Privacy is an essential part of our lives. However, with the rise of the internet ad giants, privacy online has been eroded. This erosion of privacy even extends into the real world as many people now have always-on microphones. They can be in the form of smart speakers, cameras in the form of smart screens, and internet-connected security cameras. With smartphones, you’ve got all of that connected in one package, combined with GPS. This allows your location to be tracked.
A VR headset offers similar potential for intrusive breaches of privacy. The Oculus Quest 2 features a set of four infrared cameras used to locate itself in the room and a microphone. Not only could this raw data be used to compromise your privacy. But all of the other data resulting from your use of the Quest 2 could be used to infringe on your personal privacy too.
Can You trust the Quest 2 Privacy Features?
The big question is whether you need to be worried about this potential for a privacy invasion or not. The first thing to look at is the company behind it, and, well, it doesn’t look good. Oculus is owned by Meta, the parent company of Facebook. Meta is one of the worst offending companies for anti-privacy practices. It has a massive set of tracking adverts and cookies around the web. Even if you don’t use its platforms, it will undoubtedly have data on you.
Most of Meta’s services are free. This is because user data is its genuine product. It uses its vast array of user data to sell targeted advertisements. There have also been numerous examples of Meta taking it further by not reporting data breaches, performing research on its user base, and disclosing user data to unauthorized third parties. Of all the possible companies in the world to trust with private data, Meta is one of the worst possible options.
The cameras built into the Quest 2 use infrared light rather than visible light. This can be seen when using the passthrough functionality, as your room appears in greyscale. Theoretically, this data could generate a map of your playing space. Or even actively monitor your actions and of others in your playing space.
One of the limitations that can support your privacy is that the headset is not an always-on device. While you’re not using it, you can turn it off, and you don’t have to worry about it collecting any data. You can also place it in a carry case for protection and privacy protection.
Meta doesn’t disclose any information about what microphone data is collected. Obviously, voice data will be transmitted to other users for online interactions. This is expected of the platform. However, it is unclear if this data is stored and processed afterward.
You can make voice commands. If the appropriate experimental setting is enabled, these are activated either via a button press or via the “Hey Facebook” wake word. While the microphone isn’t transmitting everything, the wake word can be misheard, resulting in accidental activations. Once a voice command is issued, it is saved and processed. You can listen to your recent voice commands by accessing them via the Oculus smartphone app, from where you can also delete the recordings. Meta doesn’t disclose if they process the audio data for anything other than responding to the command.
Account and Social Data
When interacting with any online service, some data will be transferred. There is no way to avoid this. For example, your username and character model may need to be visible to other users. Voice data and movement data may be transmitted, depending on your settings and the context. This data will be required for the service to run. Or at least for the parts of the service you are using to run. This is the same as it would be for any other online service and is perfectly reasonable.
The main thing with this sort of data is to manage what data you’re putting out there. If you don’t want to have your voice data out there, mute your microphone in the settings. Likewise, it’s essential to ensure that you’re okay with your public profile picture and username. These are things that other people may see in online interactions.
A threat model is a process of identifying what risks you actually face. Its purpose is to clarify what risks you meet in a given scenario. Then let you plan what you can do to protect yourself from them. Regarding privacy risks with a Quest 2, there are three main classes of risk. The first is unintentionally sharing data within the Oculus system, the second is unintentionally sharing data outside the Oculus system, and the third is Meta using your data for unnecessary purposes.
If you’re concerned about accidentally sharing some data, such as voice data, your best bet is to be proactive. By doing things in advance, you can prevent the data from ever being disclosed. For example, no voice data will be transmitted if you mute your microphone. Alternatively, if you’re concerned about people being able to see what you look like, make sure that your profile picture isn’t a photo of you. Suppose a setting is off, and you prevent your private data from ever being available. In that case, you don’t need to worry about it.
Protecting Your Privacy
To prevent any accidental disclosures of Oculus data outside of Oculus, you should review the privacy settings. While you’re basically required to sign in with your Facebook account, you can choose if you want your Oculus profile to be visible to your Facebook friends that also have an Oculus. Likewise, you can enable or disable the sharing of certain events like posting screenshots from being shared automatically to your Facebook timeline. The privacy settings that Meta offers within its apps are generally relatively strong. You can choose how public or private your account and data are with a reasonable amount of granularity.
Meta’s entire business model is around processing people’s data, primarily for advertising purposes. You can do a few things to minimize this, but your choices are generally limited. You can disable certain features. For example, suppose you mute your microphone. In that case, you won’t need to worry about your voice data being used to target advertisements to you.
However, you can’t disable most features the platform needs to work. the options aren’t available. Suppose you’re primarily concerned about Meta using your data for advertisements. In that case, your alternatives are to provide fake data, such as a pseudonym, or avoid the platform entirely. It’s also worth noting that with Meta’s broad data gathering net around the internet, providing fake data may be of minimal benefit.
As with many things, it really depends on what you’re looking for as to whether you can trust the privacy features in the Oculus Quest 2. Some data will be shared for online services to work. but you can choose to provide fake data, at least in some scenarios. The privacy settings control whether your activity is visible to friends on Oculus. or on Facebook are relatively strong, just like the privacy settings on Facebook.
At the end of the day, privacy and Meta just don’t go together. If you’re concerned about Meta using your Quest 2 for tracking or advertising purposes, your concerns are undoubtedly well-founded. Meta uses at least some data from the Oculus platform to target advertisements to you, such as for similar games to the ones you play or have looked at.
It’s unclear how much of your other data Meta uses for this purpose. Still, with the company’s history, it likely tries to use as much of it as possible. If you want to minimize the amount of data Meta has about you, your best bet is to avoid directly using any of its products, including the Oculus Quest 2. Share your thoughts in the comments below.