Imagine for a moment wanting to spend time in what Meta solipsistically calls the Metaverse, a keiretsu of interactive cartoon panoramas fueled by commercial surveillance and solicitation.
That’s no small feat, especially for those who shy away from the cynical pension-making foundation that supports virtual reality, or if you’re old enough to remember the unfulfilled hype of 3D worlds and avatars two decades ago when Second Life was sold snowfall‘s dystopia as a social and commercial revolution.
But you might want to see for yourself what prompted Meta to invest $10 billion last year and billions more this year to create a walled garden that has been described as “eye-poppingly ugly” and “a computer game developed in 1997.” (Spoilers: It was Apple’s kneecap for its advertising business and privacy practices, but don’t let that put you off your VR tour.)
The Metaverse is generally intended to be a collection of bespoke, interconnected and immersive virtual reality worlds where people shop, work and play. This is what Meta CEO Mark Zuckerberg has so far spent a small nation’s GDP on implementing his internet empire:
Looks great! pic.twitter.com/aFFcvLv4ES
— james hennessy (@jrhennessy) August 16, 2022
Vivek Nair (UC Berkeley), Gonzalo Munilla Garrido (Technical University of Munich) and Dawn Song (UC Berkeley) admit that virtual reality, telepresence applications and whatever is meant by the metaverse strive to be the next big way of interaction the world to become Internet. And they warned against it the impact on privacy of collective conferences with glasses.
Not only that, researchers have also proposed a defense against the dork arts, MetaGuard.
In an article circulated via ArXiv, the trio describe MetaGuard as an “incognito mode” for VR.
MetaGuard clearly undercuts that. Incognito mode is largely misunderstood because their name makes a promise that the technology doesn’t deliver, just like Tesla’s Autopilot or Full Self-Driving technology, which are at best supportive tools and are incapable of sustainable automated driving.
Incognito mode is a browser privacy option that prevents browsing activity from being stored locally within the browser client. It does not prevent browsing activity from being saved on the visited web server, although it does somewhat separate browsing sessions so that over time they are not directly connected via cookies. Incognito mode does not hide any identifying information from the websites you visit; it’s not an anonymity tool like Tor.
Our “incognito mode” defenses aim to prevent attackers from tracking VR users across sessions in the metaverse
MetaGuard strives to be something similar AdNauseum, a web data obfuscation extension, for the Metaverse. However, this name is not so much a political statement.
In their previous article, “Exploring the Unprecedented Privacy Risks of the Metaverse,” Nair, Munilla Garrido, and Song examined the vast amount of personal data available to Metaverse companies. This includes anthropometric (e.g. response time), environmental (e.g. geolocation), technical (e.g. device model), demographic and identity data, all of which flow into Metaverse providers and those connected to the VR worlds are. It’s a broader set of statistics than would be available to a web-based adversary.
The researchers’ latest publication, “Incognito in the Metaverse,” provides a possible defense against Metaverse monitoring. In its original form, MetaGuard is an open-source C# plugin for the Unity game engine, which is commonly used to create VR content.
“Our ‘incognito mode’ defenses aim to prevent attackers from tracking VR users across sessions in the metaverse,” explains their paper. “In practice, this means limiting the number of data attributes that attackers can reliably collect from users and use to infer their identity.”
In an email to The registryNair said the framing was used in “incognito mode” because it’s familiar to netizens.
“The Ultimate Goal of MetaGuard is the same as incognito mode on the Internet: to prevent users from being tracked from one session to the next,” he explained. “Even on the Internet, private browsing changes network requirements between client and server; In particular, it changes which cookies are appended to outgoing requests as HTTP headers.”
“But…MetaGuard goes a step beyond incognito mode to… contents of data sent to the server and not just the headers. So MetaGuard is the “incognito mode for VR” because it serves the same basic purpose and is just as easy to use, but the mechanism of action is actually quite different to account for the very different threats VR faces.”
Under the hood
MetaGuard relies on a technique called Differential Privacy, designed to allow individuals to share their data for statistical analysis in a way that prevents those individuals from being re-identified from that data. For MetaGuard, that means adding just enough noise to the collected metrics to prevent the information from being linked to the person who generated it.
For example, a Metaverse participant’s voice could be recorded as much as 85 Hz lower or 255 Hz higher than the actual measured frequency. And the amount of variation would be determined by the level of privacy desired: low, medium, or high. Or the geo-coordinates of this person can be changed by up to 400-500 kilometers.
“It has the potential to significantly improve the privacy of VR users, with our experiments showing over a 90 percent reduction in attack accuracy for multiple private data attributes and a 95 percent reduction in user de-anonymization,” Nair said.
The MetaGuard paper notes that its use of conflicting terminology to describe the collection of Metaverse data may not align with the widespread perception of immersive entertainment as a happy, carefree place.
“Despite the use of the terms ‘attacker’ and ‘adversary’ throughout our writing, it is likely that in practice such actions would be perfectly decent if users consented (knowingly or not) to having their data collected,” they explain researcher. “It is therefore more important than ever to give users the opportunity to protect their data purely technologically independent of guaranteed data protection regulations and to do so as easily to use as the data protection tools they have become accustomed to using on the Internet.”
While offering privacy to VR visitors may be more important than ever, that possibility seems less likely today than when the MetaGuard project began.
Some companies have already started to prevent this possibility
“Unfortunately, some companies have already started to prevent this possibility,” Nair said.
In mid-July, the researchers shared their findings on VR privacy and their work on MetaGuard with the VRChat community.
“VRChat is one of the largest Metaverse applications and we wanted to give them time to respond to our privacy concerns before going public,” Nair said. “We shared our source code for our prototype MetaGuard plugin for VRChat with them at the time.
“Just a few days later, VRChat announced its decision to ban all client mods from the platform and use DRM tools to make modding impossible,” Nair said. “As a result, VRChat is now one of the few major applications where MetaGuard cannot be used.”
Nair expressed concern that as more platforms follow VRChat’s example, it may become more difficult for those who simply must participate to assert their preference for privacy.
“Coincidentally, VRChat has its own premium subscription that includes trust and security features,” he added. “I’m concerned about setting a precedent on pay-for-privacy and think banning the use of tools like MetaGuard is a step in the wrong direction.” ®
https://www.theregister.com/2022/08/18/metaguard_promises_protection_from_metaverse/ Meet MetaGuard, an “incognito mode” for the Metaverse • The Register