Privacy is an essential part of our lives.
However, with the rise of the internet ad giants, privacy online has been eroded.
This erosion of privacy even extends into the real world as many people now have always-on microphones.
With smartphones, youve got all of that connected in one package, combined with GPS.
This allows your location to be tracked.
A VR headset offers similar potential for intrusive breaches of privacy.
Not only could this raw data be used to compromise your privacy.
Contents
Can You trust the Quest 2 Privacy Features?
The big question is whether you better be worried about this potential for a privacy invasion or not.
Oculus is owned by Meta, the parent company of Facebook.
Meta is one of the worst offending companies for anti-privacy practices.
It has a massive set of tracking adverts and cookies around the web.
Even if you dont use its platforms, it will undoubtedly have data on you.
The Cameras
The cameras built into the Quest 2 use infrared light rather than visible light.
This can be seen when using the passthrough functionality, as your room appears in greyscale.
Theoretically, this data could generate a map of your playing space.
Or even actively monitor your actions and of others in your playing space.
Meta admits in its privacy policy that it does collect your data.
As an example, it says it collects data on your hand size and hand tracking data.
It also gathers information about your playing area when you set a guardian boundary.
There are no restrictions specified in the privacy policy on the data that Meta can acquire from the cameras.
That means that Meta may be collecting a lot more data than it implies in the privacy policy.
One of the limitations that can support your privacy is that the headset is not an always-on gear.
it’s possible for you to also place it in a carry case for protection and privacy protection.
The Microphone
Meta doesnt disclose any information about what microphone data is collected.
Obviously, voice data will be transmitted to other users for online interactions.
This is expected of the platform.
However, it is unclear if this data is stored and processed afterward.
it’s possible for you to make voice commands.
While the microphone isnt transmitting everything, the wake word can be misheard, resulting in accidental activations.
Once a voice command is issued, it is saved and processed.
Meta doesnt disclose if they process the audio data for anything other than responding to the command.
Account and Social Data
When interacting with any online service, some data will be transferred.
There is no way to avoid this.
For example, your username and character model may need to be visible to other users.
Voice data and movement data may be transmitted, depending on your parameters and the context.
This data will be required for the service to run.
Or at least for the parts of the service you are using to run.
This is the same as it would be for any other online service and is perfectly reasonable.
The main thing with this sort of data is to manage what data youre putting out there.
If you dont want to have your voice data out there, mute your microphone in the configs.
Likewise, its essential to ensure that youre okay with your public profile picture and username.
These are things that other people may see in online interactions.
Threat Model
A threat model is a process of identifying what risks you actually face.
Its purpose is to clarify what risks you meet in a given scenario.
Then let you plan what you’re free to do to protect yourself from them.
Regarding privacy risks with a Quest 2, there are three main classes of risk.
For example, no voice data will be transmitted if you mute your microphone.
Suppose a setting is off, and you prevent your private data from ever being available.
In that case, you dont need to worry about it.
The privacy configs that Meta offers within its apps are generally relatively strong.
Some data will be shared for online services to work.
but you’ve got the option to choose to provide fake data, at least in some scenarios.
The privacy configs control whether your activity is visible to friends on Oculus.
or on Facebook are relatively strong, just like the privacy configs on Facebook.
