Analysis of the WorldCoin Project Biometric Data Privacy and Risks in Prospective National Defense Scenarios
Keywords:
digital governance, data privacy, cryptocurrencyAbstract
As technology advances, the demand for information security solutions in applications grows to keep pace with disruptive technologies. In this context, World Network has developed a new Single Sign-On (SSO) login format, using individual iris photo collection for two-factor banking authentication. In this project, World Network encountered regulatory challenges in several countries due to data privacy concerns. Given this scenario, the present study aims to analyze the risks associated with the collection and storage of such data, as well as its implications in prospective national defense scenarios. This research is justified, given that emblematic cases involving data privacy and mass population control in the governmental sphere have already marked the past, such as the National Security Agency (NSA) scandal denounced by Edward Snowden in 2013 and Cambridge Analytics in 2018, pointing to potential risks of informational instrumentalization and loss of digital sovereignty. The research adopts an exploratory and documentary approach, with technical audits in open source code hosted on GitHub and analysis of vulnerabilities related to authentication and data management. The results indicate that, although the system features advanced security mechanisms, such as Zero Knowledge Proofs (ZKP), uncertainties remain about governance, transparency, and the final destination of the information collected. It is concluded that the lack of transparency in the management of biometric data represents a strategic challenge for national defense and privacy protection on a global scale, requiring stricter regulations and international cooperation to balance technological innovation and security.
References
AEPD. Worldcoin commits to halting its activities in Spain. Available at: https://www.aepd.es/en/press-and-communication/press-releases/worldcoin-commits-to-stop-its-activity-in-spain. Accessed on: Oct. 13, 2025.
Akerlof, G.; Kranton, R. Identity Economics: How Our Identities Shape Our Work, Wages, and Well-Being. Harvard University Press, 2010.
Amnesty International. Uncovering the global spyware scandal: Pegasus Project revelations. London: Amnesty International, 2021. Available at: https://www.amnesty.org/en/latest/research/2021/07/pegasus-project-revelations/. Accessed on: Oct. 30, 2025.
ANPD. ANPD determines suspension of financial incentives for iris data collection. Available at: https://www.gov.br/anpd/pt-br/assuntos/noticias/anpd-determina-suspensao-de-incentivos-financeiros-para-arrecadação-de-íris. Accessed on: Oct. 13, 2025.
BBC News. Barack Obama defends US surveillance tactics. 2013. Available at: https://www.bbc.com/news/world-us-canada-22820711. Accessed on: Oct. 13, 2025.
BBC News. US confirms collection of Verizon phone records. 2013. Available at: https://www.bbc.com/news/world-us-canada-22793851. Accessed on: Oct. 13, 2025.
Ben-Sasson, E.; Chiesa, A.; Genkin, D.; Tromer, E.; Virza, M. Zerocash: Decentralized Anonymous Payments from Bitcoin. IEEE Symposium on Security and Privacy, 2014.
Blocknews. OpenAI's Sam Altman raises $290 million for cryptocurrency and startup fund Worldcoin. 2023. Available at: https://www.blocknews.com.br/financas-corporativo/sam-altman-da-openai-capta-us-290-milhoes-para-cripto-worldcoin-e-fundos-de-startup/. Accessed on: Oct. 13, 2025.
Bradshaw, S.; Howard, P. The Global Disinformation Order: 2019 Global Inventory of Organized Social Media Manipulation. Oxford: Oxford Internet Institute, 2019.
Brazil. Law No. 12,737, of November 30, 2012 – Carolina Dieckmann Law – Criminal classification of cybercrimes. Available at: https://www.planalto.gov.br/ccivil_03/_ato2011-2014/2012/lei/l12737.htm. Accessed on: Oct. 13, 2025.
Brazil. Law No. 12,965, dated April 23, 2014 – Brazilian Civil Rights Framework for the Internet. Available at: https://www.planalto.gov.br/ccivil_03/_ato2011-2014/2014/lei/l12965.htm. Accessed on: Oct. 13, 2025.
Brazil. Law No. 13,709, of August 14, 2018 – General Data Protection Law (LGPD). Available at: https://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm. Accessed on: Oct. 13, 2025.
Brazil. Law No. 14,155, of May 26, 2021 – Amends the Penal Code to classify cybercrimes. Available at: https://www.planalto.gov.br/ccivil_03/_ato2019-2022/2021/lei/l14155.htm. Accessed on: Oct. 13, 2025.
Cadwalladr, C.; Graham-Harrison, E. Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach. The Guardian, March 17, 2018. Available at: https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election. Accessed on: Oct. 30, 2025.
Clearview AI. Facial recognition and privacy violations in the EU. Euronews, 2021. Available at: https://www.euronews.com/my-europe/2021/12/16/facial-recognition-clearview-ai-breaks-eu-data-privacy-rules-says-french-watchdog. Accessed on: Oct. 30, 2025.
Clearview AI. Use of facial recognition by Clearview AI. n.d.
CoinMarketCap. Worldcoin (WLD) – Price, charts, and data. 2023. Available at: https://coinmarketcap.com/pt-br/currencies/worldcoin-org/. Accessed on: Mar. 18, 2025.
Couldry, N.; Mejias, U. The Costs of Connection: How Data is Colonizing Human Life and Appropriating It for Capitalism. Stanford: Stanford University Press, 2019.
Damasceno, G. WorldID Security Audit: Iris Biometrics, Zero-Knowledge Proofs, and the Risks of Global Digital Identity. 2025. Available at: https://medium.com/@gustavoxaviercontato/security-audit-of-worldid-iris-biometrics-zero-knowledge-proofs-and-the-risks-of-global-digital-1c5553f51fc7. Accessed on: Oct. 11, 2025.
Deibert, R. Reset: Reclaiming the Internet for Civil Society. Toronto: House of Anansi Press, 2020.
DeNardis, L. The Global War for Internet Governance. Yale University Press, New Haven, USA, 2020.
DeNardis, L. The Internet in Everything: Freedom and Security in a World with No Off Switch. Yale University Press, 2020.
Decrypt. France and Germany coordinate investigation into Worldcoin. Available at: https://decrypt.co/150473/france-germany-corrinate-worldcoin-investigation. Accessed on: Oct. 13, 2025.
Doneda, D. From privacy to personal data protection: elements of the formation of the General Data Protection Law. Rio de Janeiro: Forense, 2021.
ENISA. Guidelines on Securing Digital Identity Systems. European Union Agency for Cybersecurity, 2022.
Floridi, L. The Ethics of Information. Oxford University Press, 2013.
GitHub Worldcoin. Worldcoin Open Source Repositories. Available at: https://github.com/worldcoin. Accessed on: Oct. 13, 2025.
Goldfarb, A.; Tucker, C. Digital Economics. Cambridge, MA: National Bureau of Economic Research (NBER), 2019. Available at: https://www.nber.org/chapters/c15121.pdf. Accessed on: Oct. 30, 2025.
NSO Group. Spyware Pegasus. n.d.
Hardt, D. The OAuth 2.0 Authorization Framework. IETF RFC 6749, 2012.
Humby, C. Data is the new oil. 2006. Available at: https://randhirhebbar.medium.com/data-is-the-new-oil-but-are-we-making-the-most-of-it-e636fa30e9ce. Accessed on: Oct. 30, 2025.
Isaak, J.; Hanna, M. User data privacy: Facebook, Cambridge Analytica, and privacy protection. IEEE, 2018, 51(8). Available at: https://ieeexplore.ieee.org/abstract/document/8436400. Accessed on: Oct. 13, 2025.
Jr, A. WorldCoin case study. 2025. Available at: https://medium.com/@r3dd1t/case-study-worldcoin-1e8b351563ee. Accessed on: Oct. 11, 2025.
Kello, L. The Virtual Weapon and International Order. New Haven: Yale University Press, 2017.
Laney, D. 3D Data Management: Controlling Data Volume, Velocity, and Variety. META Group, 2001. Available at: http://blogs.gartner.com/doug-laney/files/2012/01/ad949-3D-Data-Management-Controlling-Data-Volume-Velocity-and-Variety.pdf. Accessed on: Oct. 11, 2025.
Liboreiro, J.; Huet, N. European Commission bans its staff from using TikTok over China cybersecurity concerns. Euronews, Feb. 23, 2023. Available at: https://www.euronews.com/next/2023/02/23/european-commission-bans-its-staff-from-using-tiktok-over-china-cybersecurity-concerns. Accessed on: Oct. 30, 2025.
Mayer-Schönberger, V.; Cukier, K. Big Data: A Revolution That Will Transform How We Live, Work, and Think. Houghton Mifflin Harcourt, Boston, USA, 2013.
Monteiro, R. Challenges of the National Data Protection Authority in Brazilian digital governance. Brazilian Journal of Digital Law, v. 8, n. 2, 2023.
Narayanan, A.; Bonneau, J.; Felten, E.; Miller, A.; Goldfeder, S. Bitcoin and Cryptocurrency Technologies. Princeton University Press, 2016.
Nilekani, N. Data has become the new oil, says Nilekani. The Times of India, 2017. Available at: https://timesofindia.indiatimes.com/business/india-business/data-has-become-the-new-oil-says-nilekani/articleshow/59703145.cms. Accessed on: Oct. 30, 2025.
NPC Observer. China's National Intelligence Law. 2017. Available at: https://npcobserver.com/legislation/national-intelligence-law/. Accessed on: Oct. 13, 2025.
Nye, J. S. Do Morals Matter? Presidents and Foreign Policy from FDR to Trump. Oxford: Oxford University Press, 2021.
Palantir Technologies. Government Partnerships Overview. n.d. Available at: https://www.palantir.com/government. Accessed on: Oct. 30, 2025.
Putri. These are 8 countries banning Worldcoin: from Spain to Indonesia. Tempo, 2025. Available at: https://en.tempo.co/read/2004666/these-are-8-countries-banning-worldcoin-from-spain-to-indonesia. Accessed on: Oct. 17, 2025.
Rid, T. Cyber War Will Not Take Place. Oxford University Press, London, United Kingdom, 2013.
Silva, J. Critical infrastructure and cybersecurity in Brazil. Revista Defesa & Sociedade, v. 5, n. 1, 2022.
Silva, R.; Almeida, J.; Souza, T. Deep learning approaches for real-time video processing. IEEE Trans. Image Process., 2023, 32, 1234–1245. Available at: https://ieeexplore.ieee.org/document/10006664/. Accessed on: June 2025.
Swissinfo. OpenAI wins US$200 million contract with the US Army. Available at: https://www.swissinfo.ch/por/openai-obt%C3%A9m-contrato-de-us$-200-milh%C3%B5es-com-o-ex%C3%A9rcito-americano/89530738. Accessed on: Oct. 20, 2025.
TechCrunch. Kenya suspends Worldcoin scans due to security, privacy, and financial concerns. 2023. Available at: https://techcrunch.com/2023/08/02/kenya-suspends-worldcoin-scans-over-security-privacy-and-financial-concerns/. Accessed on: Oct. 13, 2025.
The Guardian. NSA files: decoded – what the revelations mean for you. 2013. Available at: https://www.theguardian.com/world/interactive/2013/nov/01/snowden-nsa-files-surveillance-revelations-decoded#section/1. Accessed on: Oct. 13, 2025.
Trail of Bits. WorldCoin Security Review. 2023. Available at: https://worldcoin.org/security. Accessed on: Oct. 13, 2025.
UOL/TILT. Who is behind the company that pays to scan people's irises? 2025. Available at: https://www.uol.com.br/tilt/noticias/redacao/2025/01/20/quem-esta-por-tras-da-world.htm. Accessed on: Oct. 13, 2025.
World Economic Forum. Personal data: The emergence of a new asset class. Geneva: World Economic Forum, 2011. Available at: https://www.weforum.org/reports/personal-data-emergence-new-asset-class. Accessed on: Oct. 30, 2025.
World.org. How will the World Wide Web comply with laws regulating the collection and transfer of biometric data? Available at: https://world.org/pt-br/faqs. Accessed on: Oct. 13, 2025.
World.org. What is World Chain and why do I need to migrate to it? Available at: https://support.world.org/hc/pt-br/articles/34190114835475. Accessed on: Oct. 13, 2025.
World.org. Open Source. n.d. Available at: https://world.org/pt-br/open-source. Accessed on: Oct. 13, 2025.
World.org. User Terms and Conditions. n.d. Available at: https://worldcoin.org/terms. Accessed on: Oct. 13, 2025.
World.org. Unique Humans. n.d. Available at: https://world.org/pt-br. Accessed on: Oct. 13, 2025.
World.org. World ID. n.d. Available at: https://developer.worldcoin.org. Accessed on: Oct. 13, 2025.
World.org. WorldCoin Project Data Dashboard. n.d. Available at: https://worldcoin.org. Accessed on: Oct. 13, 2025.
WorldCoin. Whitepaper: Introducing the WorldCoin Protocol. 2023.
Zuboff, S. The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power. PublicAffairs, 2019.
Zyskind, G.; Pentland, A. Decentralizing Privacy: Using Blockchain to Protect Personal Data. IEEE Security and Privacy Workshops, 2015.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Revista Interdisciplinar de Pesquisa em Engenharia
This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.
Given the public access policy of the journal, the use of the published texts is free, with the obligation of recognizing the original authorship and the first publication in this journal. The authors of the published contributions are entirely and exclusively responsible for their contents.
1. The authors authorize the publication of the article in this journal.
2. The authors guarantee that the contribution is original, and take full responsibility for its content in case of impugnation by third parties.
3. The authors guarantee that the contribution is not under evaluation in another journal.
4. The authors keep the copyright and convey to the journal the right of first publication, the work being licensed under a Creative Commons Attribution License-BY.
5. The authors are allowed and stimulated to publicize and distribute their work on-line after the publication in the journal.
6. The authors of the approved works authorize the journal to distribute their content, after publication, for reproduction in content indexes, virtual libraries and similars.
7. The editors reserve the right to make adjustments to the text and to adequate the article to the editorial rules of the journal.
