So Sam Altman first creates the situation that we can no longer distinguish humans from bots, then asks everyone to trust him with even more biometric data to get around the problem he created.
Either way he wins at everyone else’s expense. I urge you to not take this at face value, Sam has already shown with Worldcoin that he is not trustworthy.
https://www.buzzfeednews.com/article/richardnieva/worldcoin-...
But theoretically, you could implement the protocol in a privacy-preserving manner where the only thing that needs to be saved, is the hash of the biometric data, not the biometric data itself.
So lets say that your face + fingerprint + iris each outputs a value. Concat those and hash them, and you have a unique value that can be reproduced elsewhere, without having to store anything else but the actual hash of the input.
Again, I'm not sure if this is what they are doing, but if that's how it works, they wouldn't actually need to gather any biometric data, after creating the hash it can be thrown away.
If someone MITMs your password, you can rotate it. A bit harder to do that with your iris.
Of course, true for fingerprint scanning too which has been around for a while, but iris kind of takes that to a new minority report level for many.
Why would you have to do that regularly? The point is to do it once in a trusted environment and then the only thing you need to verify whatever is the hash itself, not to re-encode again and again.