Study: It’s Comically Easy To Identify ‘Anonymized’ Users In The ‘Metaverse’ With A Tiny Bit Of Motion Data
Posted: 2023-02-24 08:54am
Techdirt
Well, shit.from the "anonymized"-doesn't-mean-anonymous dept
Fri, Feb 24th 2023 05:32am - Karl Bode
We’ve noted for a very long while how most of the explanations that corporations use to insist that your privacy is protected are effectively worthless.
For example, corporations will routinely inform you that it’s no big deal that they’re over-collecting and selling access to your browsing or location data to any idiot with a nickel because that data is “anonymized,” protecting your identity. In reality, that term means nothing, and study after study have shown it’s easy to identify you with only a few snippets of additional information.
With that in mind, a new study about user privacy in the virtual reality and augmented reality era (full study here) tracked 50,000 users in VR and found some interesting data. Most notably, that it takes incredibly little actual data collected from device microphones, cameras, and other tech to accurately identify a user’s real-world identity.
Like, very little:Researchers found that the data they leave behind in virtual reality is more useful than a fingerprint to identify individuals. It also provides significantly more data to monetize, including a user’s height, handedness, gender, potential disability, strength, personal tics, etc.The research analyzed more than 2.5 million VR data recordings (fully anonymized) from more than 50,000 players of the popular Beat Saber app and found that individual users could be uniquely identified with more than 94% accuracy using only 100 seconds of motion data.
Even more surprising was that half of all users could be uniquely identified with only 2 seconds of motion data. Achieving this level of accuracy required innovative AI techniques, but again, the data used was extremely sparse — just three spatial points for each user tracked over time.
Combine this data with the profiles already commonly being built at major companies and ad brokers, and you could see how this might be a bit of an issue in a country that’s literally too corrupt to pass even a basic privacy law for the internet era (there was just too much money to be made, sorry).
There have been so many studies at this point (including other previous studies of user VR data) showcasing how “anonymization” is a gibberish term. Yet the next time there’s a hack, breach, or huge batch of public data left unsecured in an Amazon cloud bucket, notice how quickly the term is immediately utilized as a catch all defense for sloppy privacy and security practices.