_hsmi=271025889
But the gambling sites’ terms of service prohibit underage gambling!
I’m not going to concentrate on Roblox here, but on the other defendants—the ones who actually operate the sites that allegedly allow child gambling.
The lawsuit specifically names RBXFlip, Bloxflip and RBLXWild as participants in “an illegal gambling operation that is preying on children nationwide.”
From https://techcrunch.com/2023/08/18/roblox-children-gambling-class-action-lawsuit-robux/?_hsmi=271025889
But according to Bloxflip’s Terms of Service, it’s impossible that children can be using the site, because the Terms of Service prohibit this.
By accessing Bloxflip or using the Services, you accept and agree to our website policies, including these Terms of Service, and you certify to us that (i) you are eighteen (18) years of age or older, and are at least the age of majority in your jurisdiction, (ii) you are not a resident of Washington, (iii) you have the legal capacity to enter into and agree to these Terms of Service, (iv) you are using the Services freely, voluntarily, willingly, and for your own personal enjoyment, and (v) you will only provide accurate and complete information to us and promptly update this information as necessary to maintain its accuracy and completeness.
From https://bloxflip.com/terms
However, stating a minimum age in your TOS is even less effective than other common age verification methods, such as
- Asking your customer to check a box to say that they are over 18 years old.
- Asking your customer to type in their birthday.
- Requiring your customer to read a detailed description of IRA/401(k) funding strategies and the medical need for colonoscopies. (This would be more effective than the first two methods.)
A better way to verify and estimate ages
As more and more companies are realizing, however, there are other ways to measure customer ages, including a comparison of a live face with a government-issued identification card (driver’s license or passport), or the use of “age estimation” software to ensure that a 12 year old isn’t gambling. (And don’t forget that NIST will test age estimation software as part of its FATE testing.)
Even when the kids aren’t gambling legal currency.
I survived #hilary (Sunday after 8pm PDT)
Pipe Down Before Panicking Over Voice Resonance Alteration
(Part of the biometric product marketing expert series)
On the surface, it sounds scary. Tricking automated speaker identification systems with PVC pipe?
(D)igital security engineers at the University of Wisconsin–Madison have found these systems are not quite as foolproof when it comes to a novel analog attack. They found that speaking through customized PVC pipes — the type found at most hardware stores — can trick machine learning algorithms that support automatic speaker identification systems.
From https://news.wisc.edu/down-the-tubes-common-pvc-pipes-can-hack-voice-identification-systems/
So how does the trick work?
The project began when the team began probing automatic speaker identification systems for weaknesses. When they spoke clearly, the models behaved as advertised. But when they spoke through their hands or talked into a box instead of speaking clearly, the models did not behave as expected.
(Shimaa) Ahmed investigated whether it was possible to alter the resonance, or specific frequency vibrations, of a voice to defeat the security system. Because her work began while she was stuck at home due to COVID-19, Ahmed began by speaking through paper towel tubes to test the idea. Later, after returning to the lab, the group hired Yash Wani, then an undergraduate and now a PhD student, to help modify PVC pipes at the UW Makerspace. Using various diameters of pipe purchased at a local hardware store, Ahmed, Yani and their team altered the length and diameter of the pipes until they could produce the same resonance as they voice they were attempting to imitate.
Eventually, the team developed an algorithm that can calculate the PVC pipe dimensions needed to transform the resonance of almost any voice to imitate another. In fact, the researchers successfully fooled the security systems with the PVC tube attack 60 percent of the time in a test set of 91 voices, while unaltered human impersonators were able to fool the systems only 6 percent of the time.
From https://news.wisc.edu/down-the-tubes-common-pvc-pipes-can-hack-voice-identification-systems/
Impressive results. But…
Who was fooled?
We’ve run across these biometric spoof claims before, specifically in the first test that asserted that face categorization algorithms were racist and sexist. (Face categorization, not face recognition. That’s another story.) If you didn’t view the Gender Shades website, you’d immediately assume that the hundreds of existing face categorization algorithms had just been proven to be racist and sexist. But if you read the Gender Shades study, you’ll see that it only tested three algorithms (IBM, Microsoft, and Face++). Similarly, the Master Faces study only looked at three algorithms (Dlib, FaceNet, and SphereFace).
So let’s ask the question: which voice algorithms did UW-Madison test?
Here’s what the study (PDF) says.
We evaluate two state-of-the-art ASI models: (1) the x-vector network [51] implemented by Shamsabadi et al. [45], and (2) the emphasized channel attention, propagation and aggregation time delay neural network (ECAPATDNN) [17], implemented by SpeechBrain.1 Both models were trained on VoxCeleb dataset [15, 36, 37], a benchmark dataset for ASI. The x-vector network is trained on 250 speakers using 8 kHz sampling rate. ECAPA-TDNN is trained on 7205 speakers using 16 kHz sampling rate. Both models report a test accuracy within 98-99%.
From https://www.usenix.org/system/files/sec23fall-prepub-452-ahmed.pdf
So what we know is that this test, which used these two ASI models trained on a particular dataset, demonstrated an ability to fool systems 60 percent of the time.
But…
- What does this mean for other ASI algorithms, including the commercial algorithms in use today?
- And what does it mean when other datasets are used?
In other words (and I’m adapting my own text here), how do the results of this study affect “current automatic speaker identification products”?
The answer is “We don’t know.”
So pipe down…until we actually test commercial algorithms for this technique.
But I’m sure that the UW-Madison researchers and I agree on one thing: more research is needed.
The Great Renaming: FRVT is now FRTE and FATE
Face professionals, your world just changed.
I and countless others have spent the last several years referring to the National Institute of Standards and Technology’s Face Recognition Vendor Test, or FRVT. I guess some people have spent almost a quarter century referring to FRVT, because the term has been in use since 1999.
Starting now, you’re not supposed to use the FRVT acronym any more.
Face Technology Evaluations – FRTE/FATE
To bring clarity to our testing scope and goals, what was formerly known as FRVT has been rebranded and split into FRTE (Face Recognition Technology Evaluation) and FATE (Face Analysis Technology Evaluation). Tracks that involve the processing and analysis of images will run under the FATE activity, and tracks that pertain to identity verification will run under FRTE. All existing participation and submission procedures remain unchanged.
From https://www.nist.gov/programs-projects/face-technology-evaluations-frtefate
So, for example, the former “FRVT 1:1” and “FRVT 1:N” are now named “FRTE 1:1” and “FRTE 1:N,” respectively. At least at present, the old links https://pages.nist.gov/frvt/html/frvt11.html and https://pages.nist.gov/frvt/html/frvt1N.html still work.
The change actually makes sense, since tasks such as age estimation and presentation attack detection (liveness detection) do not directly relate to the identification of individuals.
Us old folks just have to get used to the change.
I just hope that the new “FATE” acronym doesn’t mean that some algorithms are destined to perform better than others.
Worldcoin’s “Face/Off” With Authorities in Argentina and Kenya (and alarmists worldwide)
Can someone pretend to be you if they have no idea who you are?
It’s been a couple of weeks since I last addressed Worldcoin’s activities, but a lot has happened in Kenya, and now in Argentina also. Here’s a succinct (I hope) update that looks beyond the blaring headlines to see what is REALLY happening.
And, at the end of this post, I address what COULD happen if a fraudster “cut off someone’s face, including gouging out their eyes, and then you draped it all over your own face.” Hey, you have to consider ALL the use cases.
Argentina and data protection laws
So what is the reality in Argentina? According to CoinDesk, the Argentine Agency for Access to Public Information (AAIP) is conducting an investigation into WorldCoin.
According to the AAIP, an entity like Worldcoin must register with the AAIP, provide information about its data processing policy, and indicate the purpose for collecting sensitive data and the retention period for such data. Additionally, the agency requires details of the security and confidentiality measures applied to safeguard personal information. The AAIP did not confirm whether Worldcoin complies with the standards.
Worldcoin told CoinDesk in an emailed statement that “the project complies with all laws and regulations governing the processing of personal data in the markets where Worldcoin is available, including but not limited to Argentina’s Personal Data Protection Act 25.326.”
From https://www.coindesk.com/policy/2023/08/10/worldcoin-regulatory-scrutiny-grows-as-argentina-opens-investigation/
But what is this “personal data” that concerns Argentina so much?
The data that Worldcoin collects
Now a number of companies need to comply with local privacy regulations in numerous countries, and Worldcoin obviously must obey the law in the countries where it conducts business, including laws about personally identifiable information (PII). For illustration, here is an incomplete list of examples of PII, compiled by the University of Pittsburgh:
Name: full name, maiden name, mother’s maiden name, or alias
Personal identification numbers: social security number (SSN), passport number, driver’s license number, taxpayer identification number, patient identification number, financial account number, or credit card number
Personal address information: street address, or email address
Personal telephone numbers
Personal characteristics: photographic images (particularly of face or other identifying characteristics), fingerprints, or handwriting
Biometric data: retina scans, voice signatures, or facial geometry
Information identifying personally owned property: VIN number or title number
Asset information: Internet Protocol (IP) or Media Access Control (MAC) addresses that consistently link to a particular person
From https://www.technology.pitt.edu/help-desk/how-to-documents/guide-identifying-personally-identifiable-information-pii
To my knowledge, Worldcoin acquires PII in two separate instances: when downloading the World App, and when registering at an Orb.
Data collected by the World App
First, Worldcoin collects data when you download the World App. The data that is collected by the iOS version of the World App includes a user ID, the user’s coarse location, a name, contacts, and a phone number. I’ll admit that the collection of contacts is a little odd, but let’s see what happens to that data later in the process.
Data collected by the Orb
Second, Worldcoin collects data when you enroll at an Orb.
Obviously the Orb collects iris images, and also collects face images. But what else is collected at the Orb?
Nothing.
Worldcoin documents two use cases in its privacy statement: one “without data custody,” and one “with data custody.” In the first use case:
Your biometric data is first processed locally on the Orb and then permanently deleted. The only data that remains is your iris code. This iris code is a set of numbers generated by the Orb and is not linked to your wallet or any of your personal information. As a result, it really tells us — and everyone else — nothing about you. All it does is stop you from being able to sign up again.
From https://worldcoin.org/privacy
But what about the second use case, in which the user consents to have Worldcoin retain information (so that the user does not have to re-enroll if they get a new phone)?
Your biometric data is first processed locally on the Orb and then sent, via encrypted communication channels, to our distributed secure data stores, where it is encrypted at rest. Once it arrives, your biometric data is permanently deleted from the Orb.
From https://worldcoin.org/privacy
Regardless of whether biometric data is retained or not, other PII isn’t even collected at the Orb:
Since you are not required to provide personal information like your name, email address, physical address or phone number, this means that you can easily sign up without us ever knowing anything about you.
From https://worldcoin.org/privacy
“But John,” you’re saying, “names and phone numbers are not collected at the Orb, but names and phone numbers ARE collected by the World App. So how are the name, phone number, user ID, and ‘iris code’ linked together?” Let me reprint what Worldcoin says about the app:
Your Worldcoin App is your self-custodial wallet. That means, just like a physical wallet, that no banks, governments or corporations can do anything to it — like lose or freeze your money — you’re in complete control.
You also don’t need to enter any personal information to get or use the App. But even if you do, you can rest assured that, unlike others, we will never sell or try to profit from your personal information.
From https://worldcoin.org/privacy
So apparently, while the World App asks for your name, it is not a mandatory field. I just confirmed this on my World App (which I enabled on May 16, without orb verification); the only identifying information that I could find was my phone number and my user ID.
And I’m assuming that if I were to enroll at an Orb, the iris code would be linked to my user ID.
Depending upon Worldcoin’s internal architecture:
- It’s possible that the iris code could be linked to my phone number, either intentionally or unintentionally. But even if it is, an iris code in and of itself is useless outside of the Worldcoin ecosystem. In the same way that an Aware, IDEMIA, NEC, or Thales fingerprint template (not the fingerprint image) can’t be used to generate a full fingerprint image, a Worldcoin iris code can’t be used to generate a full iris image.
- If I choose the “with data custody” option, my biometric images could be linked to my phone number. Again, they could be linked either intentionally or unintentionally. If such a linkage exists, then that IS a problem. If a user chooses to back up both their World App data and their Orb biometric image data with Worldcoin (and again, the user must CHOOSE to back up both sets of data), how does Worldcoin ensure that the two sets of data can’t be linked?
Presumably Argentina’s AAIP will investigate Worldcoin’s architecture to ensure that there are no financial identity threats.
Which leads us to Kenya.
Kenya and data protection laws
When we last visited Kenya and Worldcoin on August 2, the government had announced that “(r)elevant security, financial services and data protection agencies have commenced inquiries and investigations to establish the authenticity and legality of the aforesaid activities, the safety and protection of the data being harvested, and how the harvesters intend to use the data.”
Those investigations continue, Worldcoin’s Kenya offices have been raided, and Parliament is angry at the regulatory authorities…for not doing enough. The article that reports this states that the Data Protection Unit feels it is not responsible for investigating the “core business” of the registered companies, but Parliament feels otherwise.
The article also makes another interesting statement:
…the office failed to conduct background checks on the company, whose operations have been banned in both the United States of America (USA) and Germany.
From https://nation.africa/kenya/news/you-ve-failed-kenyans-mps-tell-data-commissioner-immaculate-kassait-over-worldcoin-saga-4338518
Um, fake fake fake.
As I previously noted, I can visit an Orb in Santa Monica, California to register my irises. Last I checked, Santa Monica is still part of the United States of America (USA).
Now what I CAN’T do is obtain some Worldcoin when I register my irises.
In addition, Worldcoin tokens (“WLD”) are not intended to be available for use, purchase, or access by US persons, including US citizens, residents, or persons in the United States, or companies incorporated, located, or resident in the United States, or who have a registered agent in the United States. We do not make WLD available to such US persons. Furthermore, you agree that you will not sell, transfer or make available WLD to US persons.
From User Terms And Conditions, Version 3.10, Effective August 2, 2023, https://worldcoin.pactsafe.io/rkuawsvk5.html#contract-qx3iz24-o
But US persons can still download the app and provide irises to our hearts’ content.
We just can’t get any crypto.
And for the Argentine and Kenyan authorities, the main reason they care about this is the crypto.
Worldcoin is useless for most identification use cases
I’ll make the point that I made before.
Worldcoin is NOT a tool to identify and exploit poor people.
In fact, as the term is commonly understood, Worldcoin does not, and cannot, identify ANYONE.
This is by design.
World ID is a digital passport that lets you prove you are a unique and real person while remaining anonymous.
From https://worldcoin.org/world-id
So if you think that obtaining a World ID will allow you to
- open a bank account,
- obtain state welfare benefits, or
- vote in a local election…
…think again.
Worldcoin CANNOT identify you as a known individual.
It can only establish your uniqueness.
But what about the hacks?
But if you’d like to be unsettled, I’ll close with a quote from another Blockworks article written by someone who visited an Orb in Brooklyn, New York. Last I checked, Brooklyn is still part of the United States of America (USA).
I continued on a darker vein: What if a criminal mastermind decided to cut out someone’s eyes, and use them to steal their identity?
The Orb engineer told me that it wouldn’t work. This Orb needs to see alive, blinking eyes, and a human face that is real attached to them. A picture of someone’s eyes won’t scan, robot eyes won’t scan, canine eyes won’t scan.
But then I got him.
If you cut off someone’s face, including gouging out their eyes, and then you draped it all over your own face, could you register as them with a Worldcoin scanner and steal their identity?
Yes.
Although he promised that the Worldcoin R&D team has not tested this particular edge case.
From https://blockworks.co/news/worldcoin-eyeballs-scan-brooklyn
(Repeats to myself) Face/Off was only a movie…Face/Off was only a movie…
Bredemarket 