News WorldCoin Attracts 2 Million Users, Hundreds Line-up To Stare at the Orb

[Admin]

Proof of Personhood can also net you a $50 return and promise you an anonymized world identity ID, there may be reasons to accept.

WorldCoin Attracts 2 Million Users, Hundreds Line-up To Stare at the Orb : Read more

 

[bit_user]

I wouldn't give up my biometric information unless/until I had a very compelling reason to do so. Unlike a password, you can't just change your eyeballs if your info gets hacked.

Also, increased use of biometrics just means we're going to see more cases of identity theft involving actual kidnapping. If you like that idea and ever expect to have enough assets to make it worth someone's while, then go right ahead.

 

[rluker5]

I wouldn't give up my biometric information unless/until I had a very compelling reason to do so. Unlike a password, you can't just change your eyeballs if your info gets hacked.

Also, increased use of biometrics just means we're going to see more cases of identity theft involving actual kidnapping. If you like that idea and ever expect to have enough assets to make it worth someone's while, then go right ahead.

Right now your file of biometric data the DHS has is being transferred to the cloud in the care of Amazon Web Services. https://nypost.com/2020/05/07/homeland-security-to-move-biometric-database-to-amazon-cloud/
It hit a few snags along the way when the company tasked with doing this - Northrop Grumman's relevant part was bought by some company Peraton, founded in 2017 by Veritas Capital - itself founded in 1992 and has 114 employees.

If you read the wiki on these it looks like our biometric data has just been tossed to the sharks. But I've probably just been playing too much CP2077 in anticipation of the DLC.

The less of it that gets migrated to the cloud the better. What are the odds that this "well meaning" biometric data collection startup gets picked like a ripe berry as soon as it has finished collecting? Apparently there are some pretty deep pockets out there.

 

[hotaru251]

I am all for a better "personal ID" that makes it harder to steal an identity, but giving ur data up to a random company to do w/e with for just $50? stupid.

 

[bit_user]

Right now your file of biometric data the DHS has is being transferred to the cloud in the care of Amazon Web Services. https://nypost.com/2020/05/07/homeland-security-to-move-biometric-database-to-amazon-cloud/

Let's be realistic, though. The only data they would have on me is a photo from my Real ID drivers license and passport photo.

I obviously had no choice, in that matter. However, I never provided anyone with an iris scan, and I'm not about to unless there's an extremely compelling reason to do so.

 

[wbfox]

Well, they all....around. Now they're gonna find out. No, you shouldn't feel even the slightest amount of pity when it happens either. They went in to this...eyes wide open....

 

[Arbie]

Anybody considering crypto-anything should visit Molly White's excellent blog "Web3 Is Going Just Great". There's an almost daily cadence of scams, rug-pulls, exploits, thefts, hacks, bankruptcies etc - generally for tens of millions of dollars. And this has been going on for years. It's amazing that there are still some folks who haven't been robbed.

 

[Giroro]

If a company has information, then the government has it too.
What information? All of it.
Which government? All of them.

 

[rluker5]

Let's be realistic, though. The only data they would have on me is a photo from my Real ID drivers license and passport photo.

I obviously had no choice, in that matter. However, I never provided anyone with an iris scan, and I'm not about to unless there's an extremely compelling reason to do so.

You have a passport so I'm guessing you go through immigration. How do you know you aren't giving an iris scan when they make you stand in front of the camera for a few seconds? They wouldn't let me keep my glasses on for some reason, even though any normal person can see right through them. They are at least getting a real thorough face scan. You know AI is just getting better at enhancing pics for recognition. Voice mapping can be done as well.

Also I give 3 blood samples every year for an annual physical. Seems like a lot for their uses. And got fingerprinted through boy scouts. And when I go to the optometrist I get the impression that after I've used their eye computer thing they are just putting on a show, going through the motions. They can collect a lot.

But I'm just playing devil's advocate. I avoid giving biometrics as well. When I knowingly can at least.

If you want a laugh, here's a CRS document that goes south entertainingly quickly. It is barely 3 pages:

https://crsreports.congress.gov/product/pdf/IF/IF11783

 

[sitehostplus]

I wouldn't give up my biometric information unless/until I had a very compelling reason to do so. Unlike a password, you can't just change your eyeballs if your info gets hacked.

Also, increased use of biometrics just means we're going to see more cases of identity theft involving actual kidnapping. If you like that idea and ever expect to have enough assets to make it worth someone's while, then go right ahead.

Why do kidnapping when you can just hack the database, steal the digital biometric info from said database, and use that to hack into anything you want?

 

[bit_user]

If a company has information, then the government has it too.
What information? All of it.
Which government? All of them.

This is definitely crossing a line into misinformation. Different countries have varying degrees of legal process and different constraints on whose data they can access and under what circumstances, but it's not as you say.

 

[bit_user]

You have a passport so I'm guessing you go through immigration. How do you know you aren't giving an iris scan when they make you stand in front of the camera for a few seconds?

Because I know a few things about iris scanners, including someone who actually built one in a bid for a military contract. I wouldn't say it's outright impossible, but highly unlikely.

They wouldn't let me keep my glasses on for some reason, even though any normal person can see right through them.

Because glasses affect the accuracy of facial recognition systems. I have firsthand experience testing & deploying some of them.

Also I give 3 blood samples every year for an annual physical. Seems like a lot for their uses. And got fingerprinted through boy scouts. And when I go to the optometrist I get the impression that after I've used their eye computer thing they are just putting on a show, going through the motions. They can collect a lot.

This is all straight-up paranoia. The government would need to issue a specific warrant for them to collect such samples or data from anyone who has it, and I rather doubt your optometrist retains the raw retinal scan images.

As for the 3 blood samples, it's quite likely because they send the samples off to different labs to run different subsets of the tests they do. All that would be needed for collecting DNA is a couple drops of blood, so I don't follow why it makes any difference how much is collected.

BTW, I don't recall ever giving fingerprint samples, in Boy Scouts. I'm guessing you were involved as a adult troop leader, and they wanted to run a background check on you?

 

[bit_user]

Why do kidnapping when you can just hack the database, steal the digital biometric info from said database, and use that to hack into anything you want?

The "hacking" approach exists as a theoretical possibility and one that's unavailable to the vast majority of criminals out there. But, if they can just kidnap you and make you unlock your account at gunpoint, that's something most of them can manage.

 

[Evildead_666]

Your iris is unique > the encryption process generates a unique hash > your iris being scanned again would generate the same hash > you're already here, human, go away.

Its an image of your iris though.
It has a limited number of pixels.
There's no way two images of your iris are going to be identical, so the hash would be different...
That's what I mean
They'd need to take multiple images of your iris to be able to get a perfect comparison each time.
Not sure how many, but for fingerprints, they don't just take one. as far as i'm aware.
😉

 

[bit_user]

Its an image of your iris though.

No, it's not. They said the images are deleted and only the "hash" remains.

It has a limited number of pixels.
There's no way two images of your iris are going to be identical, so the hash would be different...

Hash is a poor word. It's not actually a hash, because hashes lack stability. Like I explained, these types of systems typically use high-dimensional vector of real numbers. The vector contains stable features, so that they match reliably.

They'd need to take multiple images of your iris to be able to get a perfect comparison each time.

Think of it like face recognition. A face recognition system doesn't need to see a face with exactly the same lighting, angle, and lens to recognize it.

 

[Evildead_666]

ah, I didn't understand that.

I didn't think that would be an issue (your iris is always the same irrespective of how big your pupil is), so I'd assume there are tolerances or at least that that's been taken into account.

Maybe @bit_user knows whether that's a problem?

They'd have to take at least 5 or 10 images to be sure to be able to recognize it accurately every time, or 99% of the time even...
Yeah, bit_user seems to have some knowledge of this, maybe he can help here.

 

[Evildead_666]

No, it's not. They said the images are deleted and only the "hash" remains.


Hash is a poor word. It's not actually a hash, because hashes lack stability. Like I explained, these types of systems typically use high-dimensional vector of real numbers


Think of it like face recognition. A face recognition system doesn't need to see a face with exactly the same lighting, angle, and lens to recognize it.

Ahh, hadn't thought of it like that.
Thanks for the explanation

 

[bit_user]

@Evildead_666 , maybe this will help:

Magazine – Ars Futura - Face Recognition with FaceNet and MTCNN

Jump in as we introduce a simple framework for building and using a custom face recognition system.

arsfutura.com

 

[Evildead_666]

@Evildead_666 , maybe this will help:

​

Magazine – Ars Futura - Face Recognition with FaceNet and MTCNN

Jump in as we introduce a simple framework for building and using a custom face recognition system.

arsfutura.com

​

That was a very interesting read.
Thank you very much for that
I learned something new today

 

[sitehostplus]

The "hacking" approach exists as a theoretical possibility and one that's unavailable to the vast majority of criminals out there. But, if they can just kidnap you and make you unlock your account at gunpoint, that's something most of them can manage.

They could also kidnap you, and make you log into your online bank account at gunpoint too. Nothing new there, except for the use of biometric data.

There are also ways to hire a hacker, but since this is Tom's Hardware, I'm not going to divulge how it's done.

 

[bit_user]

They could also kidnap you, and make you log into your online bank account at gunpoint too. Nothing new there, except for the use of biometric data.

Well, if we're to believe the new system will be secure, then kidnapping would be more necessary for identity thieves than it currently is.

 

[sitehostplus]

Well, if we're to believe the new system will be secure, then kidnapping would be more necessary for identity thieves than it currently is.

Not really,

The only real difference is you don't have to memorize complex passwords on the many sites you do visit. Just flash your eyeball, and you're logged in.

It's a convenience more than anything.

 

[bit_user]

The only real difference is you don't have to memorize complex passwords on the many sites you do visit. Just flash your eyeball, and you're logged in.

Somebody can steal your password without ever meeting you. However, if they can't hack the authentication system, then they need you to flash your eyeballs. On the flip side, if they do hack it, then potentially you need a new set of eyeballs.

Having said that, I do think there's a way they could change the feature-extraction algorithm and give you a new signature. The system would need to remember that the old signature is no longer valid. Whether they offer these sorts capabilities remains to be seen, but hacks would certainly be troublesome and expensive.

 

[jp7189]

Somebody can steal your password without ever meeting you. However, if they can't hack the authentication system, then they need you to flash your eyeballs. On the flip side, if they do hack it, then potentially you need a new set of eyeballs.

Having said that, I do think there's a way they could change the feature-extraction algorithm and give you a new signature. The system would need to remember that the old signature is no longer valid. Whether they offer these sorts capabilities remains to be seen, but hacks would certainly be troublesome and expensive.

Presumably, since you have to flash your eye balls every time you transact, there are lots of opportunities for apps or even fake terminals to intercept the data without a user knowing. That's a whole lot easier than the kid napping route.

 

[bit_user]

Presumably, since you have to flash your eye balls every time you transact, there are lots of opportunities for apps or even fake terminals to intercept the data without a user knowing.

It's no easier than intercepting a password. The problem is that you have only one set of eyeballs, whereas a password can be changed. Also, if this ends up being a universal authentication system, as they seem to be planning, then it raises the stakes for such exploits vs. grabbing just a couple passwords for random websites.

That's a whole lot easier than the kid napping route.

The key question is exactly what is sent to the authentication provider? Either they need to distribute the deep learning model to every app & device capable of authenticating, so that it can do the feature-extraction, or they just upload the high-res image to the cloud-based authentication service. If it's the latter, then your PC or phone wouldn't be able to intercept the actual key.

Even having a snapshot of someone's iris would be bad, since you could just upload that to authenticate them. However, it'd be interesting if they went so far as to store a signature computed over each image submitted for authentication, so they could detect if you were trying to reuse an old image.