World ID by Sam Altman: Iris-Scan-Based Human Verification Protocol Explained

• World ID uses iris-scanning "Orb" to generate anonymized IrisCode, proving unique personhood via zero-knowledge proofs.
• The Orb deletes iris images, employs cryptography and blockchain to secure identity without storing personal biometric data.

In an era when distinguishing humans from AI bots online is becoming increasingly important, World ID, developed by Tools for Humanity, co-founded by Sam Altman, provides a solution. This iris-scanning biometric protocol generates a secure, privacy-preserving digital identity that verifies a person's "humanness" and uniqueness without requiring personal information such as names or email addresses. With over 26 million users worldwide by May 2025, World ID aims to combat fraud, misinformation, and identity issues while also enabling applications such as universal basic income (UBI), secure logins, and access to services. Its global reach, innovative technology, and bold vision make it a transformative force; however, how does it work, and what challenges await?

The Technology Behind World ID

World ID is based on the Orb, a spherical biometric device that uses multispectral sensors and infrared light to take high-resolution images of a user's irises and facial features in seconds. The Orb processes these images on-device to generate an IrisCode, a one-of-a-kind cryptographic hash derived from the intricate, highly individualized texture of the iris that can distinguish identical twins. Unlike raw images, the IrisCode is an abstract, anonymized code that cannot be reverse-engineered, providing security. By default, the Orb deletes the original images to protect privacy, but users can opt in to temporary storage for algorithm improvements.

The IrisCode is compared to the World Chain, a global blockchain-based database, to ensure that the user has not previously registered. This "one-to-N" check uses zero-knowledge proofs (ZKPs) via the open-source Semaphore protocol to confirm uniqueness without involving personal data. This cryptographic method ensures that third parties only receive confirmation of human identity, not sensitive information. If the IrisCode is unique, the user is assigned a World ID, which is stored locally on their device using apps such as the World App and serves as a digital passport for seamless authentication on platforms such as Reddit, Discord, Shopify, or Tinder.

Also Read: Sam Altman Warns AI Could Cut Demand for Software Engineers

Privacy is at the heart of World ID's design. ZKPs prevent the disclosure of biometric information, ensuring that apps only verify a user's humanness. IrisCodes are fragmented and distributed across secure servers to reduce the risk of a breach, and the World Chain's decentralized structure eliminates single points of failure. The protocol's open source nature encourages public audits, which fosters trust. The Orb also includes age detection, which prevents users under the age of 18, allowing platforms to verify age while protecting younger users. Regular security updates and third-party audits strengthen the system's defenses against potential vulnerabilities.