ProtonBlog(new window)
Privacy and the metaverse

Privacy and the metaverse

Share this page

On October 28, 2021, Facebook announced the rebranding of its parent company from Facebook to Meta. Since then, the term “metaverse” has been a hot topic of discussion. 

From facial expressions to biometric data, the metaverse has the potential to collect new and vast amounts of personal information, allowing Meta to target participants with even more personalized ads. With the metaverse, Meta’s ad-based business model poses an even greater threat to online privacy. 

What is the metaverse? 

While Meta may have repopularized the term, the concept of a metaverse has long existed in the pages of sci-fi novels. Author Neal Stephenson first coined the term in 1992 in his book Snow Crash, where he sketched out a virtual world his characters could escape to as means of avoiding their dystopian reality. 

According to Stephenson, the metaverse refers to a “convergence of physical, augmented, and virtual reality in a shared online space”, allowing people to interact with others through 3D avatars. 

Will there be only one metaverse?

Since Snow Crash’s publication, various developments have been made toward a real metaverse. Games like Fortnite and Roblox already provide an immersive environment where you can socialize with other people beyond a simple computer screen. 

However, by using technologies such as virtual reality (VR) and augmented reality (AR), Meta wants to go a step further and make the metaverse a reality. VR refers to technologies that replace a real-life environment with a virtual one, whereas AR augments your surroundings by adding digital elements to a live view.

Meta’s vision of the metaverse consists of social hubs where you can connect, work, play, and shop using a digital avatar, but it isn’t the only one trying to build a 3D virtual reality space. 

In fact, Microsoft, Nvidia, and Epic Games are all developing their own versions of the metaverse. At the end of 2021, Microsoft announced Mesh(new window), a collaborative platform that uses mixed reality technologies to make online meetings more personal and engaging. Nvidia markets its Omniverse(new window) as a “development platform for 3D simulation and design collaboration”.

As VR and AR technologies advance, more and more tech giants will focus on building metaverse platforms. 

The privacy risks of the metaverse 

Compared to traditional social media platforms, the metaverse could create even more avenues for data collection. The technologies underpinning the metaverse — VR headsets and augmented reality glasses — can track eye movement and determine what the participant is focusing on. 

It can pick up physiological responses and biometric information such as heart rate, pupil dilation, and vocal inflections, revealing subconscious interests and preferences. Heart monitors can also pick up neural or heart problems even before the participant feels symptoms. The US Patent and Trademark Office has already approved some eye- and face-tracking technology patents(new window) for use in the metaverse. 

This depth of information would allow Meta to build eerily intimate profiles of participants, alerting them to inclinations or health problems that people themselves aren’t aware of. This could present new avenues for Meta to manipulate the participants in the metaverse without their consent.

According to Facebook whistleblower Frances Haugen(new window), as the metaverse expands, participants will have to install cameras and microphones throughout their homes to generate fully interactive experiences. These cameras would capture everything from the appearance and layout of a participant’s home to the minute details of their daily routines.

With such a setup, Meta would have real-time insight into people’s everyday lives, giving them unprecedented amounts of data they can collect and use for nefarious purposes. As Meta’s losses in the metaverse continue to grow(new window), the company has a greater incentive to extend their existing privacy-invasive business model to the metaverse to make a profit for its shareholders. 

Can Meta be trusted to build the metaverse?

Given that the metaverse enables unprecedented levels of data collection, a critical question remains: Who should be trusted to build it?

Meta is no stranger to controversy when it comes to data privacy. The company has been involved in several major data breaches in the past: 

Meta has had a long history of failing to protect people and their privacy on its platform. But it has proven to be an even worse moderator of its own social media platform. While Facebook claims to remove more than 90% of hate speech published on its site, the actual figure is only 3 to 5%(new window)

In March 2022, London-based watchdog Global Witness tested Facebook’s hate speech safeguards(new window) by submitting eight paid ads to the social media network, each incorporating different versions of real-world hate speech copied from a United Nations report. All eight ads were approved, proving Facebook’s poor ability to detect hateful speech in the Burmese language. As a result, Facebook has been investigated over its role in the genocide of Rohingya Muslims(new window)

It has also repeatedly allowed world leaders and politicians across 25 countries to use its platform to deceive the public or harass opponents(new window)

In fact, Meta itself can’t even keep track of the data it already has. According to a leaked internal document, Facebook’s own engineers have no idea where all of its user data goes(new window), or what it’s doing with it. 

Given its record of data breaches and privacy violations, we should not trust Meta to build the metaverse.

What would a metaverse that respected privacy look like? 

The real promise of the metaverse lies in its new data-rich experiences and services that can enhance our lives. However, for it to be successful, the metaverse should embody some core principles to ensure your safety and privacy. 

Interoperability

For one, the metaverse should be open and interoperable to prevent the creation of walled gardens. This interoperability is crucial in connecting people and providing them with a unified and seamless experience. An open metaverse would also mean people are not locked in on a single platform and can easily transfer their digital assets from one service to another.

Decentralization

What makes the metaverse potentially harmful is that a handful of powerful corporations will have the ability to mediate every aspect of our lives, selling access to our personal data to the highest bidder. However, decentralizing the metaverse would mean that no single entity “owns” or has the power to sell our information. A decentralized metaverse would enable us to enjoy a new world of possibilities where we are fully in control of our virtual experiences.

Switching from an ad-based model to a subscription model

The metaverse should offer an unparalleled user experience by breaking away from Big Tech’s traditional ad-based business model. Rather than operating as a service designed to extract data and monetize people’s lives, the metaverse should utilize a subscription model to avoid ads and maintain user privacy. 

Consent to data collection and marketing

If an ad-supported metaverse must exist, then all data collection should require the consent of participants. With the impending deprecation of cookies(new window) and cookie-based marketing, companies and brands can start from a clean slate and support more privacy-first tracking alternatives in the metaverse.

We need to be ready

The metaverse is likely the next stage of the internet’s evolution as 3D experiences continue to blur the line between fiction and reality. However, similar to the rise of social media, lawmakers can take a long time to react to new technologies like the metaverse.

Privacy concerns are not the only risks — bigger questions of content moderation(new window), codes of conduct(new window), sustainability(new window), and accessibility(new window) have to be addressed before the metaverse can be a safe and welcoming space for all.

Despite its potential pitfalls, the metaverse promises to offers us new and interactive experiences where we can work, play, and socialize with each other. Its advent offers us another chance to redefine data protection and put privacy and consent at the forefront of our new virtual societies.

Protect your privacy with Proton
Create a free account

Share this page

Lydia Pang(new window)

Lydia is a lifelong book-lover and her professional experience spans several industries, including higher education and editorial writing. She's excited to write for Proton and champion privacy as a fundamental right for everyone.

Related articles

Can you password-protect a folder in Google Drive?
Protecting a folder with a password is a simple yet effective way of securing files. You may wonder whether you can password-protect a folder in Google Drive. We explain what access controls Google Drive offers and what you can do to improve your sec
Proton Pass now supports passkeys on all devices and plans
We’re excited to announce that Proton Pass supports passkeys for everyone, allowing you to manage and use passkeys across all devices seamlessly. Passkeys are an easy and secure alternative to traditional passwords that can help prevent phishing atta
what is a passkey?
Passkeys are a new way to secure your online accounts using cryptographic keys instead of passwords. They offer a high level of convenience and security, and are a real game-changer in the way we access and secure sites. What is a passkey, though, an
Apple’s marketing team has built a powerful association between the iPhone and privacy. The company’s ad campaigns claim that “what happens on your iPhone, stays on your iPhone.” And, “Privacy. That’s iPhone.” But Apple’s lawyers are telling a diffe
A cyberattack on national public employment service France Travail has exposed the personal data of as many as 43 million people.  The latest breach is the second major cybersecurity attack to happen in France in the past month, raising concerns abo
If I share a folder in Google Drive, can anybody see my other folders
Google Drive makes it easy to share files and folders, but you may have wondered at some point whether the people you’ve shared a folder with can see your other folders. We answer this question below and also share some tips for truly secure link sha
In 2014, Proton Mail was introduced as a web app, revolutionizing how we think about email privacy. Today, we’re excited to broaden the horizons of secure communication by launching the Proton Mail desktop app. Anyone can now use the new Proton Mail