ABSTRACT
Extended Reality (XR) — an umbrella term for Augmented Reality (AR), Virtual Reality (VR) and Mixed Reality (MR) — has penetrated the consumer market and is prone to increasingly impact our lives in the near future. Various devices, e.g., MR glasses, AR smartphones apps, or VR headsets, are becoming more affordable, and leader tech companies are heavily investing for a more immersive, realistic, and connected future. Lately, this vision of an interconnected virtual space for people to work, learn, play and share experiences with others has been formulated as the so-called “Metaverse”. This expected paradigm shift will heavily rely on XR, and hence implies an unprecedented amount of sensible data being collected about the users. Indeed, XR devices collect large amounts of sensitive data, including biometric data (e.g., eye gaze and body movement data) that are primarily used as Natural User Interfaces (NUIs) or for the proper functioning of technologies and services. However, research has identified a number of privacy and security threats rooting from this pervasive data collection, as well as privacy threats regarding XR inputs, outputs, user interactions and devices themselves. Still, further efforts must be made to guarantee the privacy and safety of users in a usable fashion in the future, and XR must be considered as a whole rather than as the sum of its parts to match the vision of the Metaverse. In this context, we propose to analyse the gap between user privacy perceptions in XR as a whole, and their concrete behaviour. The goal of this research is to understand the differences and similarities between AR, MR and VR in terms of user privacy perceptions. This will help us to better understand the relationships between XR variants, which, we argue, is an important requirement to approach the future evolution of these technologies, and to consider usable privacy aspects that match the entire XR spectrum. Adopting this vision early on will be beneficial for future work, and will be the foundation for the implementation of a usable privacy-preserving solution in order to raise awareness and empower users by giving them more control over their privacy in the context of these new and future technologies.
- Devon Adams, Alseny Bah, Catherine Barwulor, Nureli Musaby, Kadeem Pitkin, and Elissa M. Redmiles. 2018. Ethics Emerging: the Story of Privacy and Security Perceptions in Virtual Reality. In Proc. of the 14th USENIX Symposium on Usable Privacy and Security (SOUPS).Google Scholar
- Android. 2022. Permissions on Android. Online: https://developer.android.com/guide/topics/permissions/overview(accessed in 6.22).Google Scholar
- Apple. 2022. ARKit 6 – Augmented Reality – Apple Developer. Online: https://developer.apple.com/augmented-reality/arkit/ (accessed in 6.22).Google Scholar
- France Bélanger and Robert E Crossler. 2011. Privacy in the Digital Age: a Review of Information Privacy Research in Information Systems. MIS quarterly (2011), 1017–1041.Google Scholar
- Laura Brandimarte, Alessandro Acquisti, and George Loewenstein. 2013. Misplaced Confidences: Privacy and the Control Paradox. Social Psychological and Personality Science (2013).Google ScholarCross Ref
- John Brooke. 1996. SUS: A “Quick and Dirty” Usability Scale. Usability Evaluation in Industry(1996).Google Scholar
- Loris D’Antoni, Alan Dunn, Suman Jana, Tadayoshi Kohno, Benjamin Livshits, David Molnar, Alexander Moshchuk, Eyal Ofek, Franziska Roesner, Scott Saponas, Margus Veanes, and Helen J. Wang. 2013. Operating System Support for Augmented Reality Applications. In Proc. of the 14th Workshop on Hot Topics in Operating Systems (HotOS XIV).Google Scholar
- Brendan David-John, Diane Hosfelt, Kevin Butler, and Eakta Jain. 2021. A Privacy-preserving Approach to Streaming Eye-tracking Data. IEEE Transactions on Visualization and Computer Graphics (2021).Google ScholarCross Ref
- Jaybie A. de Guzman, Aruna Seneviratne, and Kanchana Thilakarathna. 2021. Unravelling Spatial Privacy Risks of Mobile Mixed Reality Data. Proc. of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT) (2021).Google ScholarDigital Library
- Jaybie A. de Guzman, Kanchana Thilakarathna, and Aruna Seneviratne. 2019. A First Look into Privacy Leakage in 3D Mixed Reality Data. In Proc. of the 24th European Symposium on Research in Computer Security (ESORICS).Google ScholarDigital Library
- Jaybie A De Guzman, Kanchana Thilakarathna, and Aruna Seneviratne. 2019. Security and Privacy Approaches in Mixed Reality: A Literature Survey. ACM Computing Surveys (CSUR)(2019).Google Scholar
- Decentraland. 2022. Welcome to Decentraland. Online: https://decentraland.org/(accessed in 6.22).Google Scholar
- Tamara Denning, Zakariya Dehlawi, and Tadayoshi Kohno. 2014. In Situ with Bystanders of Augmented Reality Glasses: Perspectives on Recording and Privacy-Mediating Technologies. In Proc. of the 33th SIGCHI Conference on Human Factors in Computing Systems (CHI).Google ScholarDigital Library
- Ben Egliston and Marcus Carter. 2021. Critical Questions for Facebook’s Virtual Reality: Data, Power and the Metaverse. Internet Policy Review(2021).Google Scholar
- Facebook. 2022. What is Two-factor Authentication and how does it Work on Facebook?Online: https://www.facebook.com/help/148233965247823/ (accessed in 6.22).Google Scholar
- Google. 2022. ARCore. Online: https://developers.google.com/ar(accessed in 6.22).Google Scholar
- Google. 2022. Google Play Services for AR. Online: https://play.google.com/store/apps/details?id=com.google.ar.core(accessed in 6.22).Google Scholar
- David Harborth, Majid Hatamian, Welderufael B Tesfay, and Kai Rannenberg. 2019. A Two-pillar Approach to Analyze the Privacy Policies and Resource Access Behaviors of Mobile Augmented Reality applications. In Proc. of the 52nd Hawaii International Conference on System Sciences (HICSS).Google ScholarCross Ref
- Jakob Nielsen. 2012. Usability 101: Introduction to Usability. Online: https://www.nngroup.com/articles/usability-101-introduction-to-usability/(accessed in 6.22).Google Scholar
- Suman Jana, David Molnar, Alexander Moshchuk, Alan Dunn, Benjamin Livshits, Helen J. Wang, and Eyal Ofek. 2013. Enabling Fine-Grained Permissions for Augmented Reality Applications with Recognizers. In Proc. of the 22nd USENIX Security Symposium (USENIX Security).Google Scholar
- Kiron Lebeck, Kimberly Ruth, Tadayoshi Kohno, and Franziska Roesner. 2017. Securing Augmented Reality Output. In Proc. of the 37th IEEE Symposium on Security and Privacy (S&P).Google ScholarCross Ref
- Kiron Lebeck, Kimberly Ruth, Tadayoshi Kohno, and Franziska Roesner. 2018. Towards Security and Privacy for Multi-user Augmented Reality: Foundations with End users. In Proc. of the 38th IEEE Symposium on Security and Privacy (S&P).Google ScholarCross Ref
- Sarah M Lehman, Abrar S Alrumayh, Haibin Ling, and Chiu C Tan. 2020. Stealthy Privacy Attacks against Mobile AR Apps. In Proc. of the 8th IEEE Conference on Communications and Network Security (CNS).Google ScholarCross Ref
- Jonathan Liebers, Mark Abdelaziz, Lukas Mecke, Alia Saad, Jonas Auda, Uwe Gruenefeld, Florian Alt, and Stefan Schneegass. 2021. Understanding User Identification in Virtual Reality Through Behavioral Biometrics and the Effect of Body Normalization. In Proc. of the 40th SIGCHI Conference on Human Factors in Computing Systems (CHI).Google ScholarDigital Library
- Hongbin Liu, Jinyuan Jia, and Neil Zhenqiang Gong. 2021. PointGuard: Provably Robust 3D Point Cloud Classification. In Proc. of the 34th IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).Google ScholarCross Ref
- Mark Roman Miller, Fernanda Herrera, Hanseul Jun, James A Landay, and Jeremy N Bailenson. 2020. Personal Identifiability of User Tracking Data During Observation of 360-degree VR Video. Scientific Reports (2020).Google Scholar
- Stylianos Mystakidis. 2022. Metaverse. Encyclopedia (2022).Google Scholar
- Cathy O’Neil. 2016. Weapons of Math Destruction: How Big Data Increases Inequality and Threatens Democracy. Broadway Books.Google ScholarDigital Library
- Caroline Criado Perez. 2019. Invisible Women: Data Bias in a World Designed for Men. Abrams.Google Scholar
- Financial Post. 2022. Facebook Patents Reveal how it Intends to Cash in on Metaverse. Online: https://financialpost.com/fp-finance/facebook-patents-reveal-how-it-intends-to-cash-in-on-metaverse(accessed in 6.22).Google Scholar
- Christian Reuter, Luigi Lo Iacono, and Alexander Benlian. 2022. A Quarter Century of Usable Security and Privacy Research: Transparency, Tailorability, and the Road Ahead. Behaviour & Information Technology(2022).Google Scholar
- Franziska Roesner and Tadayoshi Kohno. 2021. Security and Privacy for Augmented Reality: Our 10-Year Retrospective. In Proc. of the 1st International Workshop on Security for XR and XR for Security (VR4Sec).Google Scholar
- Franziska Roesner, Tadayoshi Kohno, and David Molnar. 2014. Security and Privacy for Augmented Reality Systems. Commun. ACM (2014).Google Scholar
- Ruth, Kimberly and Kohno, Tadayoshi and Roesner, Franziska. 2019. Secure Multi-User Content Sharing for Augmented Reality Applications. In Proc. of the 28th USENIX Security Symposium (USENIX Security).Google Scholar
- H Jeff Smith, Tamara Dinev, and Heng Xu. 2011. Information Privacy Research: an Interdisciplinary Review. MIS quarterly (2011), 989–1015.Google Scholar
- Statista. 2021. Augmented (AR), Virtual Reality (VR), and Mixed reality (MR) market size 2021-2024. Online: https://www.statista.com/study/29689/virtual-reality-vr-statista-dossier/(accessed in 6.22).Google Scholar
- Statistica. 2022. Extended reality (XR): AR, VR, and MR in the United States. Online: https://www.statista.com/study/86679/extended-reality-xr-ar-vr-and-mr-in-the-us/(accessed in 6.22).Google Scholar
- Julian Steil, Inken Hagestedt, Michael Xuelin Huang, and Andreas Bulling. 2019. Privacy-Aware Eye Tracking Using Differential Privacy. In Proc. of the 11th ACM Symposium on Eye Tracking Research & Applications (ETRA).Google ScholarDigital Library
- Road To VR. 2019. Analysis: Monthly-connected VR Headsets on Steam Pass 1 Million Milestone. Online: https://www.roadtovr.com/monthly-connected-vr-headsets-steam-1-million-milestone/(accessed in 6.22).Google Scholar
- Sara Wachter-Boettcher. 2017. Technically Wrong: Sexist Apps, biased Algorithms, and other Threats of Toxic Tech. WW Norton & Company.Google ScholarDigital Library
- Katrin Wolf, Karola Marky, and Markus Funk. 2018. We should start thinking about Privacy Implications of Sonic Input in Everyday Augmented Reality!. In Proc. of the 17th GI Conference on Mensch und Computer.Google Scholar
- Richmond Y Wong and Deirdre K Mulligan. 2019. Bringing Design to the Privacy Table: Broadening “Design” in “Privacy by Design” Through the Lens of HCI. In Proc. of the 38th SIGCHI Conference on Human Factors in Computing Systems (CHI).Google ScholarDigital Library
- XR Safety Initiative. 2020. The XRSI Privacy Framework. Online: https://xrsi.org/publication/the-xrsi-privacy-framework (accessed in 6.22).Google Scholar
- Rui Zhang, Rui Xue, and Ling Liu. 2019. Security and Privacy on Blockchain. ACM Computing Surveys (CSUR)(2019).Google Scholar
Index Terms
- Vision: Usable Privacy for XR in the Era of the Metaverse
Recommendations
Regulation of the Metaverse: A Roadmap: The risks and regulatory solutions for largescale consumer platforms.
ICVARS '22: Proceedings of the 6th International Conference on Virtual and Augmented Reality SimulationsOver the last thirty years, virtual reality (VR) and augmented reality (AR) technologies have steadily advanced, enabling high-fidelity experiences at consumer prices. Over the same period, network speeds have risen dramatically. Combined, such ...
Regulating the Metaverse, a Blueprint for the Future
Extended RealityAbstractThe core Immersive Media (IM) technologies of Virtual Reality (VR) and Augmented Reality (AR) have steadily advanced over the last thirty years, enabling high fidelity experiences at consumer prices. Over the same period, networking speeds have ...
What is XR? Towards a Framework for Augmented and Virtual Reality
AbstractAugmented Reality (AR), Virtual Reality (VR), Mixed Reality, and Extended Reality (often – misleadingly – abbreviated as XR) are commonly used terms to describe how technologies generate or modify reality. However, academics and ...
Highlights- XR should not be used as an abbreviation for “Extended Reality”; X should be the placeholder for “all” new reality formats.
Comments