The Privacy Pitfalls of Zuckerberg’s Metaverse

Zuckerberg and the Metaverse

Mark Zuckerberg’s unveiling of his metaverse, a virtual reality (VR) environment created by Meta (previously Facebook), has garnered a lot of attention. Zuckerberg’s rebranding of Facebook as Meta signals its aim to build a new version of the internet, one based on people interacting with each other via VR headsets. 

What is the Metaverse?

The metaverse is where the physical and digital worlds meet. It is a space where avatars (digital representations of people) can interact at work or for fun, such as meeting in the office or going to concerts. You will be able to enter this virtual reality by using Meta’s Oculus VR headsets. Another feature of the metaverse is augmented reality (AR), where elements of the digital world are layered on top of reality. (Zuckerberg’s own proposed metaverse would just be one of many – Meta does not own the technology, although it has invested heavily in it.)

Meta is already running a professional version of the metaverse called Horizon Workrooms. This is an app that lets Oculus-wearing workers enter virtual offices and hold meetings. Nick Clegg, former UK Deputy Prime Minister and Vice President of Global Affairs at Meta, holds team meetings in the office metaverse, accompanied by a virtual table and whiteboard.

Clegg has stated that the metaverse would be a series of interlinked worlds. So you could move seamlessly from Meta’s world to Google’s, for example.

The science-fiction writer Neal Stephenson coined the term ‘metaverse’ in his novel Snow Crash. The protagonist in the story, Hiro, spends a lot of his time in a computer-generated universe called the Metaverse. Zuckerberg wants us to do the same, in the virtual world he’s created.

People have found the promotional videos for Zuckerberg’s metaverse odd and cringeworthy. But that’s not the most important criticism of Zuckerberg’s latest enterprise. There are several privacy and security concerns relating to his metaverse that have also been highlighted.

Privacy Concerns Related to the Metaverse

Facebook has a long and extensive timeline of privacy-related issues, and the way Zuckerberg’s metaverse is designed means that Meta will likely continue to face criticisms about what happens to users’ data.


Once you are plugged into a metaverse, an advertiser could target not just data like your age and gender but also your body language, physiological responses, biometric information, and who you interact with and how. 

Users are not really on board, though, with adverts inserted into games. When Facebook carried out advert testing in a VR game called Blaston, players told the developers, “We don’t want this”. The ad tracking side of things was non-invasive, but the adverts still noticeably stuck out. 

It should be mentioned, however, that ad tracking could be more prominent in Zuckerberg’s metaverse, with all of your moves tracked, so you can be better targeted with ads. Experts have said that Meta will find more ways to follow you than Facebook did. Indeed, as the Facebook whistleblower Frances Haugen points out, joining the metaverse will result in “many, many more sensors in our homes and our workplaces.” She adds that “these immersive environments are extremely addictive and they encourage people to unplug from the reality we actually live.” This will certainly impact the collection of our personal data and hence our privacy.

During his keynote address at Facebook Connect on October 28, 2021, Zuckerberg demonstrated how Meta’s Cambria prototype headset can track your eyes and face. By doing so, it could determine how long you look at a digital billboard while walking down a virtual street or in a virtual stadium in the metaverse. Through its face-tracking abilities, the headset can track your emotions, revealing again what you’re most interested in. The company may also find out how often you visit a virtual location.

Mark Skwarek, industry associate professor at NYU’s Tandon School of Engineering, points out, “If you’re doing an augmented experience or a virtual experience, you could be collecting data on that user constantly. You’ll be able to predict what people think.” AI and machine learning also increase Meta’s ability to harvest vast quantities of data. So, our online behaviour may be tracked even more aggressively if we use Zuckerberg’s metaverse, which is a serious privacy concern.

Facebook already has a reputation for tracking its users and then serving ads for items you want to buy. The company understands you so well that it can predict what you’re likely to be interested in. This is why you’ll see an ad for something you are convinced you never searched for online, which you may only have only mentioned to a friend in passing. Meta will be able to achieve this even more effectively with data it collects from the metaverse.

Data Breaches

In 2018, researchers revealed that it was possible to view information of users of a pornography-based VR app, including the email addresses, device names, and download details of anyone who paid for the service using PayPal. When using the metaverse, it is possible that all kinds of other personal information could be revealed.

You may be interacting with a virtual or augmented world via a headset or mobile, but your data is still going somewhere other than the headset you’re wearing. This has led to concerns about potential data breaches. If Meta allows for third-party apps at some point, then we need to know what security measures will be implemented to protect user data, as well as screen for malicious or insecure apps.

AR Glasses

Zuckerberg has stated that a “killer use case” of the metaverse is wearing AR glasses when you are interacting with people in real life, so you can continue to text message people without people in real life noticing. 

However, AR glasses have the potential to invade people’s privacy in all sorts of ways, such as by wearing them in public restrooms, when eating at restaurants surrounded by other people, and at the movies, where you could have the ability to covertly record the film.

AR glasses, as well as a headset, could also serve as both camera and microphone inside of homes. This could expose a great deal of private information to Meta. More advanced VR systems could combine this with heart and respiration rates, and physical movements and dimensions. Meta could then use this information for individual identification and tracking.

The Problem With Companies Using Zuckerberg’s Metaverse

Horizon Workrooms, which provides immersive mixed reality business meetings, could threaten the privacy of employees. Haugen has warned that people could be forced to participate in these kinds of meetings or lose their jobs. As she stresses, “If your employer decides they’re now a metaverse company, you have to give out way more personal data to a company that’s demonstrated that it lies whenever it is in its best interests.”

Meta Has Privacy Safeguards, But We Should Be Cautious

Andrew Bosworth (now CTO at Meta) and Nick Clegg claimed in a blog post that the metaverse will be built responsibly. They state, “The metaverse won’t be built overnight by a single company. We’ll collaborate with policymakers, experts and industry partners to bring this to life.” Meta tells us it will work with the human rights and civil rights communities from the start, to make sure that technologies are “built in a way that’s inclusive and empowering.”

The company has also announced that it is investing $50m in global research and program patterns to ensure that its products are developed responsibly. Haugen, however, is sceptical about Meta’s ability to protect users’ privacy. Even though privacy experts may be able to make recommendations to Meta, Zuckerberg ultimately has the final say on whether to act on them.

As a case in point, civil rights group Access Now said it consulted with Facebook about smart glasses it developed in partnership with Ray-Ban. Nevertheless, Facebook ignored the group’s top recommendation, which was to prioritise “alerting bystanders that they are being recorded” by the glasses. The small white light on the rim of the glasses that activates during video recording was easy to miss. Facebook rejected this concern. 

So far, we just have Zuckerberg’s word that his company will develop his metaverse with privacy, security, and other important values in mind. However, if Zuckerberg ends up making his vision of the metaverse a reality, he’ll have the final say on what actually gets prioritised. History, of course, reveals that data privacy may not be on the top of his priority list. 

Still, Zuckerberg’s metaverse isn’t something that we’re going to be able to use anytime soon. It will take 10 to 15 years for it to become anything like the vision that Zuckerberg has. In the meantime, we need to become as closely acquainted as we can with the related privacy and security concerns, so we can decide whether we want to join his (or anyone else’s) metaverse.

Leave a Reply