See all Intelligent Security Summit on-demand sessions here.
new paper from University of California, Berkeley It became clear that without innovative new safeguards to protect users, privacy might not be possible in the metaverse.
Recently released, led by graduate researcher Vivek Nair study Conducted at the Responsible Decentralized Intelligence Center (RDI), which contained the largest dataset of user interactions in virtual reality (VR) ever analyzed for privacy risk.
What makes the results so surprising is that there is actually very little data needed to uniquely identify a user in the metaverse, and true anonymity can be lost in virtual worlds. .
Simple motion data not so simple
By way of background, most researchers and policy makers working with metaverse privacy It focuses on the many cameras and microphones of modern VR headsets to capture detailed information about a user’s facial features, voice quality, and eye movements, as well as surrounding information about the user’s home or office.
Some researchers worry about new technologies such as EEG sensors that can detect unique brain activity through the scalp. These rich data streams pose significant privacy risks in the metaverse, but turning them all off may not provide anonymity.
This is because only the most basic data stream (simple motion data) required to interact with the virtual world can uniquely identify a user among many.
And by “simple motion data” I mean the three most basic data points tracked by the virtual reality system. 1 point for the user’s head and 1 point for each hand. Researchers often refer to this as “telemetry data” and it represents the minimal set of data necessary to allow users to interact naturally in a virtual environment.
Uniquely identified in seconds
this leads me to something new Berkeley Research, “Unique identification of over 50,000 virtual reality users from head and hand movement dataThe study analyzed over 2.5 million VR data recordings (fully anonymized) recorded from over 50,000 players in the popular Beat Saber app, using just 100 seconds of motion data, 94% We have found that we can uniquely identify individual users with greater accuracy.
Even more amazing, we were able to uniquely identify half of all users with just 2 seconds of motion data. Achieving this level of accuracy required innovative AI techniques, and again, the data used was very sparse. Only three spatial points were tracked for each user over time.
In other words, every time a user puts on a mixed reality headset, grabs two standard hand controllers, and initiates an interaction in a virtual or augmented world, it leaves behind a digital fingerprint trail that can uniquely identify the user. Of course, this begs the question: How do these digital fingerprints compare to actual, real-world fingerprints in their ability to uniquely identify a user?
If you ask a passer-by, they will answer. no two fingerprints The world is the same. This may or may not be true, but honestly it doesn’t matter. What matters is how accurately an individual can be identified from fingerprints left at a crime scene or entered into a fingerprint scanner. It turns out that fingerprints, whether taken from a physical location or captured by a mobile phone scanner, are not as uniquely identifiable as most people assume.
Consider the act of placing your finger on the scanner. According to the National Institute of Standards and Technology (NIST) A desirable benchmark for fingerprint scanners is a unique match with an accuracy of 1 in 100,000.
However, the real world Tested by NIST and others true precision Most fingerprint devices can be less than 1 in 1,500. Still, it’s highly unlikely that a criminal who stole your phone would be able to use your finger to access it.
On the other hand, Berkeley research shows that when a VR user waves a virtual saber at a flying object, the motion data left by the user may be more uniquely identifiable than their actual real-world fingerprints. Suggested.
This poses a very serious privacy risk as you may lose your anonymity in the metaverse. Furthermore, using this same motion data, make an accurate guess A number of certain personal characteristics about the user, such as height, handedness, and gender.
and when combined Other data This motion-based fingerprinting method, commonly tracked in virtual and augmented environments, has the potential to produce even more accurate identifications.
We asked Nair to comment on the accuracy of traditional fingerprints above compared to using motion data as a “digital fingerprint” in virtual and augmented environments.
He explains the danger as follows: But unlike web browsing, which doesn’t require you to share your fingerprints, streaming motion data is a fundamental part of how the metaverse works today. “
To understand how dangerous motion-based fingerprinting can be, consider the near-future metaverse. We live in an era where users routinely shop in virtual and augmented worlds.Whether to browse products at virtual store When using mixed reality eyewear to visualize what new furniture will look like in a real apartment, users can grab virtual objects from virtual shelves or take a few steps back to get a closer look at virtual furniture. You may perform common body movements, such as
Berkeley research suggests that these common movements may be as unique to each of us as our fingerprints. , meaning that casual shoppers cannot visit a virtual store without being able to uniquely identify it.
So how do we solve this inherent privacy problem?
One approach is motion data before being streamed from the user’s hardware to an external server. Unfortunately, this means introducing noise. While this may protect user privacy, it also reduces the accuracy of dexterous body movements, resulting in poor user performance in Beat Saber and other applications that require physical strength. For many users the tradeoff may not be worth it.
Another approach is to enact wise regulation This prevents the Metaverse platform from storing and analyzing human movement data over time. Such regulations help protect the public, but are difficult to enforce and can face backlash from the industry.
For these reasons, Berkeley researchers are researching sophisticated defensive techniques in hopes of masking the inherent characteristics of physical movement without impairing dexterity in virtual and augmented worlds. I’m here.
as an outspoken supporter consumer protection The metaverse strongly encourages parallel exploration of all approaches, including both technical and policy solutions.
Protecting individual privacy is important not only to users, but to the industry as a whole. After all, if users don’t feel safe in the metaverse, they may be reluctant to make virtual or augmented environments an integral part of their digital lives.
Dr. Louis Rosenberg CEO of Unanimous AI, Chief Scientist of Responsible Metaverse Alliance and Global Technology Advisor of XRSI. Rosenberg is an advisor to the team that conducted the above Berkeley research.
data decision maker
Welcome to the VentureBeat Community!
DataDecisionMakers is a place for data professionals, including technologists, to share data-related insights and innovations.
Join DataDecisionMakers for cutting-edge ideas, updates, best practices, and the future of data and data technology.
You might consider contributing your own article!
Read more about DataDecisionMakers