This study by Vivek Nair, Dwan Song (both of UC Berkeley) and Gonzalo Munilla Garrido (Technical University of Munich) sheds a light on the unprecedented privacy risks of the metaverse by showing how VR can be turned against its users and provides the first holistic framework for understanding intrusive data harvesting attacks in these emerging VR ecosystems. It illustrates how VR attackers can covertly ascertain dozens of personal data attributes from seemingly-anonymous users of popular metaverse applications like VRChat. These attackers can be as simple as other VR users without special privilege, and the potential scale and scope of this data collection far exceed what is feasible within traditional mobile and web applications. The VR privacy threat model includes a description of a typical information flow for a VR telepresence application. The information flow typically includes the VR device, an application, the server and other users.
Associated with the data flow, there are different types of VR privacy attackers: the privileged hardware adversary, the privileged client adversary, the privileged server adversary, and the non-privileged user adversary.
The broad classes of private user data observable by each of the attackers are categorized into:
– primary (captured directly from a data source),
– secondary (derived deterministically from primary attributes), and
– inferred (derived from primary and secondary attributes using machine learning).
In those 3 categories, the following groups of data attributes can be observed by attackers:
– Geospatial Telemetry (position and orientation of the VR headset and controllers) can reveal height and wingspan and eventually gender.
– Device Specifications can reveal the VR device and eventually wealth.
– Network Observations can reveal locality and eventually ethnicity.
– Behavioral Observations can reveal age or disabilities.
VR privacy attacks can stem from the collection of continuous anthropometrics (headset-and-controller setups as well as more advanced full-body tracking systems), binary anthropometrics (e.g., longerarm and dominant handedness), fitness levels, reaction time, room size, geolocation, VR device, host device, language, vocal characteristics, and inferred attributes.