Worldcoin Scans Irises to Prove Humanity. The Proof Depends on a Central Enrollment System.
by Nick Clark | Published March 27, 2026
Worldcoin built an iris-scanning Orb to create a global proof-of-personhood system, aiming to give every human a unique digital identity. The ambition is significant: universal identity without government documents. But the architecture depends on centralized enrollment through proprietary hardware, a database of iris hashes for deduplication, and a single organization controlling the enrollment infrastructure. The structural gap is not in the biometric technology. It is in the enrollment model itself.
Worldcoin addresses a real problem: as AI-generated content proliferates, proving that a digital actor is a unique human being becomes increasingly important. The gap described here is not about the problem. It is about whether centralized biometric enrollment is the architectural foundation that solves it.
Enrollment creates the dependency it claims to eliminate
Worldcoin's stated goal is to provide identity without reliance on government-issued documents. But the Orb enrollment process creates a different dependency: reliance on Worldcoin's hardware, Worldcoin's enrollment infrastructure, and Worldcoin's deduplication database.
A user who has not been scanned by an Orb has no World ID. A user in a region without Orb deployment cannot enroll. The identity is not something the user accumulates through participation. It is something the user receives through a one-time enrollment event controlled by a single organization.
The iris hash database, even if stored as hashes rather than raw biometric data, is a central artifact that must be maintained, protected, and governed. The deduplication check that ensures one-person-one-ID requires comparing every new enrollment against the entire database. The database grows monotonically and becomes an increasingly valuable target.
Proof-of-personhood is not identity
World ID proves that a unique human enrolled at an Orb. It does not prove ongoing behavioral identity. A person who enrolled a year ago and a person who enrolled yesterday have the same proof-of-personhood strength, regardless of their behavioral history.
This creates a binary identity model: enrolled or not enrolled. There is no gradient of trust. There is no accumulation of identity strength over time. There is no behavioral continuity that makes identity progressively harder to forge.
What keyless identity addresses
Keyless identity derives identity from accumulated behavioral continuity rather than one-time enrollment. A device proves its identity through a dynamic hash chain anchored in locally-sourced unpredictability, validated through trust slope continuity.
There is no enrollment event because identity accumulates from the first interaction. There is no central database because identity is held locally and validated through trust relationships with peers. There is no binary enrolled-or-not status because identity strength increases with continued behavioral consistency.
Proof-of-personhood could integrate with keyless identity as one signal among many: biometric liveness as a source of local entropy rather than as a database entry. The biometric signal would contribute to the hash chain without being stored anywhere.
The remaining gap
Worldcoin identified the right problem: proving human uniqueness in a world of AI-generated identities. The remaining gap is in the architecture: whether proof-of-personhood requires centralized biometric enrollment or whether it can emerge from accumulated behavioral continuity without any enrollment database at all.
