New study reveals motion data can identify people in VR; what are the implications for the metaverse?
The metaverse could be a big opportunity for edge computing vendors — but it is also a big privacy minefield to navigate. A new study has revealed that the movements of an individual’s head and hands in a virtual reality (VR) application can identify them uniquely. The ability of companies to store and sell services based on game play has big implications for privacy rights for consumers, but also for employees who are using VR for activities such as corporate-sponsored training.
The study, led by graduate researcher Vivek Nair at the University of California Berkeley and conducted at the Center for Responsible Decentralized Intelligence (RDI), examined data collected from tens of thousands of users who use the VR application Beat Saber. Over the past few years, Beat Saber has become a widely popular VR rhythm game. In 2019, its developer, Beat Games, was acquired by Meta.
The findings show that many VR users can be uniquely identified across multiple sessions using their head and hand motion relative to virtual objects. With 5 minutes of data per person, the user can be uniquely identified with 94.33 percent accuracy from 100 seconds of motion and 73.20 percent accuracy from 10 seconds of movement, demonstrating the extent to which biomechanics can act as a unique identifier in VR, comparable to more widely used biometric modalities such as facial and fingerprint recognition.
“This work is the first to truly demonstrate the extent to which biomechanics may serve as a unique identifier in VR, on par with widely used biometrics such as facial or fingerprint recognition,” states Kavya Pearlman, the founder and CEO of the XR Safety Initiative, a non-profit that promotes privacy, security, ethics and develop standards for Virtual and Augmented Reality.
The study has implications for the security and privacy of virtual reality applications, which rely heavily on simple motion or telemetry data. The data collected from these platforms could reveal sensitive information about users. For example, the information can potentially identify people and lead to a whole new type of privacy violation.
The researchers also explored general applications of their findings for VR gaming, including advanced cheating detection, score prediction, skill-based matchmaking and map recommendation engines. Going forward, the researchers believe developing defensive technologies that can protect user privacy while preserving VR applications’ utility will be essential.
“Moving around in a virtual world while streaming basic motion data would be like browsing the internet while sharing your fingerprints with every website you visit, explains the study’s lead researcher, Vivek Nair, via VentureBeat. “However, unlike web-browsing, which does not require anyone to share their fingerprints, the streaming of motion data is a fundamental part of how the metaverse currently works.”
Analysis
Meta, Microsoft and many other companies are interested in enterprise applications for AR/VR technology such as remote customer support/field tech, training, worker safety and more. The legal implications of the report should cause developers in this industry to thoroughly evaluate how their applications handle data — before lawsuits and breaches damage trust and put the brakes on customer adoption.
IDC predicts edge computing investments to reach $317 billion by 2026
Article Topics
AR/VR | biometric | Industry 4.0 | Meta | Microsoft | privacy | regulation
Comments