Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Exploring the Uncoordinated Privacy Protections of Eye Tracking and VR Motion Data for Unauthorized User Identification

Samantha Aziz, Oleg Komogortsev

TL;DR

The paper investigates privacy risks when eye-tracking and VR motion data are collected simultaneously in VR platforms. It evaluates two privacy mechanisms—gaze data smoothing and MetaGuard-based differential privacy—and demonstrates that cross-sensor data can be used to re-identify users even when some streams are privatized. The study shows that partial privacy protections can be bypassed by unprotected streams, underscoring the need for comprehensive, multi-sensor privacy safeguards. Practically, the findings call for robust privacy frameworks and policies that account for synchronized, correlated data streams in contemporary VR systems.

Abstract

Virtual reality (VR) sensors capture large amounts of user data, including body motion and eye tracking, that contain personally identifying information. While privacy-enhancing techniques can obfuscate this data, incomplete privacy protections risk privacy leakage, which may allow adversaries to leverage unprotected data to identify users without consent. This work examines the extent to which unprotected body motion data can undermine privacy protections for eye tracking data, and vice versa, to enable user identification in VR. These findings highlight a privacy consideration at the intersection of eye tracking and VR, and emphasize the need for privacy protections that address these technologies comprehensively.

Exploring the Uncoordinated Privacy Protections of Eye Tracking and VR Motion Data for Unauthorized User Identification

TL;DR

The paper investigates privacy risks when eye-tracking and VR motion data are collected simultaneously in VR platforms. It evaluates two privacy mechanisms—gaze data smoothing and MetaGuard-based differential privacy—and demonstrates that cross-sensor data can be used to re-identify users even when some streams are privatized. The study shows that partial privacy protections can be bypassed by unprotected streams, underscoring the need for comprehensive, multi-sensor privacy safeguards. Practically, the findings call for robust privacy frameworks and policies that account for synchronized, correlated data streams in contemporary VR systems.

Abstract

Virtual reality (VR) sensors capture large amounts of user data, including body motion and eye tracking, that contain personally identifying information. While privacy-enhancing techniques can obfuscate this data, incomplete privacy protections risk privacy leakage, which may allow adversaries to leverage unprotected data to identify users without consent. This work examines the extent to which unprotected body motion data can undermine privacy protections for eye tracking data, and vice versa, to enable user identification in VR. These findings highlight a privacy consideration at the intersection of eye tracking and VR, and emphasize the need for privacy protections that address these technologies comprehensively.

Paper Structure

This paper contains 19 sections, 5 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Background and Related Work
  3. Threat Model
  4. Methodology
  5. Data Set
  6. Privacy Mechanisms
  7. Gaze Data Privacy Mechanism
  8. Head and Hand Data Privacy Mechanism
  9. Biometric Authentication Model
  10. Data Pre-Processing
  11. Training and Evaluation
  12. Results
  13. Combining Unmodified Data Streams for User Authentication
  14. User Authentication with Fully Privatized Data
  15. Circumventing Partial Privacy Protections for User Authentication
  16. ...and 4 more sections

Figures (5)

  • Figure 1: An illustration of the threat model proposed for this investigation, where a malicious third-party developer attempts to identify users using a combination of data streams collected from a user's VR device. Blue arrows represent a benign flow of information through this system, and red arrows show malicious information flow.
  • Figure 2: A visualization summarizing the effect of privatization on biometric identification rates.
  • Figure 3: ROC curves comparing the effect of privatization on biometric verification rates for each data stream individually, and for VR motion data.
  • Figure 4: The impact of incomplete privatization of each combination of data streams on user identification rates (yellow). Blue bars display identification rates when all data has undergone privatization, and red bars display identification rates when all of the data is unmodified.
  • Figure 5: ROC curves showing the effect of patchwork privacy protections to different combinations of data streams on biometric verification.