The metaverse, “the new generation of the Internet” according to Zuckerberg, has turned the tech world on its head and split opinion on its growing reputation as the new Web 3.0. And it’s not just Facebook that has publicly set out to make the metaverse a reality; other companies like Samsung are also on the trail of the metaverse.
The metaverse represents a new interface through which people will interact with each other in the future. The metaverse is what could come after the social web. But as much as it is discussed, no one really knows what the future holds for the metaverse – and above all, what challenges the transition to the metaverse will bring – especially in the area of data control and IT security.
Web 3.0: The revolution of the Internet
Let’s first approach the mysterious nature of the metaverse: The so-called Metaverse is supposed to be the new evolutionary stage of the Internet. It is supposed to create digital, three-dimensional worlds of experience in which people can meet and interact with each other. It enables users to move around in a completely new virtual reality. With tools such as VR glasses, they can immerse themselves in this new dimension through augmented reality (AR) and virtual reality (VR).
By the way, the was first used in 1992 in the science fiction classic Snow Crash by Neal Stephenson. In the novel, people flee a world of poverty and violence into a virtual and three-dimensional space where they can exist as avatars. While this is not a future we want for our world, there are some elements that our current online world and the evolving metaverse could benefit from.
The metaverse in Stephenson’s novel is managed by a fictional IETF equivalent, an Internet technology working group that defines and establishes standard operating protocols for the Internet for the benefit of its users. This is a far cry from the non-fictional Internet, which was and is built with the economic profit of large corporations in mind.
Flashback to The 2000s: What Can We Learn from The “Second Life” Era?
In the 2000s, “Second Life” already existed as a 3D simulation world. In 2003, the “Second Life era” began with a virtual world in which users could move freely and live out their ideas and dreams. The idea came from Philip Rosedale, who also founded the parent company Linden Lab. Even today, this company is still steering the fortunes of “Second Life”. Basically, it is a 3-D simulation whose design depends entirely on the users.
They design the terrain, create houses and stores, and design clothes for the avatars who spend time in the virtual world. However, the Second Life era also shows what can go wrong, and with its growing success in the late 2000s came problems: for example, the platform repeatedly made headlines for sexual content. Other users set up virtual banks with sometimes dubious offers that were not adequately warned against. In addition, the offer of virtual casinos raised the question of how virtual gambling should be regulated.
Ultimately, Linden Lab decided to ban gambling and betting. One thing is clear: The new generation of the Metaverse will also have to face many of the questions that existed back then with “Second Life” some of which still exist. In the process, some important things will have to be clarified: Who controls what online worlds look like and what can be created in them, the platform provider or the users? What actions are permitted in the online world? And who earns in the process when a transaction is completed in a metaverse?
Metaverse Tools and Our Data Security
The concept of metaverse is closely related to technologies such as artificial intelligence (AI), augmented reality (AR), and virtual reality (VR). Virtual reality technology involves the use of 3D computer modeling, a type of graphic design, to immerse in a 3D virtual environment. AR allows virtual objects to be integrated into the real physical world. In Facebook’s future business model, AR, VR, and related hardware will play a central role.
Just recently, the company introduced Ray-Ban Stories: A pair of sunglasses that allow the wearer to take and share photos and videos, as well as receive calls, via a tiny camera. Zuckerberg says Ray-Ban Stories are an important step on the road to immersive AR glasses. Smart glasses open up a whole new set of possibilities for Meta, not only to collect more data about their users, but also about anyone who is around them.
However, with the use of AR and VR, there are concerns that tracking opportunities could increase. If Facebook, for example, provides not only the interface standard but also the necessary hardware, the possibilities of tracking circumvention could become smaller. Another problem: If virtual reality purchases are tied to the respective Facebook account and it is deleted, all digital purchases could be lost.
This dilemma became visible with the virtual reality glasses “Oculus Quest 2”: In 2014, Facebook acquired the VR glasses manufacturer Oculus and has been selling its products under the original brand name ever since. Initially, Oculus headset owners could simply log in with an Oculus account when using their device – no direct connection to Facebook was required. Over time, however, this began to change.
For example, Facebook required users to connect their Facebook and Oculus accounts to access Oculus Venues. The “Oculus Quest 2” goggles were the first virtual reality goggles to require a Facebook login. But many users:inside criticized this change of plan by Facebook. However, Facebook accounts may soon no longer be required for VR, and existing users may be able to log out of their accounts.
What Can Companies Do to Protect Their Customers’ Data? What Should Users Look out For?
Building secure metaverse worlds is not a zero-sum game with only one winner and many losers. Rather, it is a Nash equilibrium in which each player must consider the decisions of the other players when determining their own strategy. In order to protect the data of companies and users in the metaverse, the metaverse needs a regulating and regulatory framework.
The EU’s General Data Protection Regulation (GDPR), the first of its kind, comes closest to providing such a framework, as it is one of the strictest data protection laws in the world. Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), passed in 2001, also lags years behind the Internet. The GDPR is not dependent on any particular interface and could theoretically apply to the Metaverse as well.
It is therefore questionable whether regulation can keep pace with future developments in AR and VR and what development the Metaverse will take in a few years. If the GDPR had been introduced in 1991, when the Internet data transmission protocol http was developed, the right to data protection and anonymity would certainly be assessed differently today. In order to create a secure metaverse, it is necessary to learn how to handle data and security in the metaverse.
In addition, the metaverse could also lead to problems with the authenticity of individuals and how authenticity and authentication are related in virtual worlds. In particular, as far as federated identities and high-quality authentication are concerned, the technology has not yet developed very far. Therefore, users should be as cautious as possible when it comes to using their identities on the Internet and determine exactly what data they want to disclose. Before companies rely on the metaverse, they should think about the possible consequences for data security and potential security risks in advance. Don’t wait until it’s too late.
What Other Unintended Consequences Are Looming?
It’s hard to predict what the metaverse will mean for businesses and their IT security. In the metaverse, enterprises may be more vulnerable to a new type of cyber threat, such as potential hacking attacks. Since the metaverse is still in its early stages for most companies, it is not yet possible to predict what impact the new technology might have on a company and how it might be used against them. One thing is certain, however: those who master the standard, the underlying principle, will also master the metaverse in the end.
Therefore, we should approach and evaluate new technologies with a critical and cautious attitude. It is important to understand the extent of the metaverse’s power and influence and to figure out how best to use it for the benefit of the masses and prevent it from serving only a few. It is especially important to critically evaluate new developments. We need to learn how these new technologies work to prevent the metaverse from becoming something that no one wants – except the corporations that make money from it.