In a recent study, US researchers indicate that virtual reality is far from being a guarantee of data protection. Only five minutes is enough to identify a user in virtual reality. Thus, no one is anonymous in their virtual universe.
Identification in record time in Virtual Reality
For several years, virtual reality has been gradually democratizing. Nonetheless, questions arise about privacy and confidentiality. A team of researchers from Stanford University (United States) investigated this question as part of a study published in the journal Scientific Reports on October 15, 2020. The directors of the study conducted an experiment with 511 volunteers. The system developed for the occasion made it possible to identify 95% of users in the VR. Analysis of movement tracking data enabled these identifications in just five short minutes.
Participants equipped with an HTC Vive headset and two Wand controllers had to watch five 360 ° videos for about twenty seconds. In addition, some of these videos included small elements intended to focus the attention of the user’s gaze. Others immersed the latter in an almost empty area like a forest.
Then, the hand and head tracking data fed an algorithm (machine learning) in order to create his profile. These include its size and posture, the way it moves, the speed of its head rotation, its distance from the VR content, and the position of the controllers at rest. Analysis of this data allowed precise identification of users, highlighting the danger of VR for privacy.
No one is anonymous in VR
In any case, this phenomenon raises questions insofar as other biometric tracking technologies are gradually integrating VR. These include eye-tracking and mouth movement tracking, as well as the use of connected accessories such as smartwatches and other fitness bracelets. Thus, data from the systems will soon be available to advertisers. Companies such as Facebook could then exploit this opportunity to sell user data to third parties to perform ad targeting operations.