The Orb FAQs

What is the orb?

The orb is a custom, state-of-the-art hardware device built for the Worldcoin project to verify humanness and uniqueness in a secure and privacy-preserving way. It was developed by Worldcoin contributor Tools for Humanity (TFH).

The orb is used to verify a person’s World ID—a private, secure, digital passport that empowers millions of individuals to prove they’re human online. 

It does this by first using highly specialized sensors to ensure the person standing in front of it is a human. It then takes and processes a series of iris images to create an iris code, which is a digital representation of the texture of the iris. The iris code is used to verify that the person is unique and has not verified a World ID before.

All information is always deleted from the orb, including images, once it has been sent to the person’s device.

• Learn more about how iris codes are securely protected using an SMPC system. 
• Learn more about how iris codes can be deleted upon request.

Yes. Built into the orb’s hardware are diverse privacy and security features designed to ensure that no data can be accessed by anyone unauthorized to do so. 

These include two unique cryptographic keys both permanently burned into the orb’s hardware: one which is provisioned into the main CPU prior to manufacturing and another located in a secure element that cannot be exported. The orb will not operate unless both keys are valid and their environments are intact, and no code can run on it without a cryptographic signature.

Additional orb hardware and backend data security protections include:

• Asymmetric data encryption at the orb
• RAM-only data processing
• Solid-state drive (SSD) encryption “at rest” 
• Data encryption in transit from the orb to secure servers
• Use of secure, EU-based AWS and MongoDB servers for data storage of iris codes

This list is not exhaustive. It’s instead intended to demonstrate the seriousness with which privacy and data security are handled at the orb. Security features are continually being evaluated and enhanced by TFH to ensure the integrity of the Worldcoin project.

• Read more in the Technical Implementation section of the Worldcoin whitepaper.
• Learn more about Worldcoin privacy.
• Learn more about Worldcoin data security.

Yes. Regular audits are performed by trusted, third-party auditors to validate the orb’s privacy and security claims.

Most recently, TFH, in conjunction with the Worldcoin Foundation, engaged the respected security experts at Trail of Bits to conduct a specialized audit of the orb’s software.

• Read the orb’s independent privacy and security audit report. 

Yes. Many core components of the orb’s hardware and software are already open sourced and freely available on GitHub. More will be open sourced in the future.

• Access the orb’s open source hardware repository.
• Access the orb’s open source software repository.