+
  • HOME»
  • Privacy in Metaverse: Nothing to hide or something to protect

Privacy in Metaverse: Nothing to hide or something to protect

General thought on privacy is—I have nothing to hide. Which in a way might be correct but with the way the world is changing we might need something to protect for sure. The new battlefield to fight for our privacy will be Metaverse. Metaverse is set to operate through next-gen behavioral-learning technologies such as virtual […]

General thought on privacy is—I have nothing to hide. Which in a way might be correct but with the way the world is changing we might need something to protect for sure. The new battlefield to fight for our privacy will be Metaverse.

Metaverse is set to operate through next-gen behavioral-learning technologies such as virtual reality (VR), augmented reality (AR), artificial intelligence (AI) and machine learning (ML) that often collect massive amounts of data based on user personal information thereby threatening privacy. Considering the current state of security and data protection regulations and in the absence of robust cybersecurity infrastructure using such technologies within the metaverse can become a significant danger to data privacy. Especially when we still haven’t answered many of the privacy problems we encounter in normal reality, are we capable of dealing with the potential problems with virtual reality?

IMPACT ON PRIVACY

Heaps of our data are already out and accessible to the majority of companies. With Metaverse, users’ data privacy can be impacted in ways beyond imagination. From cyberattacks designed to steal information to targeting AR/VR devices which can be a potential gateway to malware invasion and breaches. Another possible way to impact user privacy is unauthorized collection of tons of personal information, including biometric data, brainwaves, health information, preferences among many others thereby having deeper user insight. In metaworld, Hackers will have safe heaven as they can quickly deploy targeted attacks to steal personal information with virtual avatars that work through virtual identities.

CHALLENGES

Metaverse brings with itself new challenges in its massive virtual worlds where users can also be subject to privacy attacks such as eavesdropping by other platform users. Some major challenges will be Privacy at sensory level and of behaviour and communications alongwith safety of users.

(1) Sensor: Extended Reality (XR) technologies proffer unimaginable privacy and security threats. As these technologies are based on sensors to scan and monitor the users’ environment. Such information collected might be sensible to users, for example head-mounted displays (used to display the metaverse) can collect biometric data such as head movement, eye tracking etc which are non-obvious to users. One alarming example can be gaze patterns. Collection of gaze data can give away users’ sexual preferences.

(2) Behavior and communications: Similar to biometric data, any social interaction such as conversation, reactions etc with other avatars can tell the users’ psyches. Though these interactions can be valuable to infer users’ habits, activities, and choices in the metaverse, its potential to put the most personal aspects of our psyche at risk can not be denied. Ownership, control and usage of these data is the largest question.

(3) Safety of users: apart from security, the other major challenge is protection of such information collected while being shared and against tampering, which might affect safety.

Preventive measures using virtual offices: Despite the privacy and security concerns, companies are setting up virtual offices and we will be interacting with the metaverse hence some preventive measures can be adopted by the companies such as: (a) watertight data privacy and security policies regulating the use of personal information should be implemented by the companies setting up virtual offices. (b) With AR/VR devices deployed by the companies, companies need to have strict monitoring of cyber attacks, hack attacks, data breaches and adversarial AI attacks and enable security from them.

RECOMMENDATIONS

Meta- sold with the vision of users leading a visual life increases the possibility of data collection as our bodies could be its new data source and VR headsets learn more about as compared to the traditional screens. Data collected from the real world is used in Metaverse to provide immersive experiences. Hence, privacy and security concerns will be an integral part of the metaverse as people worry about issues of user identity, forced surveillance, and the potential abuse of personal information.

The companies need to adhere to strict principles guiding its development of extended reality products with (a) ethics, (b) privacy, (c) safety, and (d) security. The inevitable dependency on metaverse poses dire need for the companies to implement privacy by design when developing technology and privacy in the metaverse needs to be carefully considered and protected by the organizations/companies. An evolved personal data and privacy protection that will guarantee a person’s identity including possessions in the virtual world is the basic requirement. This will lead to a situation where users will be bound to share more personal data to identify themselves. This will necessitate data security protocols to evolve to a completely new level. In the absence of holistic data protection regulation in place, the Indian government /regulator will face a challenging situation in keeping safe personal data and making sure that the security system works efficiently. Especially when it comes to enacting regulations to protect privacy in the metaverse. Regulators will have a hard time enforcing laws looking at the present situation where tech giants/ social media platforms skirt their own policies and terms & conditions and fail to recognise the law of land. These policies will be a hindrance to the power the tech companies will gain in the metaverse by eroding privacy of users to exploit market advantages.

WAY FORWARD

A global consistent enforceable privacy standard is the need of the hour. Not just policy but the government needs to invest in the capability of investigation and enforcement of these standards, in a timely manner.

Tags:

Advertisement