Incognito — December 2021: The Metaverse

Welcome to the December 2021 issue of Incognito, a monthly newsletter from DeleteMe that keeps you posted on all things privacy and security.

Here’s what we’re talking about this month:

  • The Metaverse. What is it, and how will it impact our privacy? 
  • Recommended reads, including “The Latest Privacy-Focused Search Engine Trying to Take On Google.” 
  • Q&A: Why do some people cover their laptop cameras?

If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter.
In October, Facebook officially changed its name to “Meta” to demonstrate its commitment to developing a metaverse ecosystem. Touted as the next phase of the internet, with companies like Meta primed to spend billions building it, the metaverse will undoubtedly change the world. Whether it does so for the better or worse is yet to be seen.  

What Is the Metaverse?

Because it’s still just a concept, there is no universally accepted definition of what the “metaverse” really is.

However, most people see the metaverse as a persistent, shared digital environment that links seamlessly to the real, physical world. In the metaverse, users will be able to create, explore, and interact with other people (and brands) through virtual reality headsets, smartglasses, mobile apps, gaming consoles, and other metaverse-friendly devices. Wherever you go in the metaverse, you will be represented by a 3D avatar.

Meta’s CEO Mark Zuckerberg describes the Metaverse as “an embodied internet where you’re in the experience, not just looking at it.”

What Will the Metaverse Look Like?

According to the venture capitalist Matthew Ball, who wrote an influential essay on what the metaverse is back in 2020, the metaverse:

  1. Is always “on.”
  2. Combines various different platforms (for example, gaming platforms like Fortnite or Roblox are not going to be metaverses in and of themselves but rather destinations in the metaverse) and spans both physical and virtual spaces (i.e., augmented reality).
  3. Is experienced live and in real-time.
  4. Has a fully-fledged economy.
  5. Can host any size audience.
  6. Is interoperable (i.e., people can transfer their avatars and goods from one part of the metaverse to another).
  7. Allows both individual users and corporations to create experiences and content.

To be clear, the metaverse is not supposed to replace the physical world. Instead, it’s meant to make virtual experiences more interactive and life-like. 

How Will We Use the Metaverse?

The metaverse has many use cases. Besides “entering” the metaverse to play games with your friends and attend virtual concerts, you may also use it to:

  • Own holographic versions of physical goods like board games, art pieces, or even your TV.
  • Teleport as a hologram to the office, classroom, or your friends’ house.
  • “Try on” digital clothes when you’re shopping online before you order their real-life versions or test drive a new car that is built the exact same way in the real world.

Who Is Investing In the Metaverse?
Meta, the company formerly known as Facebook, obviously. But also Microsoft (who is working on building an “enterprise metaverse”), Nvidia, and Unity Software.

The dating app Bumble is looking for ways to integrate the metaverse into its platform, as well, whereas consumer brands like Gucci have already sold digital-only items. Disney has been talking about creating a “theme park metaverse” since 2020. 

When Will the Metaverse Happen?
Per Zuckerberg’s estimates, it will probably take another 10 to 15 years for the metaverse to become mainstream. Right now, there are still a number of issues that need to be resolved. For example, we still don’t have the infrastructure or devices (like consumer-friendly augmented reality glasses) that a functioning metaverse requires.

Will the Metaverse Be Better Than the Internet?
Metaverse proponents see the concept’s openness as a way to break free from the tech giants that track our every move online and, through their algorithms, control what we see (and don’t see).

Unfortunately, while the metaverse isn’t supposed to be owned by a single company, privacy experts worry that the same companies that effectively control the internet now will dominate the metaverse, too. Particularly when it comes to Facebook, in the words of the technology analyst Benedict Evans, “if there is something after smartphones, Meta wants to be landlord, not a tenant.”

In fact, the desire to own as much as possible of the metaverse is likely why Meta is moving so fast and aggressively with their vision of the metaverse (the company is planning to employ 10,000 people in the EU to develop the metaverse). Facebook wants their hardware and software for the metaverse to become the default, and in this way, end up owning “the digital infrastructure of 21st-century life.”

What Will Happen to Our Data?
The question, then, is: in the metaverse, will we be able to trust Meta (or any other big corporation) with our data? Not if they can make money from it. As made clear by Facebook whistleblower Frances Haugen, who leaked thousands of internal documents, the company puts “astronomical profits before people.

Facebook makes most of its money from targeted, personalized ads and has made it fairly clear that ads will remain an important part of their business model in the metaverse.

  • In the metaverse, users will likely end up sharing vastly more personal information than they do today when interacting on social media. Even things like our eye movement and pupil size (which will probably be tracked via VR headsets or smartglasses) can give away sensitive information about us, like our ethnicity, mood and emotions, and state of mind.
  • The Guardian has aptly remarked that through data collection in the metaverse, advertisers will be able to target their ads based on who people are interacting with, their body language, and physiological responses.
  • Spending time in the metaverse will be “kind of like having a drone following you around in real life, monitoring everything you do, and then passing that information on to whoever,” said Albert Rizzo, psychologist and director for medical virtual reality at USC’s Institute for Creative Technologies.

If and when the metaverse becomes a thing, staying out of it may not be an option. Facebook whistleblower Haugen noted that individuals who decline to participate in the metaverse could potentially risk losing their jobs.

Recommended Reads

Our recent favorites to keep you up to date in today’s digital privacy landscape.

FBI Email Server Compromised, Hackers Send Out Fake Emails

The FBI confirmed that its email servers were hacked. Unidentified attackers sent fake messages to over 100,000 addresses, warning the recipients that they were the victims of a “sophisticated chain attack” supposedly perpetrated by a prominent cybersecurity researcher. This attack highlights the critical vulnerabilities that still exist in federal systems.

The Latest Privacy-Focused Search Engine Trying to Take On Google

Launched in beta to the public in November, You.com is a new search engine seeking to challenge Google. Besides promising to never track users around the web, sell their information to third parties, or show them targeted ads, You.com also stands out in the way that it presents information: in a grid of tiles rather than a vertical set of results, organized by categories like “web” and “news.” Users can also “upvote” and “downvote” results. 

Emotet, the World’s Most Dangerous Malware, Returns

Researchers have noted that malware that looks a lot like the Emotet botnet, once the “world’s most dangerous malware,” is back. After attacking around 7% of the world’s devices in December 2020, The botnet was dismantled by concentrated law enforcement efforts earlier this year. However, it now appears that the group behind Emotet is rebuilding the botnet via TrickBot, which could lead to a dramatic increase in ransomware infections. 

Instagram Introduces Video Selfie Authentication to Fight Bots

In an effort to combat bots, Instagram is now asking accounts that exhibit suspicious behavior to verify they’re human with a video selfie. According to Instagram, the feature doesn’t use facial recognition. Rather, Instagram teams review the selfies which are allegedly deleted within 30 days. Worryingly, Instagram said that user authentication is “one of the ways” they use video selfies, implying they may be used for other purposes, as well.

You Asked, We Answered

Here are some of the questions our readers asked us last month.

Q: Why do some people cover their laptop cameras?

A: Because they’re worried someone might be spying on them. According to a 2019 study by HP, 6 in 10 individuals are concerned their device webcam will compromise their privacy, and 59% say they cover their laptop cameras — including Mark Zuckerberg and former FBI director James Comey.

Their fears may be well justified. In 2013, research showed that it is possible to activate a Macbook camera without triggering the light that’s supposed to notify users that the camera is on. The FBI is capable of enabling individuals’ webcams, too.

However, for anyone that decides to tape over their webcams, it’s important to remember that microphones can be enabled remotely, as well. Unfortunately, today, microphones are pretty much everywhere, including in your phone and Alexa device.

Q: Why are privacy policies so long and complicated?

A: Great question — and observation. Many privacy policies today are indeed long and complex. In 2019, the New York Times scored policies on the Lexile readability test. They found that while college students need to be able to understand texts with a score of 1300 and lawyers and doctors need to comprehend texts with a score of 1440, many privacy policies surpass these standards.

One of the main reasons reading a privacy policy might give you a headache is that they’re generally full of technical and legal jargon and are (in some cases) purposely vague. The more “elastic” the language, says The Atlantic, the fewer risks the company is exposed to and the easier it is for them to avoid lawsuits and fines.

According to Casey Oppenheim, the co-founder and CEO of an app that blocks third-party cookies online, complex language in privacy policies allows companies to get away with data gathering and sharing practices that people may not otherwise be comfortable with.

The introduction of the General Data Protection Regulation (GDPR) has made some privacy policies more readable — but not all. In 2019, Techcrunch reported that “privacy policies are still too horrible to read.” And Varonis found that following the introduction of the GDPR, 8 out of the 10 companies it looked at increased, rather than decreased, their privacy policy word count, with some increasing their reading grade level, too.


Q: Is Jitsi Meet really more secure than Zoom?

A: That’s what The Tor Project and other privacy advocates seem to think.
What sets Jitsi Meet, a teleconferencing app, apart from Zoom and other similar apps, is that a) it’s open-source, meaning that you can inspect the code, and b) you can install it on a private server so the parent company (8×8) can’t eavesdrop on your conversations. Jitsi is also currently working on offering end-to-end encryption.

However, Jitsi and Zoom are not the only teleconferencing apps out there. Computerworld has an article on other alternatives to Zoom you may want to consider. 

Back to You

We’d love to hear your thoughts about all things data privacy.

Get in touch with us. We love getting emails from our readers (or tweet us @Abine and @DeleteMe).

Share with friends! If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter. If you’d like to subscribe to the newsletter, use this link.

Let us know. Are you excited or worried at the prospect of metaverse? And how do you think it will impact our privacy? Also, are there any specific data privacy topics you’d like us to explore in the upcoming issues of Incognito?

That’s it for this issue of Incognito! Stay safe and we’ll see you in your inbox next month.