What it Would Take to Make the Metaverse a Safe and Secure Place

Guy using the metaverse

“The metaverse has not yet decided what it wants to be when it grows up”, was the provocative statement made a few days ago by the entrepreneur and digital art expert Elizabeth Strickler in a TED talk. It can become "a tremendous vessel for human creativity", as Strickler herself predicts, but also "a bad copy, a pale substitute for the internet, which will dilute many of its virtues and deepen its flaws", as lawyer and activist Micaela Mantegna believes.

Certainly, this new persistent and perpetual virtual environment has existed in some form since the launch of the Second Life gaming platform in 2003, but despite its evident progress and the enormous expectation it has managed to arouse in a couple of years, it has yet to consolidate and define itself. At this stage, it is an imminent promise, yet remains a big question mark. The term metaverse has been in circulation since speculative fiction writer Neal Stephenson coined it in his novel Snow Crash, but it is still more of an expectation than a concrete, tangible reality, regardless of the efforts of companies such as Meta, Microsoft and Google to colonise it.

 

This is the "non-place" where we will be spending a lot of time

In addition to the uncertainty, we do know that the metaverse will offer different frameworks for highly immersive virtual interaction, and that a wide range of goods and services will increasingly be accessible and economic transactions will take place in the metaverse. We will spend a lot of time and money in the metaverse. Similar to how social media have evolved, it is set to become the new epicentre of leisure, social relations and consumption. This is a tremendous opportunity, but it also entails significant risks and threats.

In a very comprehensive article for the Pew Research Center, writer and university professor Janna Anderson predicts that by around 2040, the metaverse will be "a vast platform of ultra-realistic interactive experiences based on Extended Reality (XR) technology that at least 500 million people will access regularly". Anderson defines Extended Reality as "an increasingly complex combination of Augmented Reality and Mixed Reality powered by the extensive use of Artificial Intelligence systems".

Anderson also admits an alternative working hypothesis, "that the metaverse will end up falling short of the potential that its promoters and proponents attribute to it". But there is no doubt that this is an area of activity in which very significant developments will take place in the short and medium term. And that, like any other scenario of mass human interaction, it will have to be regulated and protected, creating "a new ecosystem of security and trust", as noted by digital entertainment expert and World Economic Forum researcher Cathy Lee.

Public institutions and user communities, companies or (increasingly evident) private security services will play a role in the creation of these rules of secure operation.

 

Crime and psycho-social challenges

psychosocial challenges

Metaverse and Web3 development experts such as Jon Radoff, Davi Ottenheimer and Kajal Tharwani agree on the identification of a number of specific risks. Here are some of the main ones, beginning with the ones directly related to potential crimes:

Identity theft or impersonation. Some experts believe that, unless very robust technological solutions are adopted, identity theft could become particularly easy in the metaverse, with the economic, social and reputational consequences that this would entail. A practical example: recent articles suggest that medical professionals are seriously considering the possibilities of the metaverse as an environment to provide therapeutic services. If someone managed to impersonate these professionals, it would undoubtedly pose a serious threat to public health.

Ransomware. The use of malicious software that holds data and computers hostage and demands a ransom to get them back has become one of the fastest growing cybercrimes at the moment. It is increasingly affecting e-commerce (45% of digital retailers have been attacked by e-commerce in 2021 according to a study by UK security firm Sophos) and could find fertile ground in the metaverse, as user profiles in this environment are expected to include much more information than those on social media.

Social engineering attacks. This is the name given to strategies of deception, persuasion and manipulation used to capture a person's confidential information, such as access keys to current accounts, cryptocurrency wallets, encrypted networks, etc. The frequency and intensity of social interactions in a playful and highly immersive environment such as the metaverse can lead to a substantial increase in this type of deception and scams.

Phishing. Perhaps the most rudimentary, but also the most indiscriminate and massive variant of social engineering. In this case, the scam is usually based on the impersonation of a trusted person, institution or company, something that could become relatively easy as millions of people around the world become accustomed to interacting with multiple interlocutors in a new environment every day.

Deepfakes. Technological manipulation of audiovisual content has reached the level where even some experts find it difficult to distinguish a deepfake from a legitimate video or audio. This is a new tool for spreading self-serving lies or potential impersonations that is already being used successfully on social networks and could become even more effective in the metaverse. A widespread concern among experts is that they become a weapon to cause reputational damage not only to individuals or public figures, but also to companies present in the metaverse.

Harassment and cyberbullying. A major cause for concern among educators and mental health professionals. The widespread prevalence of digital harassment, bullying or lynching scenarios on social media, especially targeting vulnerable individuals, raises concerns that the problem may be even more serious in virtual environments that offer users particularly intense and close-to-reality experiences.

Sexual harassment and other privacy-related crimes. Another type of aggression or crime that is very frequent in networks and that could be exacerbated in the metaverse. Cathy Li warns that the use of highly immersive technologies such as haptic gloves, which provide tactile interaction with Extended Reality environments and avatars, can make an experience of sexual harassment in the metaverse very real for the sufferer.

Data security breach. This will depend, to a large extent, on the legal protection framework that is consolidated in the new environment and on the degree of responsibility of the ecosystem of companies that proliferate within it. Few experts doubt that, at least in the short term, this is one of the main challenges the metaverse must face if it is to become a safe and secure place.

 

Post-reality and its health risks

post reality

What about use of company issued equipment in public areas? Are employees trained to never use public, coffee house or hotel Wi-Fi networks? Any of these can be easily monitored by a hacker. Once your company equipment is on that open-source network, the hacker can monitor every keystroke, every website you visit, and possibly intercept files being sent.

Using a company issued “hot spot” device and VPN is preferable. Using a company issued laptop while traveling is normal. Using it while on a plane or train might expose your sensitive or confidential information to nearby prying eyes; a simple filter, applied to the screen, can make it nearly impossible for someone to read your screen without being directly in front of it.

Stay updated with the latest security trends and analyses by following Prosegur's blog.