Hacking the Orb

FOSS-HW Workshop Area [CDC Saal 3]
Uniquely identifying real users is a problem as old as the Internet. With the recent surge in AI language and vision models, CATCHAs might be close to losing the bot-mitigating fight. But how can you know your users are human without fully surveilling them? Perhaps we could use… Iris scanners and zero knowledge proofs? Which is precisely the approach that Worldcoin takes. However, building such a system is fraught with security and privacy challenges. In this talk, I’ll focus on the Orb’s operating system security properties and privacy defenses.
The purpose of the Orb is to uniquely identify humans while preserving privacy. It does so by scanning user irises, deciding if they’ve signed up before, and adding them to a global set of zero-knowledge identity commitments. Then, the user owns a private key which they can use to produce zero-knowledge proofs that prove they *are* human, without revealing *which* human. Attackers have an economic incentive to hack inside individual orbs, since getting inside of one means they can generate fake signups, and then later get cryptocurrency. They might also want to steal user biometric information. Thus the Orb’s software and hardware need to be designed to defend against software hacks and physical tampering. To that end, the OS is architected with a few security mitigations – including secure boot, signed operating system images, verity-mounted filesystem partitions, and write/execution-restricted filesystems. Everything can always be hacked, and security is the art of thoughtful risk mitigation. The Orb’s OS has been architected in a way so as to minimize the risk of hackers-stealing or government-seizing user biometric data. But of course, things aren’t perfect, so if you have any thoughts on how to hack the Orb, please do send your questions / criticisms.

Additional information

Type other
Language English

More sessions

12/27/23
House
Join us for a cozy, un-ceremonial opening of the House of Tea! Come and chill, learn how to help yourself with the tea and share it, and/or ask any questions about the project, helping, and how you already are part of it! :)
12/27/23
Kidspace - Workshopraum in Saal B
### Eine pädagogische Einführung in das beliebte Computerspiel mit Minecraft Education. Wolltest du schon immer einmal wissen, was es mit Minecraft auf sich hat und würdest gerne herausfinden, ob du dich in dieser digitalen Sandkiste wohlfühlst? Unser 2-stündiger Workshop bietet AnfängerInnen jeden Alters das passende Umfeld, um das beliebte Spiel in Ruhe kennenzulernen.
12/27/23
Chillout Lounge
https://soundcloud.com/jeanette-tr-sbien/0116a
12/27/23
Stage Y
https://pretalx.c3voc.de/37c3-haecksen-workshops-2023/talk/GN9LDH/
12/27/23
Sendezentrum Assembly
Eröffnung der Sendezentrum Assembly
12/27/23
Pseudoroom
Wer nicht Chefredakteur einer großen Zeitung ist, kann auf andere Art die öffentliche Debatte vorantreiben: Kommunikationsguerilla im öffentlichen Raum schafft Erregungskorridore, an denen die öffentliche Debatte aufgehängt werden kann. Wir haben den Hergang verschiedener vergangener Projekte, kleinere wie größere, rekonstruiert und geben Tipps zu Theorie und Praxis.
12/27/23
Saal E
Just one sign switched and all of physics changes: Moving objects lose kinetic energy instead of gaining it and radiating objects get hotter instead of colder. Infinite velocity and infinite temperature are no longer impossible. Stars look like rainbow-colored lines instead of white dots and turning your arrow of time around into your own past is just as easy as turning from left to right. In this talk, we will explore the physics in a spacetime with signature (+,+,+,+) as presented by Greg Egan ...