World Network: Biometric Identity Infrastructure Capture (refresh May 2026)

World ID​‌​​​​‌‌​‌​​​​​‌​‌​​​​‌‌​‌​​‌​​​​‌​​​‌​‌​​‌‌​​‌​​​‌‌​‌​‌​​‌‌​‌‌​ correctly implements Semaphore-style zero-knowledge group membership proofs, enabling privacy-preserving verification that a user belongs to the set of verified humans without revealing which human. The cryptography is sound. Yet the surrounding architecture — single private issuer (Tools for Humanity), irreversible iris biometric enrollment via the Orb hardware, and WLD token distribution gated exclusively behind that enrollment — constitutes the precise structural inversion of the third position defined in Tools, Not Declarations (Part III, May 2026) and Sum. (Cache256 collective, May 2026).

This May 2026 refresh incorporates the December 2024 BayLDA decision and its ongoing appeal before the Ansbach court (first hearing expected around July 2026), the May 2025 Kenya High Court ruling, the launch of AMPC (Anonymized Multi-Party Computation) in May 2026, the World ID 4.0 integrations with Tinder, Zoom and Reddit announced April 2026, and the foundational academic framework on Personhood Credentials established by MIT, OpenAI, Microsoft and twenty-two other institutions (arXiv 2408.07892v4, January 2025). The math holds. The political architecture does not.

// HISTORY 2019–2026

Tools for Humanity Corporation was founded in 2019 by Sam Altman (CEO of OpenAI), Alex Blania and Max Novendstern to build biometric proof-of-personhood infrastructure. Mainnet launch occurred on July 24, 2023 with the Orb v1 iris scanner and the WLD token live on Ethereum. The project rebranded to World in 2024 (the Worldcoin Foundation remains the token issuer based in the Cayman Islands).

October 2024 saw the launch of World Chain, an OP Stack L2 within the Optimism Superchain. December 2024 brought the final paneuropean decision from the Bavarian data protection authority (BayLDA, the European lead supervisory authority for Tools for Humanity GMBH, headquartered in Bavaria). 2025 brought US expansion with new Orb hardware (NVIDIA Jetson, Texas manufacturing), the Orb Mini portable device, and the launch of flagship retail stores in San Francisco, Seoul and Rome.

April 2026 saw the launch of World ID 4.0 at The Midway in San Francisco, with integrations announced for Tinder (verified human badge), Zoom (Deep Face anti-deepfake feature), Reddit (bot-flagged account verification), DocuSign, and a dedicated World ID app in public beta. May 2026 brought AMPC, an evolution of the previous SMPC system, with five independent node partners (UC Berkeley RDI, FAU Erlangen, KAIST, the University of Tokyo, and Nethermind).

// CORE MECHANISM — IRIS SCAN + ORB + WORLD ID

The Orb captures iris and face images on-device. Raw images are processed locally into an IrisCode (a hashed template). Verified users receive a World ID that proves membership in the unique-human set via Semaphore-style ZK group membership proofs (a sound implementation, per the Tools for Humanity World ID whitepaper updated March 25, 2026).

No third party learns the specific World ID during verification. The cryptography is mathematically valid and correctly deployed. The inversion occurs upstream: enrollment requires physical presence at proprietary Orb hardware controlled by a single private entity, creating irreversible biometric linkage and a token distribution funnel that rewards enrollment. As Madeleine Stone, senior advocacy officer at UK privacy watchdog Big Brother Watch, put it in July 2023: "unlike a password or ID card, an iris can't be reset or reissued."

// ORB HARDWARE EVOLUTION

Orb v1 (2023) operated with visible and infrared sensors capturing iris images at high resolution. The 2025 generation introduced NVIDIA Jetson processors (approximately 5x AI performance improvement), 30% fewer parts, and Texas manufacturing for component auditability. Orb hardware designs were open-sourced in October 2025. The Orb Mini, a portable device for peer-assisted verification, was announced for 2026.

Independent verification of manufacturing integrity and absence of hardware backdoors remains limited to company-led audits. Self-custody claims for World ID keys exist, yet initial enrollment and Orb supply remain centralized under Tools for Humanity. This is structurally significant: even if the post-processing layer (AMPC) is distributed across five academic institutions, the pre-processing layer (the Orb itself, its firmware, its iris-code generation) remains 100% under TFH control.

// WORLD CHAIN L2 (2024–2026)

World Chain launched October 2024 as an OP Stack L2 within the Optimism Superchain (alongside Base, Unichain and other members). Total Value Locked stands at $305.9M (DefiLlama snapshot, May 2026); Q1 2026 OP Stack TVS share was 2.1% ($288.5M), below Ink (3.8%) and well below Base and OP Mainnet. Governance flows through the Worldcoin Foundation.

Per the Substrate Problem framework (Cache256, April 2026), World Chain inherits the substrate limits of OP Stack: sequencer centralization, upgrade governance concentration, L2-specific trust assumptions. Priority Blockspace for Humans is branding layered onto that substrate; it does not resolve the upstream issuer or enrollment centralization that defines World ID.

// WLD TOKENOMICS 2026

Maximum supply is capped at 10 billion WLD. Circulating supply stood at approximately 3.3 billion WLD in May 2026, fully diluted valuation around $2.4B, market cap around $900M (CoinMarketCap snapshot 24 May 2026). Spot price at $0.30, down approximately 97.9% from the all-time high of $11.74 reached in 2024.

Distribution is gated behind Orb enrollment and verification incentives. This design makes proof-of-humanity inseparable from token economics: WLD distribution converts biometric capture into programmable asset distribution, creating what Cache256 calls a token incentive funnel. The structural critique is direct: as DL News documented through reporter Callan Quinn at the July 2023 Hong Kong launch, "the people I spoke to who'd taken part in the iris scanning weren't really interested in the utopian or dystopian ideals preoccupying Worldcoin's critics. It was all about the tokens."

// REGULATORY LANDSCAPE — BANS, INVESTIGATIONS, APPEALS

Six jurisdictions maintain active or recent enforcement against Worldcoin / Tools for Humanity. The European cascade is the most consequential.

Spain (AEPD, March 6 2024): the Spanish Data Protection Agency issued the precautionary measure CO-000297-2023 invoking Article 66.1 GDPR (urgent supervisory measures, 3-month maximum), ordering immediate cessation of iris collection and blocking of already-collected data. The order, signed by AEPD Director Mar España Martí, identified probable violations of GDPR Articles 5.1.a, 6.1, 7, 9, 12, 13 and 17. Five days later, on March 11 2024, the Audiencia Nacional (Spanish National Court, Sala Contencioso-Administrativo, Sección Primera) rejected the medida cautelarísima requested by Tools for Humanity, posing the principle that "la salvaguarda del interés general que consiste en la protección del derecho a la protección de datos personales de los interesados [debe prevalecer] frente al interés particular de la empresa recurrente de contenido fundamentalmente económico". On June 4 2024, Tools for Humanity made a legally binding commitment not to resume activity in Spain pending the BayLDA final decision.

Portugal (CNPD, March 26 2024): the Comissão Nacional de Proteção de Dados ordered a 90-day halt to biometric data collection after receiving dozens of complaints about minors being scanned and the impossibility of revoking consent. Approximately 300,000 Portuguese citizens had been enrolled at that point. Tools for Humanity quietly relaunched operations in Portugal in 2025.

Hong Kong (PCPD, May 2024): the Office of the Privacy Commissioner for Personal Data issued an enforcement notice directing immediate cessation of all iris scanning and data collection.

South Korea (PIPC, September 25 2024): the Personal Information Protection Commission fined the Worldcoin Foundation (725 million KRW, approximately $546,000) and Tools for Humanity (379 million KRW, approximately $285,000), for a total of 1.1 billion KRW (~$829,000), citing iris scanning without legal basis, insufficient information on data storage duration, undeclared overseas transfers, lack of deletion procedure, and inadequate age verification.

Germany (BayLDA, December 19 2024): the Bavarian State Office for Data Protection Supervision concluded a 20-month investigation initiated in April 2023, issuing a 132-page enforcement order coordinated with all concerned European authorities through the GDPR cooperation procedure. BayLDA reprimanded Tools for Humanity for storing plain-text iris codes in a database from July 24 2023 to May 14 2024 — ten months during which the issuer had direct access to readable biometric templates. World Foundation appealed the decision before the Bavarian administrative court in Ansbach in December 2024; the first hearing is expected around July 2026 (per Michael Will, BayLDA President, in DL News, July 2025).

Brazil (ANPD, January 25 2025): the Autoridade Nacional de Proteção de Dados banned operations citing that monetary incentives undermine consent validity and disproportionately target vulnerable populations. Sanction of 50,000 BRL/day (~$8,800) if operations resume. Tools for Humanity's appeal was rejected; local layoffs followed.

Kenya (ODPC + High Court, May 5 2025): the High Court of Kenya declared Worldcoin's biometric data collection unlawful and in violation of the Data Protection Act and the Constitution. The court ordered the complete erasure of all biometric data within seven days. In January 2026, the Office of the Data Protection Commissioner confirmed that Tools for Humanity had complied. Worldcoin had not operated in Kenya since the August 2023 suspension.

In addition, the EU AMLR (Regulation 2024/1624, Article 79) entering into force July 2027 and eIDAS 2.0 (Regulation 2024/1183) create future classification risks if World ID is treated as identity infrastructure for financial services. US state-level biometric laws (Illinois BIPA, California CPRA, Texas SB-1664) constrain Orb deployment in the US, though no federal ban exists.

// THE CACHE256 QUADRUPLE TEST APPLIED TO WORLD

Tools, Not Declarations (Cache256, May 22 2026) introduced a four-question lens for any zero-knowledge deployment. The questions are not a checklist for adoption; they are a lens for reading. Applied to World, the lens returns four failures.

1. Who issues the underlying credential? Tools for Humanity, a private for-profit company that self-attributes the function of declaring unique humanity. A single private issuer controls Orb supply, verification policy, and template handling. No decentralized governance or multi-stakeholder issuance mechanism exists. Fail.

2. What can the issuer learn from each use? Historically, the BayLDA enforcement order documents that iris codes were stored in plain text from July 24 2023 to May 14 2024. Tools for Humanity's chief privacy officer Damien Kieran told Euronews in December 2024 that "We're no longer doing that." Yet a Tools for Humanity representative admitted to DL News in July 2025 that "they do not know how many iris codes were deleted." The transition to SMPC in May 2024 and to AMPC in May 2026 improves runtime privacy through cryptographic secret-sharing across five node partners, but the issuer retains the ability to coordinate fragments, the Orb firmware that performs pre-processing remains under Tools for Humanity control, and the historical liability persists. Fail.

3. Can the user opt out without losing the social good? The April 2026 announcement of World ID integrations with Tinder, Zoom and Reddit demonstrates the intent to make World ID a gating primitive for social and economic participation. The more World ID becomes infrastructure for dating, video conferencing, and forum participation, the less viable opt-out becomes. The CNPD Portugal complaint of March 2024 already cited the "impossibility of deleting the data or revoking consent". Fail.

4. Does the deployment require a singular enrollment event? Yes. Iris enrollment is, by biological construction, irreversible. As Vitalik Buterin wrote in What do I think about biometric proof of personhood? (24 July 2023, accessed 2026-05-25), "any single biometric system, however well-cryptographed, concentrates the question of personhood in a single issuer", with risks including "unavoidable privacy leaks, further erosion of people's ability to navigate the internet anonymously, coercion by authoritarian governments, and the potential impossibility of being secure at the same time as being decentralised". Fail.

World ID fails the Cache256 quadruple test on all four counts. The cryptography (Semaphore proofs) is sound. The architecture is the inversion of the third position.

// VALIDATION FROM THE ACADEMIC FRAMEWORK ON PERSONHOOD CREDENTIALS

In January 2025, a coalition of thirty-two co-authors from twenty-five institutions — including MIT, OpenAI, Microsoft, Harvard, Oxford, UC Berkeley, SpruceID, a16z crypto, Mina Foundation, OpenMined, Partnership on AI, and the Decentralization Research Center — published the foundational paper "Personhood credentials: Artificial intelligence and the value of privacy-preserving tools to distinguish who is real online" (arXiv:2408.07892v4, accessed 2026-05-25). The paper introduces the term Personhood Credentials (PHCs) as the conceptual frame for the field.

The paper explicitly states that "a PHC system, according to our definition, could be local or global, and does not need to be biometrics-based". This directly contradicts the central claim of the Tools for Humanity whitepaper (March 25 2026) that "iris and purpose-built devices are the only combination that meets all constraints."

The paper also establishes a foundational requirement: "PHCs let a user interact with services anonymously through a service-specific pseudonym; the user's digital activity is untraceable by the issuer and unlinkable across service providers, even if service providers and issuers collude." The phrase even if service providers and issuers collude is structurally significant. Tools for Humanity simultaneously operates the issuer (TFH), the wallet (World App), the L2 (World Chain), the token (WLD), and negotiates integrations with major service providers (Tinder, Zoom, Reddit, DocuSign). The trinity of issuer, platform, and service-provider relationship is not separated; the academic requirement is structurally violated.

The paper further notes that "having multiple trusted PHC issuers within a single ecosystem promotes choice... this approach reduces the risks associated with a single centralized issuer while still preserving the ecosystem's integrity". World is, by design, a single centralized issuer. The academic framework that legitimizes the PHC category as a field of inquiry simultaneously identifies the structural risk profile that World embodies.

// COMPETITIVE LANDSCAPE — PoH ALTERNATIVES IN 2026

World is not the only architecture for proof-of-personhood. As of May 2026, the field includes at least eleven distinct families, each with different trade-offs on the Cache256 quadruple test:

Biometric iris with ZK — World / Tools for Humanity. Singular issuer, irreversible enrollment, token-incentive funnel. 4/4 fail.

Biometric palm — Humanity Protocol. Same structural critique as iris-based, plus the company explicitly pivoted away from the "proof-of-personhood" framing in February 2026 while retaining palm biometrics, a signal that the label itself has become regulatory liability for biometric incumbents.

Social graph — BrightID. Peer-attested verification through in-person or virtual verification parties. No proprietary hardware, no biometrics, no single issuer. Cold-start and collusion risks remain. Closest in spirit to the third position among proof-of-personhood systems with non-trivial adoption.

Decentralized puzzles — Idena. Synchronous FLIP puzzle ceremonies plus proof-of-work plus human verification. No singular enrollment, no biometric capture. Coordination overhead constrains scalability but the structural alignment with the third position is strong.

Video and arbitration — Proof of Humanity (Kleros). Video submission plus vouching plus decentralized arbitration via Kleros courts. Token-curated registry with arbitration costs and delays.

Aggregated stamps — Human Passport (formerly Gitcoin Passport, acquired by Holonym Foundation in December 2024 and rebranded). Modular composite credentials from multiple sources. As of March 2026, Human Passport provided Sybil resistance for 120+ projects, securing over $512M in capital flow.

NFC passport chips — zkPassport, Self. Uses the NFC chip in the user's existing biometric passport to generate a ZK proof of nationality or age without revealing the full document. Excludes the seven billion people without an NFC biometric passport.

ZK national ID — Anon Aadhaar. ZK proof of uniqueness against the Indian Aadhaar database without revealing the full identity number. Strong on ZK privacy but inherits state biometric database risks.

Selective disclosure — Privado ID (formerly Polygon ID). Holders prove attributes of state-issued credentials without revealing the underlying document. Improvement on the status quo, not exit from the issuer relationship.

Multi-stage ZK — Polkadot Project Individuality (DIMs). Launched Q4 2025 at Web3 Summit Berlin (Gavin Wood, July 17 2025), the system uses zero-knowledge proofs and Bandersnatch Ring VRF across staged Digital Individuality Mechanisms (DIM1 unicity, DIM2 verified individuality, DIM3 planned). $3M treasury proposal funded the initial development.

Verifiable peer relationships — Hedera LFDT First Person Credentials. Two credential types: Personhood Credentials (PHCs) issued by recognized entities, and Verifiable Relationship Credentials (VRCs) exchanged peer-to-peer to prove real-world connections. Uses Hyperledger AnonCreds, DID SCID Method on Hedera, and the Hedera ledger as Verifiable Data Registry. An MVP for the Linux kernel contributor ecosystem is being explored.

// GEOPOLITICAL REACH — ALTMAN, OPENAI, AND THE CONFLICT OF INTERESTS

Sam Altman holds concurrent roles as CEO of OpenAI (defining global AI systems and shaping safety norms for what counts as a human in training data and content moderation) and founder of Tools for Humanity (defining who counts as human for identity rails and economic infrastructure). This overlap is documented and structural. The same individual whose company is producing the AI agents that World ID claims to defend the internet against is also producing the proof-of-personhood credential that gates access to that internet.

Note that the academic paper on Personhood Credentials (arXiv 2408.07892v4) includes OpenAI co-authors (Steven Adler, Zoë Hitzig, David Schnurr) and an a16z crypto co-author (Eddy Lazzarin), where a16z is also an early Worldcoin investor. The paper maintains academic rigor and explicitly takes no position on any specific PHC implementation, which is to its credit; the structural conflict of interest disclosure is nonetheless worth noting when the same coalition produces the academic framework and the largest commercial implementation operating within that framework.

Global South deployments document a recurring pattern. Kenya queues in mid-2023 led to the August 2023 suspension and the May 2025 High Court ruling. Berlin saw an organized scheme in March-April 2025 in which groups paid refugees and unsheltered people to scan their eyes at multiple Orb stations for WLD rewards; one Berlin group reportedly earned nearly $700,000 in WLD tokens during the peak two months (DL News, July 2025). The pattern is the same as that documented by AEPD in Spain and CNPD in Portugal: the token incentive funnel disproportionately captures populations whose ability to evaluate the irreversibility of biometric enrollment is constrained by economic vulnerability.

// THE CRYPTOGRAPHY IS NOT THE PROBLEM

This briefing will be misread if it is taken as anti-cryptography. The Semaphore proofs used in World ID are mathematically sound and correctly implemented per the Tools for Humanity whitepaper. The foundational zero-knowledge work of Goldwasser, Micali and Rackoff (STOC 1985) underpins the protocol. The May 2026 AMPC system — with secret-shared iris masks, hidden Hamming distances revealing only binary match results, GPU-accelerated comparisons on AWS p5.48xlarge instances across five academic node partners — represents real technical work documented in the IACR ePrint paper 2024/705 (Large-Scale MPC: Scaling Private Uniqueness Checks to Millions of Users).

The Cache256 critique, per Tools, Not Declarations Part III, is not anti-cryptography. It targets the political architecture that wraps the primitive: single issuer control, hardware trust assumptions, irreversible biometric enrollment, downstream lock-in to programmable rails, and a token incentive funnel that converts bodies into programmable assets. The math is real. The cage is real. Both can be true at once.

// WHAT WORLD COULD HAVE BEEN — A SOBER COUNTERFACTUAL

Had Tools for Humanity built the same Semaphore primitive without singular Orb enrollment, without private issuer control of hardware supply, without token-gated distribution, and with multi-stakeholder or peer-based verification, the result would have been a decentralized proof-of-personhood tool that passes the Cache256 quadruple test. Users could opt in without permanent biometric linkage, revoke credentials, and participate without creating an enrollment funnel that converts bodies into programmable assets.

The choice to build the inverted version was structural and economic, not technical necessity. The academic framework (arXiv 2408.07892v4) confirms that biometrics are not required for personhood credentials. The competitive landscape shows that decentralized alternatives exist and function (BrightID, Idena, Hedera FPC, Polkadot DIMs in different stages of maturity). The path not taken was not the absence of a path.

— · —

A proof that says nothing about who you are is the most political object the last forty years of cryptography have produced. A proof that says you are a unique human, while quietly converting your iris into a programmable rail under private control, is the most polished cage the next forty years will deploy. Read what proves what. The rest is theater.

// CACHE256 · ECOSYSTEM · CACHE256 EDITORIAL COLLECTIVE · NOT FINANCIAL ADVICE · YOU ARE SOVEREIGN