Worldcoin’s Big Privacy Update: Does It Keep Users Safe?

Worldcoin’s implementation of Personal Custody changes digital identity verification, focusing on user data control and security.

Man in lab coat examining an eyeball robot on a low poly planet.
Created by Gabor Kovacs from DailyCoin
  • Worldcoin will allow users to store their data on their local devices.
  • The new approach enables use cases like face authentication. 
  • Worldcoin hopes to address privacy concerns. 

In a digital era where data breaches and privacy concerns are increasingly common, Worldcoin’s latest update on Personal Custody within the World ID framework has drawn significant attention. 

This initiative, part of the World ID 2.0 upgrade, signifies a critical step towards addressing the escalating concerns around personal data protection in digital verification systems.

Dissecting Worldcoin’s Personal Custody

Announced on March 22, 2024, Personal Custody is Worldcoin’s response to critical feedback regarding user data privacy. This feature allows users to store their verification data, including images and metadata used for iris code generation, locally on their devices rather than on centralized Worldcoin servers.


“Personal data custody, or Personal Custody, means that the information (images, metadata, and derived data) generated at the orb and used to generate the iris code during World ID verification is held on your device,” Worldcoin explained

The shift to personal custody also introduces new use cases. Users can leverage Face Authentication for high-security applications directly on their devices. According to Worldcoin, this approach eliminates data needing to leave the device.

Does Worldcoin’s Personal Custody Keep Users Safe?

While personal custody is a step in the right direction, there are still avenues through which malicious actors could exploit user data. For instance, If a malicious actor gains physical access to a user’s device, they could bypass security measures (like device encryption) to access the stored biometric data. 

Moreover, malicious software designed to infiltrate devices could be used to steal the encrypted biometric data. If the malware is sophisticated enough, it could intercept the data during its encryption or decryption process or exploit vulnerabilities in the device’s operating system.


The security of personal custody also relies heavily on the encryption of data using public-private key pairs. If a malicious actor obtains the private key, they can decrypt the user’s data. 

In summary, while personal custody is a step in the right direction, it cannot protect users from all attacks. Data protection still relies both on the network and responsible use by the users. 

On The Flipside

  • According to the recent third-party audit commissioned by Worldcoin, the network has fixed its vulnerabilities. The audit came after a significant data breach on the network in April 2023. 
  • In March 2024, Kenya kept its ban on Worldcoin, despite pressure from the US government. The country cited privacy concerns in its decision. 

Why This Matters

Worldcoin’s implementation of personal custody underscores the growing recognition of the importance of user control over personal data in the digital age. However, security challenges remain, even with the new system. 

Read more about Kenya’s Worldcoin ban: 

Kenya Reiterates Worldcoin Ban Despite U.S. Govt Intervention

Read more about Solana’s major milestone in DeFi: 

How Solana Stacks Up With Ethereum in One DeFi Key Metric

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

David Marsanic

David Marsanic is a journalist for DailyCoin who covers the intersection of crypto, traditional finance, and government. He focuses on institutionalized crypto entities like major cryptocurrency exchanges and Solana, breaking down complex topics into easy-to-understand writing. David's prior experience as a business journalist at various crypto and traditional news sites has enabled him to maintain a critical approach to news while adhering to high journalistic integrity standards.