Effect of Data Degradation on Motion Re-Identification
Vivek Nair, Mark Roman Miller, Rui Wang, Brandon Huang, Christian Rack, Marc Erich Latoschik, James F. O'Brien
TL;DR
This work addresses privacy risks from VR motion data by testing simple data degradation strategies—noise, reduced framerate, reduced precision, and reduced dimensionality—against state-of-the-art re-identification attacks. Using the BOXRR-23 Beat Saber dataset, the authors train an LSTM-based classifier on $900\times36$ sequences derived from body-relative coordinates and evaluate identifiability at the session level and per-frame. They find near-perfect session-level accuracy under all degradations, demonstrating the persistence of identifiable signals even in degraded data. The work highlights that basic degradation is insufficient for privacy, underscoring the need for stronger protections such as differential privacy or $k$-anonymity in VR motion data.
Abstract
The use of virtual and augmented reality devices is increasing, but these sensor-rich devices pose risks to privacy. The ability to track a user's motion and infer the identity or characteristics of the user poses a privacy risk that has received significant attention. Existing deep-network-based defenses against this risk, however, require significant amounts of training data and have not yet been shown to generalize beyond specific applications. In this work, we study the effect of signal degradation on identifiability, specifically through added noise, reduced framerate, reduced precision, and reduced dimensionality of the data. Our experiment shows that state-of-the-art identification attacks still achieve near-perfect accuracy for each of these degradations. This negative result demonstrates the difficulty of anonymizing this motion data and gives some justification to the existing data- and compute-intensive deep-network based methods.