Vivek C Nair*, Gonzalo Munilla-Garrido*, Dawn Song, and James F. O'Brien. Exploring the Privacy Risks of Adversarial VR Game Design. In Proceedings of the 23rd Privacy Enhancing Technologies Symposium (PETS), 2023.

“Exploring the Privacy Risks of Adversarial VR Game Design”

Vivek Nair · Gonzalo Munilla Garrido · Dawn Song · James F. O'Brien  |  10.56553/popets-2023-0108

Fifty study participants playtested an innocent-looking "escape room" game in virtual reality (VR). Within just a few minutes, an adversarial program had accurately inferred over 25 of their personal data attributes, from anthropometrics like height and wingspan to demographics like age and gender. As notoriously data-hungry companies become increasingly involved in VR development, this experimental scenario may soon represent a typical VR user experience. Since the Cambridge Analytica scandal of 2018, adversarially-designed gamified elements have been known to constitute a significant privacy threat in conventional social platforms. In this work, we present a case study of how metaverse environments can similarly be adversarially constructed to covertly infer dozens of personal data attributes from seemingly-anonymous users. While existing VR privacy research largely focuses on passive observation, we argue that because individuals subconsciously reveal personal information via their motion in response to specific stimuli, active attacks pose an outsized risk in VR environments.

  Read Paper     View Repo

MetaData at XRSI

MetaData and MetaGuard are already helping to shape metaverse safety and privacy standards. Watch an excerpt from an invited presentation about MetaGuard at the eXtended Reality Safety Initiative (XRSI) Privacy & Safety Working Group.

We appreciate the support of:

About the attacks:

We have identified over 25 personal data attributes that can be covertly harvested in VR. A select few of these attacks are described below.


Attackers can directly measure a user's anthropometrics from VR telemetry. While basic headset-and-controller setups are sufficient to reveal height, arm lengths, and wingspan, more advanced full-body tracking systems can yield additional anthropometric measurements. Additionally, measuring the distance between the virtual cameras used to render an image for each eye can also reveal a user's interpupillary distance (IPD).


Attackers can estimate the size and shape of a user's physical environment by tracking their virtual movements. Plus, observing the round-trip delay between a client device and multiple game servers can reveal an end user's geolocation via multilateration.


Attackers can observe the behavior of the user to reveal additional attributes. For example, observing a user's direction of gaze while solving a puzzle can reveal the languages they speak.


Vivek Nair

Gonzalo M. Garrido

Dawn Song

James F. O'Brien

Copyright ©2022–2023 UC Regents  |  Email us at