Digital Safety in the Metaverse
Is it a virtual reality with a headset or mixed reality? Users may need to become more familiar with the concept of metaverse. The metaverse is an environment that integrates virtual, mixed, and augmented reality using 3D modeling.[1] The metaverse is an interconnected web of various virtual worlds allowing real users to exist in these places as avatars in real-time and interact with other real-life humans in social hubs, collaborative spaces, open gaming worlds or connect on compatible massive multiplayer online video games. This enhanced online environment is shaping the next generation of the internet, also called Web 3.0.
The metaverse will present new opportunities for virtual collaboration, economic transactions, and entertainment. However, the metaverse lacks boundaries making it challenging to enforce governance to maximize digital safety. Developers may focus on building features rather than implementing control mechanisms to create a safe environment. Service providers will collect more data from you, including biometric and user behavior data from VR headsets. Your safety could be endangered in the metaverse based on trends from Web 2.0, the current state of the internet. Cybercrimes such as online harassment and failure to protect data negatively impact society, financial assets, and, worst case, someone’s life.[2]
Web 2.0, the current internet generation, embarked on a digital age, connecting people worldwide. The metaverse is the next level of the internet generation, bringing more possibilities for user engagement in a virtual space.[39] With infinite possibilities, drawing boundaries in our research was essential to enable relatability with our audience and arrive at systematic conclusions. Since the metaverse is immersive and presents new opportunities that have not been fully explored, we developed three scenarios in which users will likely engage in virtual healthcare, online dating, and gambling. We'll examine the potential risks of the metaverse and risk mitigation strategy for general users, service providers, and legislature because you, as the user, have limited control over the metaverse to reduce risks related to digital safety.
We researched and analyzed the compensating controls that were implemented for Web 2.0. Compensating controls are security measures implemented to mitigate risks or vulnerabilities that cannot be directly addressed or eliminated. They provide an additional layer of protection to reduce the impact of potential risks and help maintain the security of systems and data. Examples of compensating controls include monitoring and surveillance systems, access control mechanisms, and disaster recovery plans.[40] We studied various security measures and mitigation strategies that effectively reduced the risks associated with Web 2.0. Based on the compensating controls and risks identified, we recommend mitigation strategies for the risks associated with the metaverse. These strategies were developed for general users, service providers, and the legislature.
You will face unique safety risks for each scenario and other activities in the metaverse. The complexity, ambiguity, and lack of control will challenge users, service providers, and legislatures. Different standards and protocols from service providers and legislature create gaps in the metaverse's privacy, identity, and governance that you should keep in mind when navigating through the metaverse.
Among the risks identified in the scenarios we researched, privacy risks and identity risks were the most significant. In the healthcare scenario, for instance, the potential for unauthorized access to personal medical information raises concerns about the security and confidentiality of patients' data. In the online dating scenario, identity verification is a critical issue, as people may be exposed to fake profiles and catfishing. Similarly, underage gambling and addiction pose significant risks that must be addressed in the gambling scenario.
Additionally, governance is a severe need in the metaverse. The absence of rules and regulations can lead to chaotic situations where individuals may engage in unethical behavior or exploit others. The need for governance in the metaverse is evident in all the scenarios we explored. Overall, the scenarios we researched demonstrate that the metaverse has the potential to revolutionize the way we live our lives, but it also poses significant risks that must be addressed. Privacy risks, identity risks, and governance are among the top priorities that must be considered as we explore the potential of the metaverse. Without addressing these risks, the metaverse may not be able to reach its full potential as a tool for social and economic development.
Identity risk is the likelihood of the theft, unauthorized usage, or masquerading of a human, machine, or organization’s credentials. [48] Using compromised credentials, it isn't easy to differentiate and validate users. Validation of identity is crucial to promote a safe metaverse environment in which users can easily pretend using existing technologies such as deep fake and machine learning to regenerate sounds and visuals to make them seem authentic. In the metaverse, the session may not always be recorded, and there will be a lack of jurisdiction for identity validation. Identification standards and policies may vary depending on platforms.
Governance oversees and enforces information system regulations, policies, and standards. [49] It is managed by the government of the state, private and public sectors, including service providers. To build an immersive digital environment, governance will establish standards to reduce identity, privacy, and other risks. Having no physical and virtual boundaries to determine who will enforce governance, the debate will likely continue who will take control of the new domain.
Privacy risk is the potential loss of control over personal and sensitive information due to unauthorized disclosure. [47] Theft or manipulation of sensitive or private information will lead to monetary and creditable loss. Malicious actors can exploit PII to breach users' accounts associated with compromised PII. In the metaverse, user behavior and biometric data will likely be collected and monitored without the user's control. A collection of user behavior and biometric data will be collected constantly while wearing the VR headset and/or other appropriate sensors. As technology advances, legitimate and illegal parties collect user behavior on the internet, PII, and location information.
Addressing the risks related to privacy, identity, and governance in the metaverse requires a collaborative effort from various stakeholders. The government has a critical role in ensuring metaverse users' safety and privacy by enacting legislation that holds organizations accountable for their actions. They can also increase public awareness to help people understand their rights and responsibilities.Service providers and application developers must also take responsibility for ensuring the safety and privacy of users. They can achieve this by implementing control and mitigation measures to prevent potential risks.Individual users must also stay informed about the potential risks and their rights when navigating the metaverse. This includes taking precautions to protect personal information and being mindful of the content they create and consume in the metaverse.In summary, ensuring safety in the metaverse requires a collective effort from governments, service providers, developers, and individual users. By working together, we can build a metaverse that is safe, secure, and accessible for everyone.
