Exploring the Privacy Risks of Adversarial VR Game Design

July 26, 2022 · Entered Twilight · 🏛 Proceedings on Privacy Enhancing Technologies

"No code URL or promise found in abstract"
"Code repo scraped from project page (backfill)"

Evidence collected by the PWNC Scanner

Repo contents: .gitignore, Assets, Images, InitCodeMarker, LICENSE, Packages, ProjectSettings, README.md, UserSettings, unityProject.vrmanifest

Authors Vivek Nair, Gonzalo Munilla Garrido, Dawn Song, James F. O'Brien arXiv ID 2207.13176 Category cs.CR: Cryptography & Security Citations 54 Venue Proceedings on Privacy Enhancing Technologies Repository https://github.com/metaguard/metaguard ⭐ 18 Last Checked 14 days ago

Abstract

Fifty study participants playtested an innocent-looking "escape room" game in virtual reality (VR). Within just a few minutes, an adversarial program had accurately inferred over 25 of their personal data attributes, from anthropometrics like height and wingspan to demographics like age and gender. As notoriously data-hungry companies become increasingly involved in VR development, this experimental scenario may soon represent a typical VR user experience. Since the Cambridge Analytica scandal of 2018, adversarially designed gamified elements have been known to constitute a significant privacy threat in conventional social platforms. In this work, we present a case study of how metaverse environments can similarly be adversarially constructed to covertly infer dozens of personal data attributes from seemingly anonymous users. While existing VR privacy research largely focuses on passive observation, we argue that because individuals subconsciously reveal personal information via their motion in response to specific stimuli, active attacks pose an outsized risk in VR environments.