“Exploring the Unprecedented Privacy Risks of the Metaverse”

2022  |  Vivek Nair · Gonzalo Munilla Garrido · Dawn Song  |  https://doi.org/10.48550/arXiv.2207.13176

Thirty study participants playtested an innocent-looking "escape room" game in virtual reality (VR). Behind the scenes, an adversarial program had accurately inferred over 25 personal data attributes, from anthropometrics like height and wingspan to demographics like age and gender, within just a few minutes of gameplay. As notoriously data-hungry companies become increasingly involved in VR development, this experimental scenario may soon represent a typical VR user experience. While virtual telepresence applications (and the so-called "metaverse") have recently received increased attention and investment from major tech firms, these environments remain relatively under-studied from a security and privacy standpoint. In this work, we illustrate how VR attackers can covertly ascertain dozens of personal data attributes from seemingly-anonymous users of popular metaverse applications like VRChat. These attackers can be as simple as other VR users without special privilege, and the potential scale and scope of this data collection far exceed what is feasible within traditional mobile and web applications. We aim to shed light on the unique privacy risks of the metaverse, and provide the first holistic framework for understanding intrusive data harvesting attacks in these emerging VR ecosystems.

  Read Paper     View Repo

MetaData at XRSI

MetaData and MetaGuard are already helping to shape metaverse safety and privacy standards. Watch an excerpt from an invited presentation about MetaGuard at the eXtended Reality Safety Initiative (XRSI) Privacy & Safety Working Group.

We appreciate the support of:

About the attacks:

We have identified over 25 personal data attributes that can be covertly harvested in VR. A select few of these attacks are described below.


Attackers can directly measure a user's anthropometrics from VR telemetry. While basic headset-and-controller setups are sufficient to reveal height, arm lengths, and wingspan, more advanced full-body tracking systems can yield additional anthropometric measurements. Additionally, measuring the distance between the virtual cameras used to render an image for each eye can also reveal a user's interpupillary distance (IPD).


Attackers can estimate the size and shape of a user's physical environment by tracking their virtual movements. Plus, observing the round-trip delay between a client device and multiple game servers can reveal an end user's geolocation via multilateration.


Attackers can observe the behavior of the user to reveal additional attributes. For example, observing a user's direction of gaze while solving a puzzle can reveal the languages they speak.


Vivek Nair


Gonzalo Munilla Garrido


Dawn Song


Copyright ©2022 UC Regents  |  Email us at rdi@berkeley.edu.