World ID and the iris scan that proves you're human

In a Lisbon shopping centre, a chrome sphere the size of a ball waits for passers-by. You step up, look into the lens for a few seconds, and the device confirms it: you are a verified human. One glance, and a digital proof settles onto your phone. More than a third of the city's adults have already done it; in Buenos Aires, a quarter.

The sphere is called the Orb. It is the physical touchpoint of World, the identity network founded by Sam Altman. Its promise fits in a sentence: as the web fills with synthetic accounts, generated images and automated agents, proving there is a human on the other end becomes valuable again. Valuable enough, perhaps, to become the price of entry to much of the internet.

A sphere, an iris, a proof

The Orb is a biometric sensor that photographs the iris, the coloured disc whose patterns are unique to every person. From that image it derives a code, then deletes the photo at once. The code does one thing only: guarantee that the same person signs up just once. In return, the user receives a World ID, an identifier stored on their phone alone and anchored to World Chain, the project's own blockchain.

The piece that makes the whole thing palatable is the zero-knowledge proof. In practice, the phone can prove to a website that "this person is a unique human" without ever handing over the iris, the name, or anything that would link your visits from one service to the next. The site receives a yes, and nothing more. It is the difference between showing your ID card and ticking a box no one can forge.

The numbers say where the project stands. Nearly 18 million people have scanned their iris at an Orb; 450 million have created a World ID in one form or another, without always going through the physical check. Not all of humanity, far from it, but already a population the size of a large country.

Why being human becomes a pass

The need springs from a shift. When anyone can spin up a thousand fake profiles, churn out believable reviews, or set loose an agent that books, pays and negotiates on its own, the old question "are you a robot?" no longer resolves with a grid of blurred images. A harder proof is required. World now sells it to companies: Zoom, DocuSign, Tinder, Shopify, Okta and asset manager VanEck are among its partners.

Zoom goes further with a feature called Deep Face: it cross-references the Orb's biometric profile with the face on the live video, and shows a "verified human" badge next to the name. On a work call where the person across from you could be a deepfake, that badge answers a brand-new anxiety.

The other front is stranger still. In March 2026, World launched AgentKit, a tool that lets an artificial-intelligence agent carry cryptographic proof that a unique human stands behind it. Paired with the x402 stablecoin payment protocol, it turns the agent into an identified economic actor: it can settle small online sums without being mistaken for unwanted traffic. A curious age, in which we certify machines by the human who set them loose.

What the proof gives back

For the person who scans, the benefit is first a relief. On a web saturated with anti-bot filters, the ordinary human spends more and more time proving they are one: visual puzzles, waits, accounts frozen out of caution. A reusable proof of humanity, produced with a single gesture, removes that friction. The time lost justifying yourself, you get back.

There is something deeper than saved minutes. Being recognised as human without endlessly re-proving it means recovering a measure of ease in spaces that, as they grow wary of machines, end up wary of everyone. For someone without a solid bank card or papers honoured everywhere, an identifier that says only "real and unique person" can even open doors that stayed shut.

A concrete case: digital queues for a concert, a limited drop, a public benefit, where bots sweep everything in seconds. Reserving access to verified humans alone levels the field. This is not a cypherpunk abstraction; it is the difference between getting your spot and watching it vanish into a script running from a server.

The price of a glance

Still, the trade-off cuts close. The iris is permanent biometric data: you cannot change it like a password. Entrusting it to a private company, even as a code, means handing it the power to decide who counts as human. And what a company grants, it can suspend, charge for, or lose in a breach.

Regulators have noticed. Spain's data protection authority issued a formal warning to World in February 2026; Germany had ordered the deletion of collected irises as early as December 2024; the Philippines handed down a cease-and-desist in October 2025, citing consent bought with financial incentives. The system is, for now, banned or under constraint in a handful of countries, from Spain to Kenya.

The real question is not technical but political: should a proof this fundamental, that of existing as a person, run through a proprietary object and private capital? The European Union is attempting another route with its identity wallet, backed by states rather than a sphere. Both models answer the same vertigo.

And the vertigo will not recede. The more machines imitate the human, the more humans will be asked to prove they are one. The comfort of frictionless access and the risk of a humanity held on licence are two sides of the same glance, given once and for all to a camera. The choice ahead is not whether to scan your iris; it is who holds the key.