As the metaverse goes mainstream, people are concerned about the rising privacy risks in an environment where reality and virtual space meet.
Metaverse is a three-dimensional universe, built on a shared virtual space that is immersive and interactive, unlike the current two-dimensional internet, built on text and videos on flat screens. It is posed to reflect the real world, thanks to the use of augmented reality (AR) and Virtual reality (VR). Notably, the metaverse does not aim to replace reality, what it aims to do is to enhance the digital space that we see today.
It would be wrong to say that Metaverse is a new concept. The word “metaverse” is borrowed from science fiction written in 1992 by Neil Stephenson. Even in today’s world, metaverse does exist, and in many forms, the closest example would be games like Fortnite.
However, as we develop and grow even closer to the concept of the metaverse, the fine line between virtual reality and the real world is going to breach, if stringent steps are not taken.
Multiple IDs, multiple metaverses
The concept of identity is presently siloed in closed metaverse systems. Current metaverse infrastructure needs the creation of different user identities on each metaverse a user wants to visit.
For instance, if you enter a Metaverse A, you will be required to create a new avatar, meaning that a new ID will be allocated to you—and when you enter into, say Metaverse B, again the same process will have to be done.
No single identity can be used in all metaverse, making it susceptible to cyber attacks. This exposes the users to risk as they have to create new identities for each metaverse they visit. While companies are working on single IDs on multiple metaverses, it still has a long way to go.
Identity theft also permeates today’s physical and digital worlds — passwords can be compromised, passports faked, and biometrics hacked. Meta was reportedly gathering biometric data, including the users’ pupil movements and body poses, to create their avatars and hyper-targeted advertisements.
Challenges, one at a time
Anonymity in the metaverse is out of the question. Every metaverse platform wants to establish a user as a human before giving them accessing the system. This would require the metaverse platforms to collect information and analyze it to conclude that a particular user is not a bot.
Given that the metaverse will provide more personal information about its users to other platforms and users, how could one keep the problem of doxxing at bay? Doxxing refers to publishing sensitive information about a user on the internet, with malicious intent.
Social engineering attacks will likely become even more convenient and powerful with user exposure in the metaverse. Spying and stalking of users could become a perpetual possibility.
The next major challenge could be ransomware attacks in the metaverse through VR devices. Cybercriminals could hack into the VR functionalities, and deceive users into revealing their personal information.
Last but not least, a woman in the metaverse claimed being sexually abused in the metaverse. While companies like Meta are addressing this serious privacy concern by introducing a tool called ‘personal boundary’ when they access the Horizon Worlds and Horizon Venues apps using their VR headsets. The tool will ensure that avatars will have to be four feet away from each other to curb incidents of virtual groping and any other abusive behaviour.
However, the same has to be implemented in other metaverses as well, as this could pose a major privacy risk in the metaverse.
Tackling risks
Metaverse could be an opportunity for a more federated, or even ‘bring-your-own-identity’ or ‘self-sovereign’ approach. Blockchain-based technology powered by non-fungible tokens (NFTs) can come to the rescue. With the power of NFTs, users can carry single IDs across different and multiple metaverses.
Undoubtedly, the metaverse is still in a nascent stage, and a lot of developments will be required. It will be important for all the companies dealing in the metaverse to establish a shared code of conduct. This involves setting trust and safety policies to avoid doxxing or spying. A community should be authorised to enforce these policies.
Notably, privacy risks can only be mitigated by ensuring that the data collected is minimal and clearly stating what kind of data has been collected from the user. Biometric and more enhanced privacy verifications. The use of headsets and eyewear will pose a threat due to the amount of data that will be collected. Steps must be taken to ensure that this data is encrypted and given out only when required.
Compliance in the metaverse is a must. If any user faces any issues in terms of harassment, or even regulatory challenges, they must be able to contact someone immediately. Troublemakers who spam, harass, or cause any trouble in the metaverse should be held liable and removed from the platform, and for all of this — a compliance strategy is required to implement consumer data rights.
Stringent privacy clauses should be designed which ensure the safety of all users, especially children. The regulation of digital currency from the hands of children prevents them from unwanted obscene virtual activities for their age.
Privacy clauses should enable users to make choices about whether they wish to give up certain data or not. Users should have the option of masking their data and configuring their own privacy settings.
With online identity being a foreseen issue better and more comprehensively verifiable identification protocols can be developed.
Lastly, a safe metaverse can’t be made alone— companies, policymakers, academia and members of civil society have to come together and have to set goals to ensure that metaverse is a safe place for everyone. It will be interesting to see what lies ahead of us, whatever it is, it will change the virtual world as we see it today.
Ankitt Gaur, Founder & CEO, EasyFi Network
A serial techpreneur, author and blockchain technology expert, Ankitt Gaur, is currently the Founder & CEO of EasyFi Network – a universal Layer 2 DeFi lending protocol built for public blockchains. With more than 17 years experience under his belt, Ankitt has founded multiple blockchain and enterprise tech companies, consulted global companies across 30 countries in the enterprise applications space and has also written a book on blockchain tech from a non-techie perspective.
Anshul Dhir, Co-Founder & COO, EasyFi Network
Anshul Dhir’s experience as a serial entrepreneur & an early stage investor spans over 16 years, dedicated to building companies across web 3.0 & blockchain, financial markets, real estate, alternative Investments, fintech & technology, Internet & Media. A Gold Medalist from India’s prestigious B-school XLRI Jamshedpur, Anshul is also certified in Bitcoin and Cryptocurrency technologies from Princeton University. Recently, he was inducted in the prestigious list of Entrepreneur 35 under 35. He is currently the Cofounder & COO of EasyFi Network.