> For the complete documentation index, see [llms.txt](https://worlddao.gitbook.io/worlddao-white-paper/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://worlddao.gitbook.io/worlddao-white-paper/technical-implementation/privacy.md). # Privacy Privacy is the bedrock on which Worldcoin is built, and contributors to the project are committed to raising the bar far beyond today's best practices and ensuring that privacy is accessible to everyone. [On a high level, custom hardware (like the Orb) enables the most privacy-preserving solution for proof of personhood (such as World ID)](https://vitalik.ca/general/2023/07/24/biometric.html). Getting privacy right, however, requires deliberate effort and additional work ‐ and the results must be demonstrable if they're to be trusted. This section explains in advanced technical detail how privacy is preserved in the different parts of the Worldcoin ecosystem. 1. A user-friendly introduction to privacy can be found in the [Privacy page](https://worldcoin.org/privacy). 2. An intermediate high-level overview on privacy for the more curious readers can be found in the [Solving for Privacy](https://worldcoin.org/blog/worldcoin/solving-for-privacy-worldcoin-approach-keeping-information-safe) blog post. Most of the Worldcoin protocol's critical systems are designed in such a way that privacy cannot be compromised, even by any of the protocol’s contributors. This is achievable using cryptographically provable mechanisms such as Zero-Knowledge Proofs (ZKPs). Worldcoin uses ZKPs to make it mathematically impossible to link usage of World ID across applications. Privacy protections such as these go beyond regulatory requirements.

Privacy Screen on World App. A user can very easily request deletion of all their personal data with just a few taps in the World App.

[**Anyone can use the World App and their World ID fully pseudonymously.**](https://whitepaper.worldcoin.org/#anyone-can-use-the-world-app-and-their-world-id-fully-pseudonymously) Users don't have to provide personal information to register. No emails, no phone numbers, no social profiles, no names, everything is optional. [**ZKPs are used to preserve the user's privacy and avoid cross-application tracking.**](https://whitepaper.worldcoin.org/#zkps-are-used-to-preserve-the-users-privacy-and-avoid-cross-application-tracking) Whenever a user makes use of their World ID, ZKPs are used to prove they are a unique human. This means that no third-party will ever know a user's World ID or wallet public key, and in particular cannot track users across applications. It also guarantees that using World ID is not tied to any biometrical data or iris codes. When one wants to prove they are a unique human, they should be able to do so without revealing any personal information about themselves. #### [Personal Custody](https://whitepaper.worldcoin.org/#personal-custody) Personal data custody, or Personal Custody, means that the information (images, metadata and derived data including the iris code) is held on a user’s device. This approach gives users control over the flow of this data—not just deletion, but any future use prior to being deleted. Previously,the images were deleted by default. In addition to giving users control, Personal Custody unlocks new World ID use cases by enabling Face Authentication for high security applications. With Face Authentication, users can verify at any time that they are the same person that received their World ID when verifying at an orb. Importantly, this Face Authentication functionality works locally on the user's device, without their face data leaving their phone. For Worldcoin, giving users control over their data flow with Personal Custody is a significant step towards solidifying the project’s user-centric architecture and building an even more robust and secure World ID network. At a high level, Personal Custody involves four components: user’s device, the orb, a data package containing the user’s images and the Orb backend for transit. Importantly, the backend cannot decrypt a user’s data package. Here’s how the Personal Custody process works: 1. A user’s phone generates a public-private key pair to encrypt their data, then transfers the public key to the backend. 2. The backend generates additional keys for all data that requires double encryption and passes the public keys to the orb. 3. During verification, the orb creates the necessary images to verify a user’s World ID. 4. The orb then creates the user’s individual data packages that includes the images and derivatives like the iris code created from these images, encrypts them, “signs” them to ensure authenticity and security, and sends them through the Orb backend to the user’s device. 5. Once the user’s encrypted data packages are downloaded to the user’s phone they are deleted from the Orb and Orb backend. Since the data package is encrypted by the user’s public key, the end result of this process is a collection of encrypted data packages that reside exclusively on the user’s device. The use of double encryption within the end-to-end encryption envelope is a safeguard to protect the confidentiality and privacy of a user’s data in the event the user’s phone is compromised. Note! The process described above relates to Personal Custody, not the entire Worldcoin system. The iris code is not deleted from the Worldcoin backend. Rather, the iris code is persistently encrypted and permanently stored to ensure a permanent proof of uniqueness. The iris code will not be deleted from the Worldcoin backend, even if a user requests deletion. To summarize Personal Data Custody: 1. Users are in control of their data flow. 2. All images and image derivatives are packaged, encrypted, and “signed” by the Orb to ensure authenticity and security, then sent to the user’s phone through the Orb backend server (importantly the Orb-backend cannot decrypt the data). 3. The data package is then deleted from the Orb and Orb-backend. 4. No data collected, including images taken by the Orb has or will ever be sold. Nor will it be used for any other intent than to improve World ID. The Worldcoin Foundation is bound to this commitment through the [data consent form](https://vault.pactsafe.io/s/8a18d792-fd76-44db-9b92-b0bb7981c248/legal.html#contract-syn0uxpen) where it states: “**We will never sell your data**. We will also not use any data listed in this form to track you or to advertise third parties’ products to you,” and that “We will not sell, lease, trade, or otherwise profit from your biometric data.” #### [The Iris Code](https://whitepaper.worldcoin.org/#the-iris-code) As [discussed](https://whitepaper.worldcoin.org/#biometrics), the iris code is a numerical representation of the texture of a person's iris. It holds the property that it can be compared against different images of the same iris to determine whether the images came from the same iris. The iris code cannot be a simple hash of the texture of the iris. This is because two pictures of the same iris will not be exactly the same. A myriad of factors change (lighting, occlusion, angle, etc.) in image capturing and a tiny change would lead to a different hash. With the iris code, those factors only lead to slightly modified Hamming distance between two codes which permits fuzzy comparison of irises. If the distance is below a certain threshold, the images are assumed to be from the same iris. The iris code is computed by applying a set of 2D Gabor filters at various points of the iris texture, which leads to complex-valued filter responses. Only the phase information of the filter responses is taken into account (which means there is permanent information loss) and subsequently quantized in two bits. In other words: For each [Gabor wavelet](https://whitepaper.worldcoin.org/#iris-feature-generation-with-gabor-wavelets-2) and each point of interest in the iris texture two bits are computed. Concatenating all these bits makes up the iris code.
Fig. 3.37: An example iris code. In red, a second array can be seen that represents the mask applied to the image, these are pixels of the image that don't represent part of the iris texture, like eyelids, which are of course ignored when computing the Hamming distance between irises. To date, there is no known way to [reverse engineer an image](https://arxiv.org/pdf/2007.15850.pdf) that exactly matches the appearance of the input image. It is technically possible to generate an image from an iris code that generates the same iris code (if the same parameters for the Gabor wavelets are used, which are different for every system), but the image will look different from the actual image, mainly because of the information loss when generating the iris code. Two important privacy assumptions ought to be underscored. First, private keys need to remain private, as otherwise, a user can deanonymize themselves, even to actions they have performed in the past. Second, while the Protocol is made to be used in a privacy-preserving manner, privacy cannot be enforced outside of the Protocol. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://worlddao.gitbook.io/worlddao-white-paper/technical-implementation/privacy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.