Is Anyone Surprised By This?

More thought — or at least some thought — needs to be given to privacy protection in the promised metaverse of connected 3D virtual-reality worlds, experts have concluded.

In a paper distributed via ArXiv, titled “Exploring the Unprecedented Privacy Risks of the Metaverse,” boffins at UC Berkeley in the US and the Technical University of Munich in Germany play-tested an “escape room” virtual reality (VR) game to better understand just how much data a potential attacker could access.

………

The wealth of information available through augmented reality (AR) and VR hardware and software has been known for years. For example, a 2012 article in New Scientist described Ingress, an AR game from Google spin-off Niantic Labs, as “a data gold mine.” That’s why data-monetization firms like Meta are willing to invest billions to make the market for head-hugging hardware and AR/VR apps more than just a sadness of tech enthusiasts with no use for torsos.

Similarly, the trust and safety issues of online social interaction have vexed online services since the days of dial-up modems and bulletin boards, before web browsers were even a thing. And now that Apple, Google, Microsoft, Meta, and other players see a chance to remake Second Life under their own gatekeeping, corporate consultancies are again reminding clients that privacy will be a problem. ………

Not only is privacy an unsolved metaverse issue, but hardware security also leaves something to be desired. A related recent study of AR/VR hardware, “Security and Privacy Evaluation of Popular Augmented and Virtual Reality Technologies,” found vendor websites full of potential security vulnerabilities, their hardware and software lacking in multifactor authentication, and their privacy policies obtuse.

………

The potential data points identified by the researchers include: Geospatial Telemetry (Height, Arm Length, Interpupillary Distance, and Room Dimensions); Device Specifications (Refresh Rate, Tracking Rate, Resolution, Device Field-of-View, GPU, and CPU); Network (Bandwidth, Proximity); Behavioral Observations (Languages, Handedness, Voice, Reaction Time, Close Vision, Distance Vision, Color Vision, Cognitive Acuity, and Fitness).

From these metrics, various inferences can be made about a VR participant’s gender, wealth, ethnicity, age, and disabilities.

………

“All our research shows is that if a company wanted to do data harvesting, it could get vastly more information about users in VR than it could from mobile apps for example, and that pivoting towards VR would make perfect sense in that context.”

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store