Exploring the Unprecedented Privacy Risks of the Metaverse
Content
Accessible arXiv
Do you navigate arXiv using a screen reader or other assistive technology? Are you a professor who helps students do so? We want to hear from you. Please consider signing up to share your insights as we work to make arXiv even more open.
We gratefully acknowledge support from the Simons Foundation and member institutions.
> cs > arXiv:2207.13176
All fields Title Author Abstract Comments Journal reference ACM classification MSC classification Report number arXiv identifier DOI ORCID arXiv author ID Help pages Full text
Search
open search
GO
open navigation menu
quick links
Computer Science > Cryptography and Security
arXiv:2207.13176 (cs)
[Submitted on 26 Jul 2022]
Title:Exploring the Unprecedented Privacy Risks of the Metaverse
Authors:Vivek Nair, Gonzalo Munilla Garrido, Dawn Song
Abstract: Thirty study participants playtested an innocent-looking "escape room" game in virtual reality (VR). Behind the scenes, an adversarial program had accurately inferred over 25 personal data attributes, from anthropometrics like height and wingspan to demographics like age and gender, within just a few minutes of gameplay. As notoriously data-hungry companies become increasingly involved in VR development, this experimental scenario may soon represent a typical VR user experience. While virtual telepresence applications (and the so-called "metaverse") have recently received increased attention and investment from major tech firms, these environments remain relatively under-studied from a security and privacy standpoint. In this work, we illustrate how VR attackers can covertly ascertain dozens of personal data attributes from seemingly-anonymous users of popular metaverse applications like VRChat. These attackers can be as simple as other VR users without special privilege, and the potential scale and scope of this data collection far exceed what is feasible within traditional mobile and web applications. We aim to shed light on the unique privacy risks of the metaverse, and provide the first holistic framework for understanding intrusive data harvesting attacks in these emerging VR ecosystems.
| Subjects: | Cryptography and Security (cs.CR) |
|---|---|
| Cite as: | arXiv:2207.13176 [cs.CR] |
| (or arXiv:2207.13176v1 [cs.CR] for this version) | |
| https://doi.org/10.48550/arXiv.2207.13176 Focus to learn more arXiv-issued DOI via DataCite |
Submission history
From: Vivek Nair [view email]
**[v1]**Tue, 26 Jul 2022 20:48:48 UTC (17,818 KB)
Full-text links:
Download:
(license)
Current browse context:
cs.CR
Change to browse by:
References & Citations
a export bibtex citation Loading...
Bibtex formatted citation
×
loading...
Data provided by:
Bookmark
Bibliographic Tools
Bibliographic and Citation Tools
Bibliographic Explorer Toggle
Bibliographic Explorer (What is the Explorer?)
Litmaps Toggle
Litmaps (What is Litmaps?)
scite.ai Toggle
scite Smart Citations (What are Smart Citations?)
Code & Data
Code and Data Associated with this Article
arXiv Links to Code Toggle
arXiv Links to Code & Data (What is Links to Code & Data?)
Demos
Demos
Replicate Toggle
Replicate (What is Replicate?)
Related Papers
Recommenders and Search Tools
Connected Papers Toggle
Connected Papers (What is Connected Papers?)
Core recommender toggle
CORE Recommender (What is CORE?)
About arXivLabs
arXivLabs: experimental projects with community collaborators
arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.
Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.
Have an idea for a project that will add value for arXiv's community? Learn more about arXivLabs and how to get involved.
Which authors of this paper are endorsers? |Disable MathJax (What is MathJax?)
contact arXivClick here to contact arXiv Contact
subscribe to arXiv mailingsClick here to subscribe Subscribe
arXiv Operational Status
Get status notifications viaemail or slack