Worldcoin Lands in Taiwan! Invite 10 People and Earn NT$10,000—Why I’m Not Yet Recommending Iris Scanning

GM,
Welcome to all the new members who joined over the past few days! Two years ago, I asked everyone a question:
“If someone stood in the plaza of Taipei Main Station holding a shiny metal orb, scanning people’s eyes and offering an unknown cryptocurrency as a reward—would you participate or call the police?”¹²³
That very orb—developed by WorldCoin, the iris-scanning startup co-founded by OpenAI’s Sam Altman (later rebranded as “World”)—just made the cover of TIME magazine. And last week, this highly recognizable metal sphere officially landed in Taiwan. You can now visit Taipei Ark, Taipei Dome, or the Taipei Innovation Center to have your iris scanned and claim your $WLD tokens.

Some people have already started writing blog posts sharing their experiences and referral codes. At the current rate, a single iris scan can earn you 40 $WLD tokens, roughly equivalent to NT$1,200. The referral bonus is even more attractive—each user can invite up to 10 people, earning about NT$1,000 in $WLD per referral, while the referred person receives around NT$300. In total, a single person can make up to NT$10,000.
Many people say, “Our privacy is already compromised—what’s one more iris scan?” But very few truly understand what happens to your data once you lean in toward that silver metal orb. How is the information processed, and where might it end up? This article breaks down the technology behind World and explains why I haven’t gone to scan my eyes—yet.
Verifying Humanity
In the early days of the internet, people often stumbled upon truths unintentionally. A famous 1993 New Yorker cartoon, captioned “On the Internet, nobody knows you're a dog,” pointed out the web’s lack of identity verification—after all, you could be talking to a dog and not even know it. While dogs may not be browsing the internet, we’ve recently encountered a new kind of non-human user: AI. With rapid advancements in AI capabilities, there’s a growing chance that we’re already chatting, befriending, or even battling AIs in games—without realizing it.

Imagine spending weeks building a connection with someone online, only to find out you can never meet them in person—because they’re actually an AI. Or winning several rounds in a shooting game, only to realize your opponent wasn’t even human. It’s hard not to feel deceived or empty. That’s exactly why, as AI grows more powerful, the need to “verify real humans” becomes increasingly critical.
Some websites add CAPTCHA tests, asking users to identify sidewalks, motorcycles, traffic lights, and so on, to filter out bots. But recent research shows that AI can now solve Google’s reCAPTCHA v2 with a 100% success rate. In other words, we may be heading toward a future where only humans get stuck—while bots pass through effortlessly.

The ideal form of identity verification should be simple for humans but difficult for bots. Biometric features fit this criteria perfectly—humans have them, AI doesn't. Compared to fingerprints, facial features, or even DNA, the iris is uniquely difficult to replicate, making it one of the most secure forms of identification. John Daugman, the Cambridge professor who invented iris recognition, once tested the technology on his own sheep. He discovered that even identical twins or cloned animals had entirely distinct irises.
Iris scanning technology has existed since the 1990s, but it never went mainstream. High costs of optical equipment and privacy concerns were the main barriers. Mishandling biometric data can lead to PR disasters, and even if the technology is mature, few companies have dared to openly promote “Let us scan your eyeballs.” That is, until Sam Altman—unfazed by controversy and backed by strong fundraising power—launched World.
The media has often criticized World as a “privacy-for-token” social experiment. After scanning your eyes, you receive some $WLD tokens—whose value fluctuates—but gain little else. However, public perception has recently started to shift. In its latest product launch, World announced partnerships with gaming brand Razer and dating app Tinder to introduce the “World ID” verification service. Users who have scanned their irises can now receive a “Proof of Personhood” badge on these platforms. It marks World ID’s first steps out of the lab and into real-world applications.
As World ID gains broader usage, people might stop mocking iris scanning as “selling your eyeballs,” and start saying: “If I can verify my identity and earn some money while doing it, why not?”
Although “selling your irises” is a catchy phrase, it’s technically inaccurate. World never stores users’ iris images—so there’s nothing to sell in the first place.
Privacy Protection
I've broken down the process of generating a World ID from an iris scan into three steps: scanning, matching, and identity creation.
Step 1: Scanning
The circular device known as the “Orb” captures a high-resolution photo of the user’s iris. This photo never leaves the device. Instead, it is immediately converted locally into a unique, random-looking code called an IrisHash. This functions like a national ID number—everyone gets a unique identifier, but you cannot reverse-engineer it to reveal the original image. Once the photo is converted, it is permanently deleted and cannot be restored.
Step 2: Matching
The system compares the newly generated IrisHash against all existing entries in the database to check if the user has already registered. Because each scan may vary slightly due to differences in angle or lighting, the resulting hash will also differ. That’s why the system must evaluate the similarity between hashes. Unlike standard online hashing algorithms like SHA256—which drastically change the result with even a tiny input difference—World uses a specialized biometric hashing method that produces comparable results. Even though the hash cannot be reversed to retrieve the original image, the system can still determine whether two different hashes originate from the same pair of eyes. This step is the most technically impressive part of the entire process.
Step 3: Creating a World ID
If the system confirms that it’s your first time scanning, it will generate a unique World ID for you on the blockchain using a public-private key pair. Once that’s done, you’re all set! You can now use your World ID to prove you’re a real human and claim $WLD tokens—without needing to scan your eyes again.
Using it is straightforward. Recently, World released a plugin for the e-commerce platform Shopify to help merchants prevent people from using multiple accounts to repeatedly claim discount codes. Traditionally, platforms had to rely on email or phone number verification to avoid abuse. But now, merchants can require customers to pass a World ID check to access “human-only” promotions.

During the verification process, platforms cannot access any personal user data. Instead, a method called zero-knowledge proof allows the system to confirm that you are a real person and not registered multiple times—without ever learning your identity. It’s like proving “I am over 18” without showing your ID.
From a technical standpoint, World’s privacy protection measures are exceptionally robust: iris photos never leave the device; data is compared using irreversible hash values; the resulting World ID bears no connection to your original biometric data; and all of it is reinforced by zero-knowledge proof. In theory, no one can reconstruct your iris image, nor can anyone trace your World ID back to your real identity.
But here’s the catch: how do we know World is really doing what it claims?
The Insider Threat
Encryption is like a home safe—it keeps strangers out, but can’t stop an inside job. Take the example of Lin Ruei-xiang 4, founder of the dark web marketplace “Incognito Market.” He recently demonstrated how he “cracked” the PGP encryption system—not by breaking the encryption algorithm itself, but by planting a backdoor in the system that let him secretly read all encrypted messages.
That’s why I care deeply about whether World is truly open source. If critical components are closed off, the World team could quietly save iris photos along the way, and no one would know. Open-sourcing is like putting the entire production line on public display—not only can everyone see how things are designed, but AI or engineers can also help audit the process to ensure nothing shady is going on.
Most importantly, once the blueprint is public, anyone can build their own compatible device—or purchase a third-party machine—to scan their iris and generate a World ID. That’s real decentralization, and it makes abuse much harder.
Fortunately, World seems to understand this. They’ve proactively published a public open-source progress chart, clearly indicating which components have already been opened and which are still closed. In the chart below, green lights represent open-source software and hardware modules, while yellow lights mark the parts that remain proprietary.

Take the already open-sourced hardware as an example: the Orb’s schematics and circuit diagrams have been uploaded to GitHub. Anyone with the technical skills can follow the blueprints to build an iris-scanning device identical in design and specifications. However, hardware is just the first step. The real key lies in the core systems responsible for iris data conversion and identity verification—which have not been fully open-sourced. As a result, we still can't confirm whether World is truly operating according to its stated design.
Ideally, once all the yellow lights turn green, people will be able to choose their own trusted devices and identity wallets. Even if World shuts down one day, users could still continue using the system. That would be a truly decentralized identity verification mechanism.
Though I understand that scanning early means earning more $WLD—and if we’re going to do it eventually, why not start collecting rewards sooner?—I'm waiting for two things: First, full open-sourcing to reduce the risk of hidden backdoors;
Second, broader adoption of World ID by mainstream platforms to ensure it has real-world utility. When the practical use of identity verification outweighs the lure of token incentives, that’s when I’ll be ready to scan my iris.
By then, the referral rewards will probably be gone. But if the world’s best handgun and bulletproof vest were both made by the same company, it’s hard not to feel a little uneasy.
P.S. This is the 695th article. Blocktrend is planning to launch a lifetime membership subscription with the 700th article, while also adjusting subscription rates to $10 USD/month or $100 USD/year. The new pricing will only apply to new subscribers or those who cancel and later resubscribe. Current subscribers will retain their original rates.
When Blocktrend moved to Substack five years ago, many readers linked their credit cards and have supported the publication ever since. Given that credit cards typically have a five-year validity, we're now entering a peak period for card expirations.
To those who choose to unsubscribe, I sincerely thank you for your past support.
To those willing to update their card and join me for the next five years, I’m even more grateful.
Click here to check your current subscription status.
1 Worldcoin: Universal Basic Income Funded by AI
2 Worldcoin Token Launch: Why Does Scanning Your Iris Earn You Crypto?