Is Anyone Surprised By This?

Matthew G. Saroff
2 min readAug 2, 2022


Virtual reality, at least as envisioned by the criminal enterprise formerly known as Facebook™, is a will be a complete privacy clusterf%$#.

I am not sure why anyone would be surprised by this. Facebook’s entire business model since its inception has to be a complete privacy clusterf%$#:

More thought — or at least some thought — needs to be given to privacy protection in the promised metaverse of connected 3D virtual-reality worlds, experts have concluded.

In a paper distributed via ArXiv, titled “Exploring the Unprecedented Privacy Risks of the Metaverse,” boffins at UC Berkeley in the US and the Technical University of Munich in Germany play-tested an “escape room” virtual reality (VR) game to better understand just how much data a potential attacker could access.


The wealth of information available through augmented reality (AR) and VR hardware and software has been known for years. For example, a 2012 article in New Scientist described Ingress, an AR game from Google spin-off Niantic Labs, as “a data gold mine.” That’s why data-monetization firms like Meta are willing to invest billions to make the market for head-hugging hardware and AR/VR apps more than just a sadness of tech enthusiasts with no use for torsos.

Similarly, the trust and safety issues of online social interaction have vexed online services since the days of dial-up modems and bulletin boards, before web browsers were even a thing. And now that Apple, Google, Microsoft, Meta, and other players see a chance to remake Second Life under their own gatekeeping, corporate consultancies are again reminding clients that privacy will be a problem. ………

Not only is privacy an unsolved metaverse issue, but hardware security also leaves something to be desired. A related recent study of AR/VR hardware, “Security and Privacy Evaluation of Popular Augmented and Virtual Reality Technologies,” found vendor websites full of potential security vulnerabilities, their hardware and software lacking in multifactor authentication, and their privacy policies obtuse.

Gee, if Zuckerberg had been interested in having a name that accurately describes the company’s new direction, instead of, “Meta,” he should have chosen, “Full of potential and their privacy policies obtuse.”

It does sum up both Zuckerberg and his criminal enterprise.


The potential data points identified by the researchers include: Geospatial Telemetry (Height, Arm Length, Interpupillary Distance, and Room Dimensions); Device Specifications (Refresh Rate, Tracking Rate, Resolution, Device Field-of-View, GPU, and CPU); Network (Bandwidth, Proximity); Behavioral Observations (Languages, Handedness, Voice, Reaction Time, Close Vision, Distance Vision, Color Vision, Cognitive Acuity, and Fitness).

From these metrics, various inferences can be made about a VR participant’s gender, wealth, ethnicity, age, and disabilities.


“All our research shows is that if a company wanted to do data harvesting, it could get vastly more information about users in VR than it could from mobile apps for example, and that pivoting towards VR would make perfect sense in that context.”

As I observed earlier, if it wasn’t a privacy stripping horror show, Zuck would not be interested in it.