Securing the Metaverse
If and when the concept of the metaverse becomes common use it will likely have security challenges associated with it. Regardless of we may think of the metaverse concept either positively or negatively because it such early days we do not know what the end product will be so there is no real harm in discussing ponytail problems and we may be able to solve them. In futurism and science fiction, the metaverse is a hypothetical iteration of the Internet as a single, universal and immersive virtual world that is facilitated by the use of virtual reality (VR) and augmented reality (AR) headsets. Often today, a metaverse is a network of 3D virtual worlds focused on social connection.
The term "metaverse" originated in the 1992 science fiction novel Snow Crash by Neal Stephenson , as a portmanteau of "meta" and "universe". Metaverse development is often linked to advancing virtual reality technology due to increasing demands for immersion. In my personal opinion there is unlikely to be a single metaverse but multiple ones tied to specific companies and purposes. e.g Facebook (social network), Microsoft (gaming space and office tools),etc.
This blog post will cover cybersecurity, data protection and privacy and potential types of unique attacks which may target users of the metaverse. These will depend on the chosen device for example VR (virtual reality), AR (Augmented reality), XR (extended reality) headsets the user makes use of.
- Identification details which are required for creating the avatar;
- Location data;
- Data relating to habits, interests, preferences, and opinions; and
- Data relating to users’ psychophysical sphere, including behavioural data (e.g., emotional responses and social interactions) and body movement data (e.g., users’ posture, gaze, gestures, facial expressions, and interpersonal distancing).
Regarding the possibility to consider data processed in the context of the Metaverse as a , once translated into the Metaverse, specific movements and/or behaviours may easily “reveal” sensitive details about the individual, such as medical diseases, physical disabilities or previously experienced traumas. Furthermore, data which may be further obtained by analyzing human characteristics is known as “inferred data” as per the GDPR provisions. Should these data reveal sensitive information, including data concerning health, the applicable legal framework would be the one set out in Article 9 of the GDPR with the relevant restrictions and conditions of processing.
Though as it is still early days in the development of the metaverse existing and upcoming legislation/regulation may minimise or prevent gaps though as the same with data protection new guidance tailored to the metaverse may need to created to ensure application of privacy protection requirements, methods and tools are applied correctly.