Mark Zuckerberg’s unveiling of Metaverse, a virtual reality (VR) environment created by Meta (previously Facebook), has garnered a lot of attention. Zuckerberg’s rebranding of Facebook as Meta signals its aim to build a new version of the internet, one based on people interacting with each other via VR headsets.
What is the Metaverse?
The Metaverse is where the physical and digital worlds meet. It is a space where avatars (digital representations of people) can interact at work or for fun, such as meeting in the office or going to concerts. You will be able to enter this virtual reality by using Facebook’s Oculus VR headsets. Another feature of the Metaverse is augmented reality (AR), where elements of the digital world are layered on top of reality.
Facebook is already running a professional version of the Metaverse called Horizon Workrooms. This is an app that lets Oculus-wearing workers enter virtual offices and hold meetings. Nick Clegg, former UK Deputy Prime Minister and Vice President of Global Affairs at Meta, holds team meetings in the office Metaverse, accompanied by a virtual table and whiteboard.
Clegg has stated that the Metaverse would be a series of interlinked worlds. So you could move seamlessly from Facebook’s world to Google’s, for example.
The science-fiction writer Neal Stephenson coined the term metaverse in his novel Snow Crash. The protagonist in the story, Hiro, spends a lot of his time in a computer-generated universe called the Metaverse. Zuckerberg wants us to do the same, in the virtual world he’s created.
People have found the promotional videos for the Metaverse odd and cringeworthy. But that’s not the most important criticism of Zuckerberg’s latest enterprise. There are several privacy and security concerns relating to the Metaverse that have also been highlighted.
Privacy Concerns Related to the Metaverse
Facebook has a long and extensive timeline of privacy-related issues, and the way Metaverse is designed means that Meta will likely continue to face criticisms about what happens to users’ data.
Once you are plugged into the Metaverse, an advertiser could target not just data like your age and gender but also your body language, physiological responses, biometric information, and who you interact with and how.
Users are not really on board, though, with adverts inserted into games. When Facebook carried out advert testing in a VR game called Blaston, players told the developers, “We don’t want this”. The ad tracking side of things was non-invasive, but the adverts still noticeably stuck out.
It should be mentioned, however, that ad tracking will be more prominent in the Metaverse, with all of your moves tracked, so you can be better targeted with ads. Experts have said that Meta will find more ways to follow you than Facebook did. Indeed, as the Facebook whistleblower Frances Haugen points out, joining the Metaverse will result in “many, many more sensors in our homes and our workplaces.” She adds that “these immersive environments are extremely addictive and they encourage people to unplug from the reality we actually live.” This will certainly impact the collection of our personal data and hence our privacy.
During his keynote address at Facebook Connect on October 28, 2021, Zuckerberg demonstrated how Meta’s Cambria prototype headset can track your eyes and face. By doing so, it could determine how long you look at a digital billboard while walking down a virtual street in the Metaverse. Through its face-tracking abilities, the headset can track your emotions, revealing again what you’re most interested in. The company may also find out how often you visit a virtual location.
Mark Skwarek, industry associate professor at NYU’s Tandon School of Engineering, points out, “If you’re doing an augmented experience or a virtual experience, you could be collecting data on that user constantly. You’ll be able to predict what people think.” AI and machine learning also increase Meta’s ability to harvest vast quantities of data. So, our online behaviour may be tracked even more aggressively if we use the Metaverse, which is a serious privacy concern.
Facebook already has a reputation for tracking its users and then serving ads for items you want to buy. The company understands you so well that it can predict what you’re likely to be interested in. This is why you’ll see an ad for something you are convinced you never searched for online, which you may only have only mentioned to a friend in passing. Meta will be able to achieve this even more effectively with data it collects from the Metaverse.
In the Metaverse, ads could appear in virtual stadiums on giant signs or on billboards you see while exploring a virtual environment.
In 2018, researchers revealed that it was possible to view information of users of a pornography-based VR app, including email addresses, device names, and download details for anyone who paid for the service using PaPal. When using the Metaverse, it is possible that all kinds of other personal information could be revealed.
You may be interacting with a virtual or augmented world via a headset or mobile, but your data is still going somewhere other than the headset you’re wearing. This has led to concerns about potential data breaches. If Meta allows for third-party apps at some point, then we need to know what security measures will be implemented to protect user data, as well as screen for malicious or insecure apps.
Zuckerberg has stated that a “killer use case” of the Metaverse is wearing AR glasses when you are interacting with people in real life, so you can continue to text message people without people in real life noticing.
However, AR glasses have the potential to invade people’s privacy in all sorts of ways, such as by wearing them in public restrooms, when eating at restaurants surrounded by other people, and at the movies, where you could have the ability to covertly record the film.
AR glasses, as well as a headset, could also serve as both camera and microphone inside of homes. This could expose a great deal of private information to Meta. More advanced VR systems could combine this with heart and respiration rates, and physical movements and dimensions. Meta could then use this information for individual identification and tracking.
Criminals Could Capitalise on the Metaverse:
The social aspect of Metaverse means that people you know can come out and join you at your digital place – at your home inside the VR space. The privacy and security concern here relates to the possibility that these spaces won’t be private and inaccessible to strangers. If cybercriminals could gain access to your space, they might be able to steal sensitive information.
It is possible that people will scan portions of their homes and insert them into Metaverse spaces. The danger here is that we’ll be making scale models, which cybercriminals could exploit. Also, what if you’re able to make the outside of your home resemble the real thing, as well as your whole street via public map databases?
The result will be a digital replica of your life that strangers can visit. A threat actor may keep an eye on your social media feeds until you say you’re on holiday. Then, they can commit burglary, using your Metaverse digital space to find out where you live and your floor plan.
The Problem With Companies Using the Metaverse:
Horizon Workrooms, which provides immersive mixed reality business meetings, could threaten the privacy of employees. Haugen has warned that people could be forced to participate in these kinds of meetings or lose their jobs. As she stresses, “If your employer decides they’re now a metaverse company, you have to give out way more personal data to a company that’s demonstrated that it lies whenever it is in its best interests.”
One notable challenge will be working out which country’s laws apply in Metaverse’s digital spaces. Moreover, managing data consents could quickly become unwieldy, with users moving through complex worlds that involve multiple organizations.
Meta Has Privacy Safeguards, But We Should Be Cautious
Andrew Bosworth, Vice President at Facebook Reality Labs, and Nick Clegg claimed in a blog post that the Metaverse will be built responsibly. They state, “The metaverse won’t be built overnight by a single company. We’ll collaborate with policymakers, experts and industry partners to bring this to life.” Meta tells us it will work with the human rights and civil rights communities from the start, to make sure that technologies are “built in a way that’s inclusive and empowering.”
The company has also announced that it is investing $50m in global research and program patterns to ensure that its products are developed responsibly. Haugen, however, is sceptical about Meta’s ability to protect users’ privacy. Even though privacy experts may be able to make recommendations to Meta, Zuckerberg ultimately has the final say on whether to act on them.
As a case in point, civil rights group Access Now said it consulted with Facebook about smart glasses it developed in partnership with Ray-Ban. However, Facebook ignored the group’s top recommendation, which was to prioritise “alerting bystanders that they are being recorded” by the glasses. The small white light on the rim of the glasses that activates during video recording was easy to miss. Facebook rejected this concern.
So far, we just have Zuckerberg’s word that his company will develop the Metaverse with privacy, security, and other important values in mind. However, if Zuckerberg ends up creating the Metaverse, he’ll have the final say on what actually gets prioritised. History, of course, reveals that data privacy may not be on the top of his priority list.
Still, the Metaverse isn’t something that we’re going to be able to use anytime soon. It will take 10 to 15 years for it to become anything like the vision that Zuckerberg has. In the meantime, we need to become as closely acquainted as we can with its privacy and security concerns, so we can decide whether we want to join the Metaverse.