Head and hand movement data collected from virtual reality (VR) headsets can be as effective in identifying individuals as fingerprints or face scans, and can be used to interact in immersive virtual environments. Research studies show that user privacy can be compromised.

Two recent studies by researchers at the University of California, Berkeley, show how data collected by VR headsets can be used to identify individuals with a high level of accuracy, including height, weight, Many personal attributes such as age, gender, etc. can be revealed.According to some, even marital status Bloomberg report Thursday.

Demand for VR headsets has increased significantly in recent years as increasingly powerful devices become available at lower prices. Sales of VR and augmented reality (AR) headsets are expected to reach 10 million this year and reach 25 million by 2026, according to IDC analysts.

Despite backlash against the so-called metaverse concept, tech giants like Meta, Apple, and HTC continue to invest tens of billions of dollars each year in developing VR and AR devices to drive mainstream adoption. .

The device contains various cameras and sensors that can track body, eye and facial movements. These serve as inputs for VR software applications, allowing users to interact with the virtual environment. Although data is processed on the device, it can also be shared to external servers, software applications such as games, and virtual meeting platforms, leading to the risk of personal data exposure.

Data Movement and Unique Identifiers

a studyThe paper, published in February by authors at the University of California, Berkeley, looked at how motion data generated by VR devices could be used to “uniquely identify” anonymous users.

This study included data collected from over 55,000 user accounts. beat saberis a popular rhythm-based VR game that has sold millions since its launch. The researchers used machine learning algorithms to analyze public data from his 2.5 million game recordings, using just 100 seconds of head and hand movement data to identify an individual from a pool of 50,000 people. was able to identify with his 94% accuracy.

It’s been known for decades that motion data can be used to identify individuals, but researchers at the University of California, Berkeley claim this is the first study to show the scale of the threat to privacy. are doing. Increasing popularity of VR headsets and games beat saber The researchers said they were able to provide access to much larger datasets than previous studies that relied on much smaller groups of participants. 2020 Survey.

“This study is the first to truly demonstrate how well biomechanics can act as unique identifiers in VR, comparable to widely used biometrics such as facial and fingerprint recognition,” said the research paper. is stated.

The difference is that facial and fingerprint recognition is not required to access existing Internet services, the researchers note in their paper. PDF document While relevant for research, motion data is a “fundamental part” of how AR and VR devices work and is shared with “various parties to enable Metaverse experiences.” is needed.

another studyThe survey, published in June, asked more than 1,000 participants to answer a range of questions on 50 demographics, including personal background, demographics, behavioral patterns and health information. As a result, machine learning and deep learning algorithms beat saber players.

The aim of the study was to demonstrate that “a variety of personal and privacy-sensitive variables can be inferred from head and hand movements,” the researchers said. The findings should help highlight the “urgent need for privacy-preserving mechanisms in multi-user VR applications.”

While many are accustomed to data collection on existing internet platforms, privacy concerns in immersive virtual environments are largely unrecognized and the available tools to maintain anonymity are scarce. Researchers argue that there are

VR privacy is a priority for tech companies

Privacy challenges are nothing new, but AR/VR devices and virtual environments are pushing the boundaries.

“As we have seen, the rise of digitization has created new risks of identity theft,” said Tuong Nguyen, Director Analyst at Gartner. In addition to creating customized experiences for users, data from VR headsets “can also be reconstructed into behavioral profiles, another vector of highly detailed personal information,” Nguyen said. I’m here.

“VR headsets are inherently intimate because they are placed on the user’s face,” said CCS Insight analyst Leo Geby. Increasingly sophisticated devices “can now see what the user sees thanks to an external camera and can track the user’s movements and actions thanks to an array of sensors,” he said. “This clearly raises questions about user data and privacy as it is arguably the most invasive wearable technology we have seen so far.”

As adoption continues, VR headset vendors are already grappling with privacy concerns. This includes “limiting the amount of biometric data available to third-party applications, processing and retaining additional tracking data on the device, and anonymizing and aggregating shared data.” ,” Nguyen said.

User privacy issues will become “very important” for the VR industry, Gebbie said. “We are already seeing companies step up their efforts to stay ahead of concerns here.”

Gebbie mentioned Apple’s upcoming Vision Pro headset, which includes 12 cameras, 5 sensors and 6 microphones, but “to reduce user anxiety, eye tracking Sensitive user data such as iris scans and iris scans are kept fully encrypted on the device.”

“We expect this to be a more important area of ​​focus for rivals like Meta, who will also be keen to show they respect their users’ privacy,” he said. said.

In a recent interview, the product lead for Meta’s Horizon Workrooms platform discussed the company’s commitment to user privacy on premium Quest Pro devices.

Employee privacy at work is also a concern

In recent years, various VR headset vendors have shifted their attention to enterprise use cases, where adoption remains low. While business use so far has focused on employee training and remote assistance, vendors hope VR will eventually be used for workplace collaboration and productivity as well.

Data privacy concerns can lead to employee resistance, Gebbie said. “Employees may feel that VR headsets are an invasion of privacy. There may be resistance to,” he said.

The ability to identify individuals through motion tracking data can pose various problems. For example, it can prevent the separation of work and personal profiles, said researchers at the University of California, Berkeley.

“Think of celebrities who regularly use VR systems with their corporate credentials to hold meetings or to do professional work. Log on with a different account to play multiplayer VR games (may not behave in the most professional way) and later in the evening use the third account for adult VR experiences.” researchers said.

“Most people in a situation like this would rightly want their service providers to not be able to tie these accounts together. groups) can also quickly link all these accounts.”

Smartphone and cloud service users have shown a surprising willingness to trade privacy for convenience. The same may be true for VR.

“In the past, employees may have been reluctant to bring their smartphones to work because the devices also have cameras and microphones, making it easier to stay in touch even after hours. It’s slowly become normal,” Gebbie said. “VR could follow a similar path. There may be some resistance at first, but it will ease over time.”

From a business perspective, the data privacy risks have so far been limited given the slow adoption of VR by enterprises so far. “The use of VR in the enterprise is still in its infancy,” Nguyen said. “There are both privacy and security concerns, but the small scale at the moment mitigates some of the potential risks.”

As an example, it means a different level of risk compared to deploying six smartphones across the company, he said.

“Both have risks, but the magnitude of change in the latter increases the risks significantly in a non-linear fashion,” he said.