Threats facing metaverse players

Threats facing metaverse players

With the help of 30 volunteers, researchers created and playtested an escape room game, that is, a game in which a participant is supposed to find a way out of a building or room, in virtual reality.

As it turned out, such a game can provide an attacker with 25 private data attributes, from anthropometrics to demographics, including a user’s age and gender, within just a few minutes of gameplay.

The researchers also listed the types of data that can become marketable commodities among the metaverse operators in the foreseeable future: 

·      geospatial telemetry, which can reveal a user’s height, arm span, interpupillary distance or room size
·      client device specifications, such as display refresh rate, tracking rate, device field of view, GPU power, and CPU power
·      network observations, namely channel bandwidth and a client’s geolocation
·      behavioral characteristics, such as language, handedness, voice, reaction time, visual acuity, color vision, cognitive acuity, and fitness.

All these data allow to determine with a high degree of accuracy other personal characteristics as well, for example, gender, wealth, ethnicity, age, and disabilities. 

The scientists pointed out that some of these attributes could theoretically be obtained through mobile applications, however, the metaverse turns out to be the only source of exhaustive data; there were times during the study when all the data could be collected within just a few minutes. Operators of the metaverse will basically have enough power to remove anonymity from any user. All of that is simply impossible within existing mobile applications, much less websites.

The project’s authors aimed to draw the public’s attention to the problem of metaverse confidentiality as well as encourage their counterparts to develop protection measures. A solution of the kind has already been proposed: MetaGuard is a plug-in for the Unity game engine that injects noise into the metrics collected by AR and VR headsets to prevent users from being tracked, without interfering with the headsets’ work. It is somewhat similar to a browser’s incognito mode, which can be turned on and off when necessary.