emporas 6 hours ago

Doesn't Worldcoin produce Zero Knowledge Proofs of biometric data? If yes i do not see what kind of personal data the ledger may hold. It holds the proof of their data, not their data.

If some people are not aware of ZKP here is a short really like [1].

[1] https://www.youtube.com/shorts/c6gpq9nKogo

shafyy 7 hours ago

> Those three codes, which are extremely difficult to break are then stored in databases that are owned by third parties, which include the University of Berkeley, Zurich, Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU) university and NeverMind

What do they mean by "Zurich" here?

  • javaunsafe2019 6 hours ago

    I guess university

    • Luc 6 hours ago

      ETH Zurich I assume, their Chief Economist is professor there.

echelon 7 hours ago

I was raised in the evangelical south to conservative parents.

World(coin) sounds like it's right out of the plot of some Sunday morning preacher's sermons [1] about Revelations and the "mark of the Beast".

Central organization scanning people and controlling how they transact? Literally the antichrist's M.O.

[1] https://youtu.be/zjHrExOM-ww

  • AnarchismIsCool 6 hours ago

    I'm a flaming atheist but holy fuck do I get uncomfortable with universal IDs and the growing drumbeat of identity verification.

    Borders, passports, IDs, personal documentation, it's all just a modern caste system. Yes, it's uncomfortable to think of a world without them but to me, after global warming, digital class slavery is probably the second biggest issue of our time. So much of the world works because bureaucracy is inefficient and non-omniciant, just like humans, yet so many people want the world to be one big TSA checkpoint where everyone must be unnaturally perfect at all times. It's utopian thinking that is leading us towards a type of hell I don't think any of us can even begin to imagine.

  • oytis 7 hours ago

    Together with the vision of the future where all labour is automated and controlled by a few megacorps it paints a truly apocalyptic picture

  • gadflyinyoureye 7 hours ago

    But we were told right here on HN how great medical travel passports were. Only those that bent the knee to New World Order should be allowed to travel. No one should dare declare bodily autonomy. Get the jab and go to fun, exotic places during the global pandemic. Follow the science, you fools.

btown 6 hours ago

Press release primary sources from the German watchdog, BayLDA:

https://www.lda.bayern.de/media/pm/pm2024_08_en.pdf (EN)

https://www.lda.bayern.de/media/pm/pm2024_08.pdf (DE)

Quote from the officlal English version:

> As a result, despite the improvements already introduced, adjustments are still required to bring the company's data processing in line with the applicable provisions Among other things, the company will be obliged to provide a deletion procedure that complies with the provisions of the GDPR within one month of the decision taking effect. In addition, “Worldcoin” will be obliged to provide explicit consent for certain processing steps in the future. Moreover, the deletion of certain data records previously collected without a sufficient legal basis was ordered ex officio. The company has already received the decision and has informed us that it is going to appeal it.

The allusion to "improvements already introduced" would seem to refer (though I'm uncertain of this) to https://world.org/blog/announcements/worldcoin-foundation-un... - which was described there as "reinforced after conversations with data protection authorities focused around further biometric template protection, particularly the Bavarian Data Protection Authority (“BayLDA”), the Worldcoin Foundation’s Lead Supervisory Authority in the EU."

Cryptographic systems that ensure no single party can access data at rest, even if that party were to be compromised, corrupted, or forced to reveal secrets by law enforcement, are absolutely incredible technical achievements - but it seems that, at least in this case, they are insufficient solutions in the eyes of EU regulators. (Not a lawyer, this is not legal advice.)

I hope the stance towards cryptographic erasure evolves thoughtfully over time in general, but World's approach here, beginning to collect data for seemingly unlimited purposes before having a completed system for SMPC, was never going to be one that would lend itself towards establishing positive regulatory precedent.

TiredOfLife 5 hours ago

Isn't Germany a country where you have to publish your name, home address and phone if you have a blog or twitter/bluesky.

29athrowaway 6 hours ago

The history of modern technology is the history of running away from government regulation.

  • ptek 5 hours ago

    Which is why when people make it to mars it will thrive. No taxes, no debt and no government regulation. Just build, build, build baby. Hopefully 3D printing and materials science will have some cool tech in the future otherwise it could be a slow start.

    • NeutralCrane 5 hours ago

      Assuming humans make it to Mars is already a leap, but assuming a government won’t form almost immediately, if somehow one doesn’t exist from the beginning of colonization, seems even less likely

    • brnt 27 minutes ago

      If you understood TESCREAL, you wouldnt think this a good thing.

blackeyeblitzar 7 hours ago

Will they delete it for real? I feel like many companies either just hide the data or have it sitting in older backups, leaving everyone’s privacy vulnerable.

  • Cyclone_ 7 hours ago

    I usually wonder if they do that as well. In some cases it may be hard to depending on how data is stored. In vertica, a database I worked with would never truly delete data on disk.

    • Y-bar 7 hours ago

      Only marking as “deleted” while indefinitely keeping it is illegal in the EU/EEA. The GDPR _requires_ a hard deletion in cases like this, but allows a grace period of a few weeks for the deletion to propagate throughout systems.

      • adastra22 7 hours ago

        There are backup systems that are write-only. What’s to be done then?

        • polskibus 7 hours ago

          You could replay this backup, and skip problematic record when writing new copy of the backup. Delete old backup. What’s important is to keep such log of „records to be deleted from backup”.

          • cyberpunk 6 hours ago

            How does one do this with a 20TB SQL database?

            Our approach would be to add some filters into our 'restore' pipeline which drops the problematic data should we ever attempt a restore, but I don't think it's good enough, and we have to maintain a list of user id hashes or such to power the filters.

            Edit: I mean, in a way that won't eat a lot of costs. I can imagine a malicious group opening and demanding deletions for 1000s of users which would mean a deletion job running on a large number of these 20TB backups, say 100 daily backups and for multiple users?

            • martijnarts 6 hours ago

              You don't need to delete data instantly, you just need to do it within a reasonable timeframe. So batching data deletion requests and running a clear out once a week should be fine.

              You may even be okay to just reply to the user that you've deleted all active copies of the data and it'll be fully gone when your backups expire in 30 days.

              IANAL tho.

          • adastra22 4 hours ago

            That cost real money and requires literally throwing out the old backup (which may or may not be destroyable). Think optical media and stuff like that.

        • post-it 7 hours ago

          It's imprudent to use technology that makes it impossible to comply with the law.

        • tzs an hour ago

          Depends on which country's GDPR authorities you ask. At one point the French authorities said you don't have to delete data from backups, the Danish authorities said you have to delete when technically feasible, and the UK authorities said you had to put the data "beyond use" which has been interpreted to mean that if you ever restore from the backup you have omit the "deleted" data.

          My guess is that most places go with not taking any active steps to delete things from the backups themselves, counting on media rotation to eventually overwrite the data. When restoring they omit anything that is on the "should be deleted" list.

        • williamdclt 6 hours ago

          I’ve had a cursory look into that recently (just a simple googling) and it seems that it’s considered OK to keep the data in backups.

          Which does seem weird… but to be fair, it would be near impossible to delete from backups as they exist today, it would be a law that can’t be practically applied.

        • unit149 6 hours ago

          Store everything on a decentralized P2P server for privacy enhancing technologists (PETs) to deconstruct.

        • fh973 7 hours ago

          Encrypt it and delete keys.

        • loriverkutya 7 hours ago

          Simple. Destroy the backup physically.

        • im3w1l 7 hours ago

          Encrypt write-once backups and store the keys on rewritable backups.

      • noprocrasted 6 hours ago

        Illegality matters only if you get caught - and when it comes to the GDPR it turns out even "getting caught" isn't actually a problem, as the continued existence of Facebook, Google, the data broker industry, etc demonstrates.

    • delusional 7 hours ago

      That seems like nonsense. Software cannot constrain the physical world. I could touch the bits on the drive itself, or I could physically destroy the hard-drive. Both would "truly delete" the data.

      • dietr1ch 7 hours ago

        Good luck deleting data from my 5th backup drives that I didn't tell you about. It's not hard because destroying a hard drive is hard, it's hard because you need to find not one, but all of the drives that are likely replicated and distributed around the globe already if you ever intended to do business with that data.

        • post-it 7 hours ago

          It's not a technical problem to solve, it's a legal one. If there is a crushing penalty if data that was supposed to be deleted shows up one day, companies will find a way to delete it.

          • im3w1l 7 hours ago

            One issue I foresee is that you can't legislate bugs away.

            • post-it 6 hours ago

              A bug is just a mistake, and the legal system already deals with mistakes in a variety of ways.

            • okanat 6 hours ago

              Umm you can. You can force companies to pass their code through an examination (even by a third party) and define a procedure of ensuring strict data hygiene. If they cannot pass each year, they will be subject to fines.

  • pfoof 7 hours ago

    Now imagine backups stored on tapes. How many companies would resort to rewinding all of them in search of this single record.

    • rollcat 7 hours ago

      Easy:

      - Rotate old tapes to store the freshest backup (according to retention policy)

      - Store row ID for each deletion request

      - Replay deletions during restore

      Either way you want (or already have) a scrubbing procedure to import production data into a staging environment, so this is not a technical issue.

  • onetokeoverthe 7 hours ago

    Agree.

    The file locker site i use said my account was deactivated due to inactivity.

    But after a simple email pw reset all my uploads are back online.

    Makes me aware any deletion i do is probably NOT done server side.

    • oytis 6 hours ago

      At least before GDPR it was a common wisdom among backend people that deleting things is just not worth it. I remember when I joined an otherwise cloud-focused team as an embedded engineer and suggested that we add a way to delete an account it was made clear to me that I am asking for an impossible thing. I hope GDPR has managed to change something

      • onetokeoverthe 6 hours ago

        Right. Most all users want the restore option much more than a clean delete.

23B1 7 hours ago

[flagged]

  • adastra22 7 hours ago

    Surely we are not talking about Worldcoin?

    • duskwuff 7 hours ago

      Fun little thought experiment: what differentiates World(coin) from any other "airdrop, pump, and dump" crypto scheme, beyond the eye scanning gimmick?

      • adastra22 4 hours ago

        Nothing? The whole thing is a scam.

  • delusional 7 hours ago

    That's not coincidence. He's the head of one of the most "transformative" companies because he's a brazen liar.

  • mplewis 7 hours ago

    Yeah, what a shame. Which company did you mean here?