News WorldCoin Attracts 2 Million Users, Hundreds Line-up To Stare at the Orb

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
J

jp7189

Distinguished
Feb 21, 2012
286
158
18,860
bit_user said:
Somebody can steal your password without ever meeting you. However, if they can't hack the authentication system, then they need you to flash your eyeballs. On the flip side, if they do hack it, then potentially you need a new set of eyeballs.

Having said that, I do think there's a way they could change the feature-extraction algorithm and give you a new signature. The system would need to remember that the old signature is no longer valid. Whether they offer these sorts capabilities remains to be seen, but hacks would certainly be troublesome and expensive.
Click to expand...
Presumably, since you have to flash your eye balls every time you transact, there are lots of opportunities for apps or even fake terminals to intercept the data without a user knowing. That's a whole lot easier than the kid napping route.
 
bit_user

bit_user

Champion
Ambassador
Jan 20, 2010
12,525
4,290
57,040
jp7189 said:
Presumably, since you have to flash your eye balls every time you transact, there are lots of opportunities for apps or even fake terminals to intercept the data without a user knowing.
Click to expand...
It's no easier than intercepting a password. The problem is that you have only one set of eyeballs, whereas a password can be changed. Also, if this ends up being a universal authentication system, as they seem to be planning, then it raises the stakes for such exploits vs. grabbing just a couple passwords for random websites.

jp7189 said:
That's a whole lot easier than the kid napping route.
Click to expand...
The key question is exactly what is sent to the authentication provider? Either they need to distribute the deep learning model to every app & device capable of authenticating, so that it can do the feature-extraction, or they just upload the high-res image to the cloud-based authentication service. If it's the latter, then your PC or phone wouldn't be able to intercept the actual key.

Even having a snapshot of someone's iris would be bad, since you could just upload that to authenticate them. However, it'd be interesting if they went so far as to store a signature computed over each image submitted for authentication, so they could detect if you were trying to reuse an old image.
 
  • Like
Reactions: Francisco Alexandre Pires
You must log in or register to reply here.

Similar threads

AndrewFreedman
Facebook Hacked: Up to 50 Million Users Affected
Replies
2
Views
656
News Comments
littleleo
L
V
  • Question
Recently moved to new house, ping goes up at night
Replies
16
Views
3K
Networking
vensus
V
Jsimenhoff
  • Locked
The Tom's Hardware Best PC Builds Giveaway
Replies
116
Views
4K
Systems
Hellfire13
Hellfire13
H
Downloaded windows update now cant connect to the internet.
Replies
1
Views
2K
Networking
eibgrad
eibgrad
Darkbreeze
  • Locked
  • Sticky
CPU overclocking guide and tutorial for beginners
Replies
0
Views
267K
Overclocking
Darkbreeze
Darkbreeze

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom