You have probably been annoyed by the way targeted ads seem to know within seconds what you have been talking about with your social-media friends or which vacation destinations you just priced, but snooping your data from a cell phone or computer is nothing like the amount of information you’ll be giving away as a participant in the metaverse.
Seemingly benign data like room size, your height and how quickly you draw a blaster can tell advertisers and whoever else is watching things about your wealth, gender and physical well-being that you might prefer to keep private, a new paper published by researchers at the University of California, Berkeley and the Technical University of Munich reveals.
Big Tech is making big bets on the metaverse, such as the company formerly known as Facebook’s $50 billion commitment last year to developing the concept. Meta’s purchase of virtual-reality headset manufacturer Oculus has given it a strong presence in the most accessible consumer metaverse technology. Up to now, some of the most popular uses of the technology have been for gaming, with VR games becoming popular for esports players.
However, metaverse proponents–and investors who have poured trillions of dollars of capital into development–reckon that in time, virtual reality will become integral to our way of life: everything from gaming to work to socializing will be able to be conducted via virtual reality and in a fully digital environment.
That could be disastrous for data privacy.
“Right now, we have the spy in our pocket,” says Gonzalo Munilla Garrido, a graduate student at the Technical University of Munich and one of the authors of the paper. “But if you are going to spend all day in a virtual world where you are constantly being watched, you are now within the mind of the spy. Data privacy is only going to get worse.”
The study published last month by Garrido and Berkeley’s Dawn Song and Vivek Nair proves just how easy it is to rapidly and surreptitiously collect dozens of data points from VR users. The researchers created a simple virtual-reality game which, under the guise of harmless fun, was able to catalog almost 2 dozen detailed data points on players in just five minutes of play. Collecting information on users’ physical attributes–their height and arm spans, for example–along with qualities like language, ability to see color, age and gender is far easier to do in a virtual setting than with smartphones or wearables.
Beyond the ease of collecting personal data, the applications of this private information in a metaverse context has strong implications for marketing. Access to this bounty of data could transform the way that advertisers target their messaging to consumers.
“On apps and websites, we are used to an ad being an image displaying a product or some sponsored text. It’s clearly an ad, you can see the delineation and you know what the ad is for,” said Nair. “In a traditional app, that ad can be targeted–if a company knows you’re looking for a new phone, you might get an ad on your app for Best Buy
While web3 advocates push for decentralization, current metaverse development is highly centralized, largely due to the massive investments that a few tech companies have made on developing consumer VR technology.
“‘Decentralization’ and ‘metaverse’ are totally orthogonal concepts,” says Nair. ‘While you could have a decentralized metaverse or a centralized metaverse, every metaverse we know of right now is heavily centralized … tech companies have a strong incentive to keep it centralized. The reason they are investing a huge amount of value in the underlying hardware is because they want to extract some value from the applications that result from that.”
We might not be completely doomed. The researchers are working on a project called MetaGuard, which aims to provide a tool for users to protect against intrusions on their personal data. It would allow users to add a variable level of “noise” to the information metaverse applications collect, making it harder to obtain accurate biometric data and make statistical inferences about identity. As the metaverse continues to gain traction, though, the paper shows that users should be wary of how much of their data is being silently harvested–and by whom.