1. Home
  2. Biometric security

Biometric security

Argentine agency opens investigation into Worldcoin over biometric data

The Agency for Access to Public Information in Argentina was the latest government body to investigate Worldcoin, with reports suggesting probes in Germany, France and Kenya.

Authorities in Argentina have become the latest government officials to probe cryptocurrency project Worldcoin over privacy concerns.

In an Aug. 8 announcement, Argentina’s Agency for Access to Public Information (AAIP) said it was investigating Worldcoin over its collection, storage and use of customer data to ensure it complies with security and privacy regulations. Worldcoin (WLD) launched its token project in July with the goal of verifying users through retinal scans, leading to concerns from many regarding privacy.

“Citizens have the right, whenever personal data is provided, to have clear and accessible information in relation to the assignment, use and purpose for which the data is collected and processed, especially with regard to sensitive data, such as biometric data,” said the AAIP.

Related: Worldcoin controversy explained in latest Cointelegraph Report

More than 2 million accounts signed up for Worldcoin prior to its token launch in July. However, following the distribution of retinal scanners, reports suggested Germany’s Bavarian State Office for Data Protection Supervision announced an investigation over privacy concerns, while the French National Commission on Informatics and Liberty called the project’s data collection methods “questionable.”

On Aug. 2, Kenya’s minister of internal security announced the country would suspend Worldcoin’s local operations until authorities had the opportunity to assess any potential risk to residents. Local news outlets reported on Aug. 7 that Kenyan police raided a Worldcoin property, seizing equipment that may have contained user data.

Magazine: ‘Moral responsibility’: Can blockchain really improve trust in AI?

MicroStrategy completes $3 billion convertible notes offering to buy more Bitcoin

Crypto phishing scams: How users can stay protected

A look at the different techniques employed by crypto phishing scammers and how users can stay protected.

In the fast-paced and ever-evolving world of cryptocurrency, where digital assets are exchanged, and fortunes can be made, a lurking danger threatens the safety of both seasoned investors and newcomers alike: crypto phishing scams. 

These schemes are designed to exploit the trust and vulnerability of individuals, aiming to trick them into revealing their sensitive information or even parting with their hard-earned crypto holdings.

As the popularity of cryptocurrencies continues to rise, so does the sophistication of phishing techniques employed by cybercriminals. From impersonating legitimate exchanges and wallets to crafting compelling social engineering tactics, these scammers stop at nothing to gain unauthorized access to your digital assets.

Malicious actors use different methods of social engineering to target their victims. With social engineering tactics, scammers manipulate users’ emotions and create a sense of trust and urgency.

Eric Parker, CEO and co-founder of Giddy — a noncustodial wallet smart wallet — told Cointelegraph, “Did someone reach out to you without you asking? That’s one of the biggest rules of thumb you can use. Customer service rarely, if ever, proactively reaches out to you, so you should always be suspicious of messages saying you need to take action on your account.”

“Same idea with free money: If someone is messaging you because they want to give you free money, it’s likely, not real. Be wary of any message that feels too good to be true or gives you an immediate sense of urgency or fear to make you act quickly.”

Email and messaging scams

One common technique used in crypto phishing scams is impersonating trusted entities, such as cryptocurrency exchanges or wallet providers. The scammers send out emails or messages that appear to be from these legitimate organizations, using similar branding, logos and email addresses. They aim to deceive recipients into believing that the communication is from a trustworthy source.

Bitcoin Scams, Scams, Security, Cybersecurity, Biometric Security, Wallet, Bitcoin Wallet, Hardware Wallet, Mobile Wallet

To achieve this, the scammers may use techniques like email spoofing, where they forge the sender’s email address to make it appear as if it’s coming from a legitimate organization. They may also use social engineering tactics to personalize the messages and make them seem more authentic. By impersonating trusted entities, scammers exploit the trust and credibility associated with these organizations to trick users into taking actions that compromise their security.

Fake support requests

Crypto phishing scammers often pose as customer support representatives of legitimate cryptocurrency exchanges or wallet providers. They send emails or messages to unsuspecting users, claiming an issue with their account or a pending transaction that requires immediate attention.

The scammers provide a contact method or a link to a fake support website where users are prompted to enter their login credentials or other sensitive information.

Omri Lahav, CEO and co-founder of Blockfence — a crypto-security browser extension — told Cointelegraph, “It’s important to remember that if someone sends you a message or email unsolicited, they likely want something from you. These links and attachments can contain malware designed to steal your keys or gain access to your systems,” continuing:

“Furthermore, they can redirect you to phishing websites. Always verify the sender’s identity and the email’s legitimacy to ensure safety. Avoid clicking on links directly; copy and paste the URL into your browser, checking carefully for any spelling discrepancies in the domain name.”

By impersonating support personnel, scammers exploit users’ trust in legitimate customer support channels. In addition, they prey on the desire to resolve issues quickly, leading users to willingly disclose their private information, which scammers can use for malicious purposes later.

Fake websites and cloned platforms

Malicious actors can also build fake websites and platforms to lure in unsuspecting users.

Domain name spoofing is a technique where scammers register domain names that closely resemble the names of legitimate cryptocurrency exchanges or wallet providers. For example, they might register a domain like “exchnage.com” instead of “exchange.com” or “myethwallet” instead of “myetherwallet.” Unfortunately, these slight variations can be easily overlooked by unsuspecting users.

Lahav said that users should “verify whether the website in question is reputable and well-known.”

Recent: Bitcoin is on a collision course with ‘Net Zero’ promises

“Checking the correct spelling of the URL is also crucial, as malicious actors often create URLs that closely resemble those of legitimate sites. Users should also be cautious with websites they discover through Google ads, as they may not organically rank high in search results,” he said.

Scammers use these spoofed domain names to create websites that imitate legitimate platforms. They often send phishing emails or messages containing links to these fake websites, tricking users into believing they are accessing the genuine platform. Once users enter their login credentials or perform transactions on these websites, the scammers capture the sensitive information and exploit it for their gain.

Malicious software and mobile apps

Hackers can also resort to using malicious software to target users. Keyloggers and clipboard hijacking are techniques crypto phishing scammers use to steal sensitive information from users’ devices.

Keyloggers are malicious software programs that record every keystroke a user makes on their device. When users enter their login credentials or private keys, the keylogger captures this information and sends it back to the scammers. Clipboard hijacking involves intercepting the content copied to the device’s clipboard. 

Cryptocurrency transactions often involve copying and pasting wallet addresses or other sensitive information. Scammers use malicious software to monitor the clipboard and replace legitimate wallet addresses with their own. When users paste the information into the intended field, they unknowingly send their funds to the scammer’s wallet instead.

How users can stay protected against crypto phishing scams

There are steps that users can take to protect themselves while navigating the crypto space.

Enabling two-factor authentication (2FA) is one tool that can help secure crypto-related accounts from phishing scams.

2FA adds an extra layer of protection by requiring users to provide a second form of verification, typically a unique code generated on their mobile device, in addition to their password. This ensures that even if attackers obtain the user’s login credentials through phishing attempts, they still need the second factor (such as a time-based one-time password) to gain access.

Utilizing hardware or software-based authenticators

When setting up 2FA, users should consider using hardware or software-based authenticators rather than relying solely on SMS-based authentication. SMS-based 2FA can be vulnerable to SIM-swapping attacks, where attackers fraudulently take control of the user’s phone number.

Hardware authenticators, such as YubiKey or security keys, are physical devices that generate one-time passwords and provide an extra layer of security. Software-based authenticators, such as Google Authenticator or Authy, generate time-based codes on users’ smartphones. These methods are securer than SMS-based authentication because they are not susceptible to SIM-swapping attacks.

Verify website authenticity

To protect against phishing scams, users should avoid clicking on links provided in emails, messages or other unverified sources. Instead, they should manually enter the website URLs of their cryptocurrency exchanges, wallets or any other platforms they wish to access.

By manually entering the website URL, users ensure they access the legitimate website directly rather than being redirected to a fake or cloned website by clicking on a phishing link.

Be cautious with links and attachments

Before clicking on any links, users should hover their mouse cursor over them to view the destination URL in the browser’s status bar or tooltip. This allows users to verify the link’s actual destination and ensure that it matches the expected website.

Phishing scammers often disguise links by displaying a different URL text than the destination. By hovering over the link, users can detect inconsistencies and suspicious URLs that may indicate a phishing attempt.

Parker explained to Cointelegraph, “It’s very easy to fake the underlying link in an email. A scammer can show you one link in the email’s text but make the underlying hyperlink something else.”

“A favorite scam amongst crypto phishers is to copy a reputable website’s UI but place their malicious code for the login or Wallet Connect portion, which results in stolen passwords, or worse, stolen seed phrases. So, always double-check the website URL you’re logging into or connecting your crypto wallet with.”

Scanning attachments with antivirus software

Users should exercise caution when downloading and opening attachments, especially from untrusted or suspicious sources. Attachments can contain malware, including keyloggers or trojans, which can compromise the security of a user’s device and cryptocurrency accounts.

To mitigate this risk, users should scan all attachments with reputable antivirus software before opening them. This helps detect and remove any potential malware threats, reducing the chances of falling victim to a phishing attack.

Keep software and apps updated

Keeping operating systems, web browsers, devices and other software up to date is essential for maintaining the security of the user’s devices. Updates can include security patches that address known vulnerabilities and protect against emerging threats.

Utilizing reputable security software

To add an extra layer of protection against phishing scams and malware, users should consider installing reputable security software on their devices.

Antivirus, anti-malware and anti-phishing software can help detect and block malicious threats, including phishing emails, fake websites and malware-infected files.

By regularly updating and running security scans using reputable software, users can minimize the risk of falling victim to phishing scams and ensure the overall security of their devices and cryptocurrency-related activities.

Educate yourself and stay informed

Crypto phishing scams constantly evolve, and new tactics emerge regularly. Users should take the initiative to educate themselves about the latest phishing techniques and scams targeting the cryptocurrency community. In addition, stay informed by researching and reading about recent phishing incidents and security best practices.

Recent: What is fair use? US Supreme Court weighs in on AI’s copyright dilemma

To stay updated on security-related news and receive timely warnings about phishing scams, users should follow trusted sources in the cryptocurrency community. This can include official announcements and social media accounts of cryptocurrency exchanges, wallet providers and reputable cybersecurity organizations.

By following reliable sources, users can receive accurate information and alerts regarding emerging phishing scams, security vulnerabilities and best practices for protecting their crypto assets.

MicroStrategy completes $3 billion convertible notes offering to buy more Bitcoin

What is Humanode human-powered blockchain?

Humanode is the decentralized crypto-biometric network based on 1 human = 1 node = 1 vote ethos that brings Sybil resistance to the crypto space.

The future of blockchain and biometrics merge

The merge of blockchain and biometrics has cogent potential. A new emerging ecosystem based on it is here to improve human life as such.

The current crypto paradigm is dominated by power- and capital-based schemes. Appearing as an alternative, Sybil-resistant human-based protocols allow reorienting the systems away from such technocratic and oligopolistic narratives, providing true decentralization and democracy.

Infrastructures based on human biometrics combined with blockchain are capable of creating innovative decentralized human-based digital verification layers and stable financial networks that rely on the existence of human life itself. 

Biometric-based blockchain projects formalize a new framework for a prosperous and regenerative world, each in its own unique way. Some of them specialize in identity verification for blockchain services, some of them provide solutions for metaverse authentication, and some are interested in improving things like universal basic income (UBI). Be that as it may, they accelerate a new possible human future where inevitable uniqueness and equality are the main powers.

Humanode features

Humanode embraces a number of exclusive features that help the project achieve its goals.

First and foremost, Humanode provides biometric Sybil resistance. With ensured decentralized biometric identification based on liveness detection, the network is owned and operated by real unique humans. 

Humanode accelerates the spread of equality since each user can only create one identity, meaning that they can only launch one node and hence has a single vote. This means truly equal co-ownership of the network with equal distribution of power and fees among users.

Also, Humanode leverages self-sovereign and decentralized identity (DID) to give users full control over their digital personal data. All data is decentralized, encrypted and kept fully and securely on-chain. 

Pseudonymity means that Humanode users can freely interact with the network without having to reveal their identity but only by proving they are real human beings. Furthermore, there will be no more concerns about data privacy, as Humanode uses crypto-biometrics to protect biometric data that never leaves users’ devices.

The need for a common device such as a smartphone or a PC to launch a human node means broader accessibility and fast and user-friendly biometric authentication brings usability to the system. Being a Substrate-based platform, Humanode is also interoperable with the broader Ethereum ecosystem making it accessible to thousands of passionate developers.

Moreover, Humanode’s crypto-biometric processing scheme alongside 1 human = 1 vote DAO infrastructure is easy to integrate through the direct Application Programming Interface (API), bringing Sybil resistance, decentralization and more advantages to any chain. 

And, last but not least, Humanode introduces a cost-based fee system that denominates transaction fees in United States dollar, based on the actual use of resources. Pegging the USD value not only ensures that Humanode’s (HMND) volatility does not affect resource costs, but also provides a more intuitive user experience

What is crypto-biometrics and how does it work?

Crypto-biometrics is a mix of innovative advanced technologies, which includes blockchain, encryption, cybersecurity, zero-knowledge proofs, biometrics and liveness detection.

To meet the security and privacy requirements of protecting particularly sensitive personal biometric data in a globally distributed system that runs on nodes connected to thousands of human beings, simply encoding the biometric information is not enough.  

Humanode utilizes crypto-biometric identification mechanisms that are based on a combination of various technologies and exist at the intersection of the disciplines such as mathematics, information security, cybersecurity, biometrics, liveness detection, zk proofs, homomorphic encryption and, of course, blockchain.

To become a human node, users need to prove that they are real living human beings and not deep fakes, photos, masks or something else. To do so, users go through live video-based 3D face scans and liveness detection. During this process, the 3D face mapping vector of the neural network is converted to numerical values and encrypted. After that, the public and private keys are created and, at that point, users can launch their nodes. 

For registered Humanode users, once they log in after biometric identity verification, the 1 to n search and matching operation happens in an encrypted space. And, because it is zk-based, the only piece of information that is searched for and is given out is whether the user is registered.

 

How does Humanode work?

Humanode is a project that gracefully combines different technological stacks including blockchain and biometrics. 

Humanode tech encompasses a bunch of layers such as a blockchain layer represented by a Substrate module: a biometric authorization module based on cryptographically secure neural networks for the private classification of three-dimensional (3D) templates of users’ faces, a private liveness detection mechanism for identifying real human beings, a Vortex decentralized autonomous organization (DAO) and a monetary algorithm named Fath, where monetary supply reacts to real value growth and emission is proportional.

Let’s look at them in more detail.

Substrate framework

Humanode is a layer-1 blockchain whose architecture lies on the Substrate open-source framework that allows the quick development of highly customized blockchains. Substrate, the brainchild of the Parity team, provides interoperability within the Polkadot and Kusama ecosystems as well as an environment for the creation and deployment of general-purpose or specialized blockchain networks with remarkably varied parameters and sound capabilities. Being a Substrate-based chain, Humanode benefits from it and from the high throughput and scalability inherent to the Polkadot ecosystem. 

Consensus agnostic protocol 

One of the interesting features of Humanode is consensus agnosticism, which is the ability to change the network’s consensus mechanism if the Humanode DAO approves it. It derives from the necessity for constant research on the most suitable consensus for a leaderless system with equal validation power of nodes. Different consensus mechanisms have numerous pros and cons which constantly change. A swappable consensus mechanism allows the system to evolve and not be limited by a single unchangeable framework. 

EVM-compatible smart-contract layer

On top of that, Humanode is Ethereum-compatible. Due to an Ethereum Virtual Machine (EVM) pallet, Humanode can use existing Ethereum development tools and take advantage of smart contracts development, supported by several popular languages including Solidity and WebAssembly. On the other hand, Humanode can provide private biometric processing and Sybil-resistance to numerous Ethereum-based decentralized applications (DApps) including decentralized finance (DeFi) and play-to-earn (GameFi) projects, NFT solutions, DAOs, metaverses and others.

Private biometric search and matching 

As for Humanode’s biometrics stack, it seems like the privacy and security of biometric data have been among the most critical aspects of the project. 

Due to the private classification of images of users’ faces, the system guarantees the images’ privacy, performing all operations without the users’ biometrics data having to leave the device. The only device needed to pass biometric authentication is a smartphone with a camera. Once users scan their faces, they become human nodes. The whole process is private and secure. All the Humanode system cares about is if the user is a unique human being, if they are registered and if they are alive. 

Decentralized liveness detection

A technique that ensures that the biometric sample is submitted from a real live person, a substantial security feature that mitigates the vulnerability of biometric systems to spoofing attacks, is called liveness detection. Biometric liveness refers to the use of computer vision technology to detect the actual presence of a living user rather than a representation such as a photograph or a mask, video or screen, a fake silicon fingerprint or other spoof artifacts. 

Biometrics accuracy grew tremendously in the last decade. Currently, the possibility of a match between two different people is 1 to 125,000,000, and the possibility of spoofing an identity without a real human in front of the camera is 1 to 80,000. And, these numbers are constantly improving.

For its first version of the crypto-biometric identification solution, which utilizes secure enclaves for some portions of the process, Humanode integrates FaceTec’s face biometrics and liveness detection. Humanode’s first testnet was launched in January 2021 and the official testnet 1 with liveness detection and the updated technical stack was launched in September 2021. Since then, there have been additional testnets deployed with more than 10,000 people becoming human nodes.

Vortex DAO

Currently, there are three types of nodes in the Humanode ecosystem. First, human nodes who have passed biometric authentication and received a fraction of the network transaction fees. Then, there are delegators: nodes that opt to delegate their voting power to so-called governors. Governors are nodes that participate in Humanode’s governance and must meet certain governing requirements. 

Each of these node types forms an important part of Humanode’s governance DAO named Vortex. Unlike other projects, which allow nodes to accumulate voting power based on how much capital they have or delegate, the Humanode platform ensures that all nodes are equal in terms of validation and voting power, bringing true equality between peers in a decentralized environment.

Fath monetary algorithm and rebalancing system

Humanode implements the Fath hypothesis as the basis for the circulation of HMND Humanode token (HMND). Fath is a monetary algorithm with a proportional distribution of issued tokens. It is an alternative to modern fiat credit-cycle financial networks and capital-based public blockchains.

What problems does Humanode solve?

Humanode brings decentralization, Sybil resistance and innovative governance models to the blockchain industry using biometric technology.

In its very foundations, the Humanode project aims to bring accessibility, inclusivity and innovation in the tech and crypto spaces and economics as a whole. The project is an alternative to the majority of blockchain networks that are based on consensus algorithms such as proof-of-work (PoW) and proof-of-stake (PoS) that currently dominate the field. 

It is known that PoW and PoS are decentralized technologically but not power-wise, granting voting rights and rewards in proportion to users’ economic investments in an activity or resource, stake or computational power, leading to capital-based oligopolies and mining pools. 

In contrast to PoW and PoS, Humanode utilizes facial recognition biometrics with the combination of proof-of-uniqueness and proof-of-existence — efficient tools capable of creating a decentralized protocol to counter malicious attacks on online platforms. The most spread attacks on peer-to-peer networks are Sybil attacks with the utilization of multiple fake virtual identities or, in the case of cryptocurrencies, nodes. 

The Humanode system is designed to check and ensure that every person in the network is unique and has a singular identity. Human nodes are created through crypto-biometric authentication which is a combination of cryptographically secure matching and liveness detection mechanisms verifying the uniqueness and existence of real human beings.

Bringing equality and Sybil resistance to the system, Humanode design guarantees every individual the same amount of voting power and rewards, creating a democratic and fair peer-to-peer structure.

What is Humanode?

Humanode is the first human-powered crypto-biometric network, where 1 human = 1 node = 1 vote.

Humanode is a new-age decentralized crypto-biometric network that integrates pioneering cryptography with private biometrics and blockchain technology. The project aims to create a strong and sustainable decentralized system that is grounded on the existence of unique human beings.

The Humanode project was conceived by the co-founders of Paradigm research institute in 2017. They were one of the many who were optimistic about the Web 3 potential but, at the same time, were stumped by the fact that mining cartels and validator oligopolies seemed to dominate the crypto market. By using human biometrics as the stake, the founders of Humanode saw the possibility of creating a truly decentralized network of equals.

Humanode enables a range of new use cases while solving problems with existing ones. 

With Humanode enabling the pseudonymous biometric DIDs tied to various online services, many spheres stand to benefit from such as insurance, financial services that involve credit score, trading, marketplaces, yield farming and many others including airdrops, healthcare, metaverse authentication and nonfungible token (NFT) ownership.

 

MicroStrategy completes $3 billion convertible notes offering to buy more Bitcoin

Iris Scanning Worldcoin Idea Fuels Objections From Privacy Advocates — Snowden Says ‘Don’t Catalog Eyeballs’

Iris Scanning Worldcoin Idea Fuels Objections From Privacy Advocates — Snowden Says ‘Don’t Catalog Eyeballs’During the last few weeks, a project called Worldcoin has been the subject of numerous headlines and speculation. Worldcoin launched on October 21 and aims to be a universal basic income (UBI) crypto asset that gives free tokens to accounts that are verified with a biometric eye scan. The project has privacy advocates reeling and […]

MicroStrategy completes $3 billion convertible notes offering to buy more Bitcoin