#520: Oculus’ VR Privacy Policy Serves the Needs of Facebook, Not Users

I had a chance to catch up with Oculus’ Nate Mitchell at GDC where I asked him about privacy in VR. Oculus has delegated the design and maintenance of their privacy policy to their parent company of Facebook so that Oculus can focus on providing the best VR experiences and growing the VR ecosystem. He acknowledges that there are “a lot of potential pitfalls over the future of VR and AR around user privacy” because VR has a “double-edged sword” of providing incredibly compelling immersive experiences, but that “used in the wrong way or in the wrong hands, you can be tracked probably more than you would normally expect to be.”

I learned more about the relationship dynamic between Oculus and Facebook in that Oculus isn’t thinking too much about how to use the data gathered from VR for advertising purposes, but the language in Oculus’ privacy policy is being shaped and directed by Facebook who is much more interested in using data gathered from virtual reality for advertising purposes. Mitchell claims that privacy is a top priority for Oculus, but a close reading of their privacy policy indicates it serves the needs of Facebook over consumers.

Mitchell and I also talked about Oculus’ announcement of lowering the price of the Rift + Touch by $200, their twelve new games premiering at GDC, as well as a number of important issues concerning the future of virtual reality. There are a lot of exciting new possibilities that could come from Oculus’ support for WebVR and the Khronos Group’s OpenXR initiative, but we also had a chance to talk about some of the challenges that Oculus has faced this year including some of their tracking regressions and some of the limitations of front-facing camera set ups when it comes to abstractions of embodiment.

LISTEN TO THE VOICES OF VR PODCAST

There are a lot of complicated issues surrounding privacy in VR, and Oculus has delegated the design and maintenance of their privacy policy to their parent company of Facebook. In Oculus’ letter to Al Franken, they say, “We also take advantage of Facebook’s expertise in other areas, including its large team of privacy and security professionals to help design and maintain privacy and security in our products. These collaborations allow Oculus to focus on what we do best: delivering the absolute best VR products and experiences.”

When I asked Mitchell about Oculus’ stance on privacy in VR. He said, “We are committed to really protecting user privacy. That’s one of our #1 focuses, which is why we have a super detailed privacy policy. And it goes hand-in-hand with that we are committed to being really transparent with users about what generally is being collected, and anything we’re doing with that. So that’s part of the reason why I think we have such a rich privacy policy to begin with. Also being part of Facebook, obviously, helps with that. They have an incredible team dedicated to user privacy, and they’re on the bleeding edge of that. And so that’s been great for us.”

I have to disagree in Mitchell’s assessment that privacy has been one of Oculus’ top priorities. Oculus’ top priority has been to deliver amazing VR experiences, and having a “rich privacy policy” that specifies everything that can be captured and recorded just means that it reflects the values and interests of Facebook. Facebook wants to collect and store as much data as they can, and tie back to a singular identity so they can sell advertising. On January 11, I sent an email to privacy@oculus.com to “access data associated” with my account, but I never heard anything back from them after two and a half months. If it really was a top priority for Oculus, then I would have expected to have received a response, and that there would be more systems in place for the type of transparency and accountability that is promised within the “Data Access and Deletion” section of their privacy policy.

Oculus is mostly taking a passive approach to privacy in VR where they’re prioritizing the needs and concerns of Facebook, which is reflected in how much data sharing rights are being provided to Facebook. The following is a sampling of data that when combined together could allow Facebook to determine personal identifiable information about you including your IP address, certain device identifiers that may be unique to your device, your mobile “device’s precise location, which is derived from sources such as the device’s GPS signal and information about nearby WiFi networks and cell towers,” “information about your physical movements,” and “information about your interactions with our Services.” Facebook will know that it’s your VR headset, where you’re located, and different actions that you’re taking from capturing everything you’re doing in VR and correlating it with your identity even if you’re anonymously interacting within the context of a VR experience. Once eye tracking and other technologies that can determine facial expressions are added, then there will be even more biometric data that could be able definitively identify you or whomever is using your VR headset.

Their privacy policy contains an open-ended statement about recording communications that could potentially allow Facebook to record and store all VoIP conversations: “When you post, share or communicate with other Oculus users on our Services, we receive and store those communications and information associated with them, such as the date a post was created.” Oculus denies in their letter to Al Franken that they’re recording conversations by saying, “VoIP communications are not being recorded. We do not store the content of these communications beyond the temporary caching necessary to deliver these communications to people who could be in different parts of the world.” But it’s unclear as to whether or not the privacy policy as it’s written would prevent Facebook from starting to record conversations at any time.

There have been a number of previous denials from Oculus saying that they’re not sharing data with Facebook yet, but there is actually nothing in the privacy policy that prevents this sharing from happening. For example, in Oculus’ response to Al Franken’s question as to whether Oculus is sharing information with third parties including it’s related companies they said, “Oculus does not currently share location information with third parties or related companies.” Their privacy policy certainly allows this sharing to happen at any moment, and so Oculus is basically just saying that we’re not sharing this data yet.

In response to data collection privacy concerns last year Oculus said, “Facebook owns Oculus and helps run some Oculus services, such as elements of our infrastructure, but we’re not sharing information with Facebook at this time. We don’t have advertising yet and Facebook is not using Oculus data for advertising – though these are things we may consider in the future.” Again, Oculus is diverting attention from what their privacy policy already allows by emphasizing that they’re not exercising their rights yet.

It’s almost as if Oculus is using their perceived operational independence from Facebook as a compartmentalized buffer to divert any focus on what their privacy policy is already enabling. Making statements that access to VR data streams haven’t been turned on yet do not carry much legal weight when there’s absolutely nothing stopping them from being turned on at any moment.

For example, Oculus’ privacy policy says “When you post, share or communicate with other Oculus users on our Services, we receive and store those communications.” Oculus responded to Franken that “VoIP communications are not being recorded.” But the real question is does Oculus’ privacy policy enable Facebook to start recording VoIP at any moment? Does Facebook/Oculus mean “we’re not recording VoIP yet“? Or do they mean “we never intend on recording VoIP because we would never do that?” They did not make a strong statement that they would never record VoIP, and so I have to assume that any time that I communicate with anyone on Oculus’ services that this data could be captured, stored, transcribed, shared with Facebook, tied to my personal identity, combined with information from commercial third parties in order to create a Facebook’s super profile to sell me ads either on Facebook or eventually on Oculus’ services.

In a candid moment, Mitchell said to me, “There are a lot of potential pitfalls over the future of VR and AR around user privacy. There’s never been a technology that brings so much of you into the experience, which is sort of that double-edged sword that’s the power of VR. But yeah, used in the wrong way or in the wrong hands, you can be tracked probably more than you would normally expect to be. Right? And I think that that’s only going to become more and more important as we develop new technologies that bring even more of you into the experience. And users are going to want to know and understand what’s actually happening under the hood.”

The problem with Oculus’ privacy policy is that it already provides Facebook a lot of leverage to capture and track a lot of information about you “probably more than you would normally expect to be” from just these two provisions of “information about your physical movements” as well as “information about your interactions with our Services, like information about the games, content, apps or other experiences you interact with, and information collected in or through cookies, local storage, pixels, and similar technologies.” This could already include head gaze, what you’re looking at, what you’re interacting with, and what interests you. These data streams could already be recorded and be sent to Facebook.

Oculus says that they’re using 60-second averages of physical movement data to debug their tracking. Mitchell said, “Almost all any of the live tracking we’re doing, almost all of it, is all really diagnostics focused. So if there’s a problem with your hardware, like a batch of hardware for example, we want to know that so that we can deliver a high-quality experience, and make sure that if there’s an issue with your system and reach into support, you can send us logs. And we can say, “Hey, clearly there’s a problem the Rift sensor” or something like that.”

Oculus is clearly using this data to debug and improve their technology, but it’s unclear whether Facebook could use this “physical movements” provision in order to record all sorts of eye movements, facial movements, and potentially more biometric data in the future. It’s a vague enough provision to potentially allow Facebook to capture a whole range of biometric data including eye tracking, galvanic skin response, heart rate and heart rate variability with ECG, muscle tension & facial expressions with EMG, and brain waves with EEG. This type of biometric data is usually gathered within a medical context protected by HIPAA or a marketing research context with explicit consent and privacy protections.

It’s also problematic that Oculus’ privacy policy is recording all of this data, tying it back to your personal identity, and storing it forever. The third-party doctrine is a legal theory that says that any data that you give to a third party “does not have any reasonable expectation of privacy.” This means that the government can request access to any data that you provide to any third party without a search warrant or probably cause. So the more biometric data that Facebook is collecting on us and storing forever, the less likely it is that we can have any Fourth Amendment privacy protections over any of this data. Facebook will know what you’re looking at and how you’re emotionally reacting to it, and there’s nothing stopping an abusive government from getting access to this same level of intimate data.

There are huge privacy implications that are coming with the technological roadmap of VR, and Facebook is sort of using Oculus as a technological shield to be able to develop this technology independent of the deeper advertising implications of the data that is going to be made available. When I asked Mitchell if the business models need to evolve beyond this type of privatized surveillance, he said that these types of new models are not something that Oculus is thinking extensively about right now. They’re mostly focusing on getting as many people in VR as possible. Oculus is working on the low-level implementation of VR while Facebook can think about what they’ll be able to do with all of this data.

In wrapping up his thoughts on privacy, Mitchell said, “So in summary: Very committed to user privacy. It’s something we take very seriously. It’s something we’re really focused on. We’re committed to taking care of user’s privacy. And you’re asking the right questions, keep asking them. I think right now, everything is in a good place across the industry. But that could change, and that’s something for folks like you to keep chatting about.”

Indeed this is something that the entire VR community needs to keep talking about, and it will change towards a direction that’s not a good place unless some of the deeper open questions listed down below are addressed. I’d also recommend listening to these interviews below about privacy in VR for more in-depth discussions.

Overall, in my assessment, Oculus has delegated privacy considerations to Facebook and it is clearly not a priority for them, despite Mitchell’s claims. If you have any questions regarding Oculus’ privacy policy, then I’d encourage you to follow up with Oculus via the email privacy@oculus.com. I haven’t personally received a response yet, but it’s a way to provide some direct feedback to Oculus. Hopefully they can start to implement more processes for transparency and accountability, as well as engage in deeper and more involved questions about the future of what will and will not be recorded when you’re within VR.

Other recommended interviews about Privacy in VR:

• #493: Is Virtual Reality the Most Powerful Surveillance Technology or Last Bastion of Privacy?
• #516: Privacy in VR is Complicated & It’ll Take the Entire VR Community to Figure it Out
• #517: Biometric Data Streams & the Unknown Ethical Threshold of Predicting & Controlling Behavior
• #518: Advanced Brain Monitoring EEG Metrics & Experimental VR Treatments for Neurodegenerative Diseases
• #514: Tobii Recommends Explicit Consent for Recording Eye Tracking Data
• UPDATE Feb 13, 2018:#620: Implications of Google’s Human Sensing Technology that debuted at Sundance 2018

Here are some of the open questions that should be asked of virtual reality hardware and software developers:

• What information is being tracked, recorded, and permanently stored from VR technologies?
• How will Privacy Policies be updated to account for Biometric Data?
• Do we need to evolve the business models in order to sustain VR content creation in the long-term?
• If not then what are the tradeoffs of privacy in using the existing ad-based revenue streams that are based upon a system of privatized surveillance that we’ve consented to over time?
• Should biometric data should be classified as medical information and protected under HIPAA protections?
• What is a conceptual framework for what data should be private and what should be public?
• What type of transparency and controls should users expect from companies?
• Should companies be getting explicit consent for the type of biometric data that they to capture, store, and tie back to our personal identities?
• If companies are able to diagnose medical conditions from these new biometric indicators, then what is their ethical responsibility of reporting this users?
• What is the potential for some of anonymized physical data to end up being personally identifiable using machine learning?
• What controls will be made available for users to opt-out of being tracked?
• What will be the safeguards in place to prevent the use of eye tracking cameras to personally identify people with biometric retina or iris scans?
• Are any of our voice conversations are being recorded for social VR interactions?
• Can VR companies ensure that there any private contexts in virtual reality where we are not being tracked and recorded? Or is recording everything the default?
• What kind of safeguards can be imposed to limit the tying our virtual actions to our actual identity in order to preserve our Fourth Amendment rights?
• How are VR application developers going to be educated and held accountable for their responsibilities of the types of sensitive personally identifiable information that could be recorded and stored within their experiences?

Subscribe on iTunes

Donate to the Voices of VR Podcast Patreon

Music: Fatality & Summer Trip

Rough Transcript

[00:00:05.452] Kent Bye: The Voices of VR Podcast. My name is Kent Bye, and welcome to The Voices of VR Podcast. So on today's episode, I have Nate Mitchell of Oculus. He's the head of Rift, and at GDC, they were making a couple of announcements about new games that are coming out, as well as lowering the price of the Rift by $200. But in this episode, I get to ask Nate about privacy. Just a few questions, and I'll be unpacking a lot of what he has to say at the end. I think it's probably one of the most important things that we cover in this podcast. But I also had a chance to talk to him about some of the tracking issues that they're having with the Rift at the beginning of the year, as well as some of his thoughts about OpenXR and whether or not in the future they'll open up the Oculus Home to other VR headsets, as well as some of his thoughts on WebVR. So, that's what we'll be covering on today's episode of the Voices of VR podcast. But first, a quick word from our sponsor. Today's episode is brought to you by VRLA. VRLA is the world's largest immersive technology expo with over 100 VR and AR experiences. They'll have tons of panels and workshops where you can learn from industry leaders about the future of entertainment and storytelling. I personally love seeing the latest motion platforms and experiences that I can't see anywhere else. Passes start at $30, but I actually recommend getting the Pro Pass so you can see a lot more demos. VRLA is taking place on April 14th to 15th, so go to VirtualRealityLA.com and get 15% off by using the promo code VRLA underscore VoicesOfVR. So this interview with Nate happened at Oculus' event before GDC on February 26, 2017 in San Francisco, California. So with that, let's go ahead and dive right in.

[00:01:54.753] Nate Mitchell: My name is Nate Mitchell. I'm head of Rift at Oculus. What I'm doing in VR? Leading the Rift team, sort of all up, and yeah.

[00:02:04.640] Kent Bye: Great, so maybe you can tell me a little bit about some of the news that you're announcing here today at GDC.

[00:02:09.759] Nate Mitchell: Yeah, sure. So at Oculus, we're here at GDC, we're talking about a lot of things. The first is really content. And we have an incredible content lineup coming to Rift and Touch, obviously Gear as well. We've got 12 new titles here at the show that you can actually play, at least the press can actually play. Some really exciting new titles like from other Suns, from Gunfire, we've got Artica One, as well as some brand new titles like Brass Tactics from Hidden Path. Some of the developers who've actually, you know, Gunfire and Hidden Path are good examples of developers who've now shipped a couple games in VR. And so, yeah, we're really, really excited about the content lineup in the year ahead. The other big piece of news that we're announcing is that we're actually going to be lowering the price of Rift and Touch, the bundle together, to $5.99, all in. So, you know, from our perspective, we're doing everything we can to drive the industry forward and content and price are really two of the key drivers to bringing more people into VR. So having more great games, more great experiences, you know, that obviously gets people fired up about buying Rift or gear. And then in the case of Rift, lowering the price. You know, we've done a lot to lower the barrier to entry on the PC side with technologies like ASW, AATW, and the Oculus Ready PC program, but now bringing the all-in price of Rift and Touch to $599, we think that's going to be a big win for customers who maybe haven't bought yet, and for developers who want more than anything to see even more people in VR on Rift and on Touch. So, super excited about this news, and we think it's a great way to sort of kick off the year here.

[00:03:42.973] Kent Bye: Yeah, I'm just wondering if we could take a step back and, you know, I've been to all the different Oculus Connect shows that have been there, and in the first two, there was a lot of saying, you know, this is a front-facing experience, you're gonna be sit down, you know, don't stand up, and then, of course, all the demos that we were seeing were standing up, because standing up is a bit of a presence multiplier. And yet, at Oculus Connect 3, for the first time, we heard, OK, we're going to support three camera sensors, but it's kind of like extra. It's a little bit experimental and not officially supported at the beginning. And so I'm curious to hear a little bit of like, when did it change to you were going to actually start to do more stand-up experiences and have a little bit more embodied experience, and that decision to do front-facing rather than a full room scale out of the box?

[00:04:26.997] Nate Mitchell: Yeah. So, as someone who's been a big champion of the front-facing setup, you know, one of our goals with Rift from the very beginning was making this thing just super, super easy to set up and play. And so, the experience I think most people have with Rift, when they go home, they put one sensor down, they put on the headset, and boom, they're in. That's a great experience, and that's something we're really, really proud of. I think the thinking around two sensors and three sensors, and even more than that, is really around what we're seeing from the community and from developers. Developers, I think, built a lot more, and we've discovered this too as VR developers ourselves, we're building a lot more standing up experiences, a lot more experiences where you wanted to actually walk around a space a bit more. or at least have a pretty robust 360 degree experience. Anyway, so we've been committed, we are committed to making Rift the absolute best VR product out there. We think it absolutely is. And so we've been doing a lot of work to improve the 360 tracking and even room scale experience on Rift. And that's supporting third sensors, but it's also doing more like You know, overall improvements to tracking quality. We've done a lot with the upcoming release of Rift 1.12 where we've made a number of improvements there. It's also things like in the store, giving developers more options for classifying their content and reaching the right users. You know, one goal we've had always has been anything that you buy in the Rift store should just work. And I think that's something we've done a pretty good job of. You know, if you buy a Rift, you take it home, anything you buy in the store, generally you're going to have a great experience with that piece of content. We're really, really proud of that. And we want to continue to do more in that space to give users more tools to find the content that they're excited about and give developers more tools to reach the users with the right sorts of setups.

[00:06:09.263] Kent Bye: Yeah, one of the things that I've noticed in Oculus Rift in particular is this idea of abstracted agency, meaning that there's buttons and ways that you're moving around. And the thing that I've really noticed with the front-facing is that there's an abstracted turning. You know, I tend to just kind of move around and I just even seeing a lot of the demos here, people often have to intervene and turn me around because it's a bit of a presence breaker for me to have that abstracted agency. I find that being able to actually not have to worry about managing in my mind where the cameras are means that I can more freely move around, meaning I have a deeper sense of embodied presence. But yet, with that front-facing camera, I feel like it breaks presence in a way, and that it also requires the game developers to actually design around it in specific ways. there's a room-scale experience, but yet, in order to get an experience within Noctis Home, I've heard from some developers saying that they actually have to support that front-facing. So it's actually a different game design to do full room-scale versus front-facing. So I'm just curious to hear some of those thoughts of what you've seen in terms of that abstracted presence and embodiment. You know, with that, there's advantages for having accessibility for front-facing, but I feel like there's trade-offs with presence that happen there, with that abstractions that you have to deal with.

[00:07:24.613] Nate Mitchell: I think that that's true. I think it really does depend on the piece of content. Some content, in fact, a lot of the content at the store is actually, I would say, great with a strictly front-facing setup. However, there are experiences on the Oculus Store today where maybe you want a bit more flexibility in terms of the turn radius or where a developer, like you've kind of said, has maybe a 180 mode and then a 360 mode. We do leave it up to developers and we really try to give them a lot of flexibility and how they want to create their experience. I think one thing though we do strongly recommend is, you know, ultimately majority of users out there have a front-facing setup, right? Either their gamepad user or just the two Rift sensors on their desk. And so to be able to address that market, it's generally ideal that you actually have a 180 degree mode. But again, I think we've left a lot of flexibility up to devs and all devs approach it differently. And it really does depend on the game and the experience that you play.

[00:08:20.148] Kent Bye: And could you comment a little bit as to what was happening with the camera tracking? Because it seems like there was a number of different regressions as well as people having issues with it. So you made a strategic decision to go with the camera-based tracking solution, and I feel like there's going to be in the long term potentially advantages for being able to track the full body, but yet there's downsides into maybe not having as solid of tracking as some of the laser-based tracking from the Vive. So those trade-offs, I'm just curious, what actually happened there in the QA process for being able to actually release this tracking to get it to where it needs to be?

[00:08:55.185] Nate Mitchell: So I think there's a bunch of different things to unpack there. The first is, one of the beauties that you actually mentioned on Constellation is that because it uses image sensors, as the quality of those image sensors improves across the industry, Constellation tracking will continue to get better and better and better. And that's something that we've been really excited for, and something that we're always thinking about sort of the next evolution of that. So that's one benefit to the current architecture. I'm not the right person to go in-depth into the development of Constellation and everything there, but then you started to mention some of the changes in Rift 111, the January update. So what happened there is basically that we went out to go fix a number of problems that a few users had remarked that they were having challenges with. And so in our testing, we have a pretty rigorous, as you can imagine, QA process and a lot of simulations and infrastructure just running. And what happened was is that we made a series of changes that unexpectedly made trade-offs against setups that we thought were generally unsupported. So just to give you a sense of what I mean by that, I think for our recommended setup, we say, hey, your sensor should be X far apart maximum. And we had users who were just slightly outside of that recommended bounds who suddenly said, hey, my tracking is actually degraded. And this was a big miss on our part. We weren't testing enough of these unsupported configs. And so, as users started to say, hey, I'm having some issues with my tracking, and we dug in, we found that a lot of these users hadn't followed our recommended setup guides, totally fine, but I said the changes that we'd made kind of unexpectedly degraded the tracking quality for those users. So that was a big miss on our part, and we've worked incredibly hard over the last couple weeks to make sure that with 1.12, the upcoming release, that we're fixing all of those regressions for all those users. So our goal is to get everyone back to the tracking quality they had in 1.11, if not, a little bit better. And just so you know, I think one of the nuances of this was people online, I chatted with a number of folks in the community, people online were saying either one of two things, either A, give us a hot fix right now, or B, roll us back. And one thing I just want to clarify is that tracking quality was vastly improved for the majority of our users, right? Because the number of folks using unsupported configurations was relatively low. It's part of the reason we missed it. So tracking numbers in aggregate were up across the board. So we were initially looking at all the metrics and we're like, Oh, this has fixed so many problems. But of course, we overlooked some of these users. So again, our miss, I think with 1.12, which is going to be coming out very, very soon, that's going to be rolling out to everyone. Based on our testing and some early feedback from the community, I think we've got things into a great place. And we're back to being at that high bar. But yeah, there was definitely a miss on this one. And we've learned a few lessons in the process. And we're going to be testing a lot more of those unsupported configurations going forward. Again, when we look at our resources, we have limited resources, and we want to focus our energy on really driving the quality bar for two and three sensor setups, ideally in our recommended play space area, because that's where the majority of our users are, and we want to be doing the most to improve the experience for those users. But we're all committed, I'm committed, to making sure we're not breaking anyone, and again, that was a miss.

[00:12:10.442] Kent Bye: And so I'm curious if I could hear some of your comments on the privacy policy of Oculus. There's a lot of different VR companies out there, and Oculus is actually the only one that has said so far that there's going to be recording of physical movements within VR. And I can understand how, you know, with all these different tracking issues, there's logs that need to be sent to be able to solve some of those issues. However, there's also within the privacy policy saying that some of this information eventually is going to be tied back to personally identifiable information. And it starts to get to this point where you could start to slowly erode our rights to privacy if we have an overall trajectory of VR with eye tracking and more and more intimate information, whether it's our emotional states or what we're looking at, what we're paying attention to. And so you get this phenomenon, which is that right now we're speaking on the record, right? So there's going to be things that you may think privately that you're not going to speak because it's recorded and stored forever. You know, if we're going to be in the situation where we're in virtual reality, in these social situations, but yet feel like everything we do and say and move as being recorded and stored forever in a database tied back to our personal identity, that's going to have a huge impact on both the impact of privacy but also the amount of free expression that we're going to actually have in these virtual environments. And so, first of all, what is being recorded and why does it need to be stored forever and tied back to our personal identities?

[00:13:32.693] Nate Mitchell: So first of all, just backing up for one second, I think we are committed to really protecting user privacy, right? That's one of our number one focuses. It's why we have a super detailed privacy policy. And it goes hand in hand with that, that we are committed to being really transparent with users about what generally is being collected. and anything we're doing with that. So I think that's part of the reason we have such a rich privacy policies to begin with. Also being part of Facebook, obviously, helps with that. They have an incredible team dedicated to user privacy and they're sort of on the bleeding edge of that. So that's been great for us. I think you are absolutely right that this is going to continue to be, there are a lot of potential pitfalls over the future of VR and AR around user privacy. There's never been, I think, a technology that brings so much of you into the experience. Which is sort of that double-edged sword. That's the power of VR But yeah used in the wrong way or under the wrong hands, you know You can be tracked probably more than you would normally expect to be right and I think that's only gonna become one more and more important as we develop actually new technologies that bring even more of you into the experience. And users are going to want to know and understand what's actually happening under the hood. For us right now, almost all any of the live tracking we're doing, I think almost all of it, is all really diagnostics focused. So if there's a problem with your hardware, you know, like a batch of hardware, for example, we want to know that so that we can deliver high-quality experience and make sure that, like, hey, if there's an issue with your system and you reach into support, you can send us logs and we can be like, hey, clearly there's a problem with, like, the RIF sensor or something like that. The other thing that we do right now related to user movements, because I get this question a lot, well, one user movement thing is just enabling multiplayer experiences. And so we have experiences like rooms on gear where we have multiple users, you can see where people are looking, you can see where people are selecting. So enabling that experience, we feel like that falls, I think, under the privacy policy. And by the way, we wrote a Al Franken wrote a little letter to us on trying to understand our privacy policy in more detail and the letter that we sent back to Senator Al Franken and the team is available online and so I'd encourage you to check that out. The other thing that actually this came up recently and you noted this was actually one of the more recent diagnostic things that we started tracking is actually tracking quality in the bounding boxes for example on let's say your touch controller movement. So over the course of like 60 seconds aggregated, we're actually not tracking the exact position of your controller, but we say, hey, generally, Kent's using it from like here to here. And by creating that bounding box and then seeing were there anything that sort of fell outside of that, any tracking loss issues, we can actually get a better sense for how well the tracking system is performing. And then we actually, in the case of 1.12 and the changes we were making there, we actually used that data to help inform what the issues were that we were seeing and be able to turn around changes and fixes for those more quickly. So at the end of the day, our goal is really to deliver the absolute best product experience. And we want to do that, and we want to use every mechanism we can to make sure that we're delivering a great VR experience. So, in summary, very committed to user privacy. It's something we take very seriously. It's something we're really focused on. We're committed to taking care of users' privacy. And you're asking the right questions. Keep asking them. I think right now, everything is in a good place across the industry. But that could change. And that's something for folks like you to keep chatting about.

[00:17:00.486] Kent Bye: Yeah, I think that, you know, there's a couple of things there. One is the transparency issue. So to actually have access to what is recorded. When you get into more things like facial tracking and emotional states and things like that, I'm just curious if there's any long-term plans in terms of transparency of being able to both have access to that to be able to see this is what you have that's recorded and then a larger question of the business models as to whether or not VR is actually demanding new business models as to this whole surveillance approach of tracking everything we do everywhere. Maybe we move to a different model which is you know you're willing to pay up front for an experience just like you would go to a concert let's say and you pay for that experience but yet you don't necessarily want to have everything you do or say recorded within that context and what you're looking at and stored forever. So I'm just curious to hear both on the transparency front, but also the evolving business models as to whether or not you feel like there's going to be new ways that go beyond the existing advertising paradigms.

[00:17:59.217] Nate Mitchell: So I think on the new business models front, I think it's too early to say. And we'll see. I think that advertising, especially, is going to be an interesting thing in VR, how people approach it. It's not something worth thinking about extensively right now. I mean, you know this better than anyone. Our focus really is getting as many people into VR as possible and delivering a great experience. And that's sort of the stage that VR is in all up. And so that's really where we're focused. And I do think that it'll be interesting to see how it all evolves, but it will depend on the technologies, on people's approach to the platform, to the experience development. And I think just right now it's too early to say. And what was the first question?

[00:18:39.778] Kent Bye: Just the transparency front. So just that you have access to see, you know, because right now Google has a great way to be able to see, okay, this is what has been recorded and you actually can go in and we've tracked all my locations and this is every time I've asked, okay, Google, this is a recording of my voice, but yet there's not that same level of transparency within Facebook's interface to be able to go in and dial in to see everything that they have in terms of transparency. And so, As we move forward in virtual reality, you know, physical movements is very vague. That could encompass eye movements and everything as we get more and more. And so I'm just trying to, you know, get a sense of like, okay, what's this mean? What are the trade-offs? You know, there's artificial intelligence algorithms that are going to be able to do all sorts of amazing things with this big repository of data that we're collecting. And I have no doubt that the AI teams at Facebook are thinking about what could we actually do with some of this. But on the flip side, there's trade-offs and costs to whether or not this level of intimacy that we're going to have access to people, starting with eye contact, eye gaze, emotional states, and maybe even eventually with EEGs, our intent and our thought forms, you know, on the long trajectory of VR. And so, asking these questions now to say, okay, Are we expecting to see some sort of transparency controls to be able to see what has been recorded?

[00:19:53.134] Nate Mitchell: So I don't think we have much, I can't speak for Facebook, but I can definitely speak for Oculus. I don't think we have as much on the transparency side yet. I think for us, it's still a little early. I think the sort of technology like being able to log on to Google and see the sort of information that they've stored, I think that's super valuable. And I think that's a great thing for users. And that's something I think I'd love to see us do more of. So that's something, again, it kind of goes back to, for us, we don't have necessarily every, all of this stuff nailed down as we're sort of building it out and learning a lot from the community, from the ecosystem, from each other. But that's something, again, we are super committed to user privacy. And actually, just anecdotally, something we've often talked about as part of Oculus is making sure that the sort of future metaverse is a safe place for everyone, right? That's super important to us. And in that vein, there's a really interesting question of how important is real identity versus pseudonymity or anonymity. And that is something we often talk about, less so in the space of data collection and more so just in who do I want to be inside of VR and what sort of controls can I have around my identity to make sure that I'm safe, right? Anyway, that's something we're thinking about a lot. And like I said before, we don't have all the answers just yet, but we are committed to getting it right. And these are the conversations we love having. So, you know,

[00:21:17.113] Kent Bye: And so the Kronos Group is going to be announcing the name of their VR Open Standards Initiative, that's the OpenXR. This is just a day before that's happening, but I had a chance to talk to Joe Ludwig of Valve and ask him a little bit about that. And, you know, this initiative is really exciting to me because it implies that it's going to open up the ecosystem for peripherals, but also potentially even have a little bit more platform agnosticism between the two different headsets, but yet What Joe said is that it's actually not a technical question, more of a business decision when it comes to Oculus Home and whether or not with OpenXR, this initiative from the Kronos Group, whether or not Oculus is going to make the decision to implement this standard and then make it available for if somebody has a Vive and wants to go into Oculus Home to be able to play some of these games. whether or not that's going to be possible to happen. And there still may be platform exclusives, but just generally, if you see the long-term trajectory of the SDK moving towards this trend with OpenXR, to have not a strong opinion as to having to run it on Oculus Rift.

[00:22:21.570] Nate Mitchell: So OpenXR, there's a ton of exciting stuff happening with OpenXR. We're obviously part of the Khronos group. It's something we've been big proponents of and we've been very, very active in the development of the OpenXR standard. So there's a bunch of exciting stuff happening with OpenXR, especially over the long term. And I think the opportunity to bring more easily other VR systems onto the Oculus platform and have them really treated as first class citizens is hopefully gonna be a major win. I think that the challenge, which has always been the case, is taking on the support cost of actually making sure that a new headset that's running on the Oculus platform on PC is a great experience, is actually quite high. And when you think, you know, we were talking before about, hey, how did we miss this in QA, and we did miss, you know, the issues in 111 with QA, but every time you add a new headset, the amount of support that's required is actually pretty significant. And so for us, we want to make sure that any headset that works on the Oculus platform on PC is a great experience. Super important to our approach to VR in general. And I think that's, again, one of the things that we've done really well on Rift is that, you know, when you're sitting at your desk and you pick this thing up and you put it on and you go straight into Oculus Home, everything just works. And that's really a big focus for us is that everything just works. There are a lot of other VR systems out there, especially in the PC space, that don't necessarily just work, where you have a lot of issues with setups, with different configurations, with issues with the quality of the content, or the support, or different input devices. That's something we've tried to sort of smooth out all the rough edges with Rift. We haven't done a perfect job, but I think, you know, again, if you get a Oculus Ready PC and a Rift, you're gonna have a very good, really high quality experience on the Oculus platform. That's something we pride ourselves in. In the future, I would love and we plan to bring other VR systems onto the platform 100%. It's always just been a question of when and how. And the how, OpenXR is going to be, I think, open a lot of possibilities there. We still need to make sure that any system that's called Oculus Ready, sort of in the concept of working with all the content on the Oculus Store, We still got to make sure that's a great experience. We still have to do a thorough QA, we have to understand setup. Like right now, for example, if you wanted to use some random headset on the Oculus platform, you know, one of the things we have is like a pretty robust new user experience and setup flow for positioning your sensors, for calibrating the touch controllers, for the tutorials, everything else. Building all of that for another device, that takes time. So we want to make sure that we're onboarding the right headsets at the right time. One of the key questions I have to ask myself, and we on the team ask ourselves all the time, is should we be focused on new features for Rift users and quality of life improvements and enhancements that the community is asking for, or should we look at bringing another headset onto the platform instead? For right now, we've decided mostly what we're focused on is two things. One, making the Rift experience as incredible as it can be. I think there's still a bunch of stuff we want to do there. And, focusing on OpenXR as a future where we'll have a lot more simplicity in onboarding future headsets. And we're definitely, again, very committed to the standard and the Khronos group that's been working on it has been amazing. Anyway, we should have a lot more news on all of this in the next year, two years, as we see all of this stuff evolve. But we're super excited about OpenXR and super proud of what we've accomplished there. And we really are excited about seeing additional VR headsets on the PC platform over the long term. It's just a question of when. And now there's more of a how.

[00:25:56.327] Kent Bye: So I'm just curious to hear some of your thoughts on WebVR, because I feel like WebVR is, to me, one of the most exciting things to happen within the virtual reality community, just because I feel like it's not having anybody be the gatekeeper as to what type of content is going to be out there. And there's going to be all sorts of network effects that happen with things that you can do with pulling in data from the web. I'm just really excited to see where that goes, but I'm just curious to hear your vision of where you see Oculus playing into creating your own browser as well as supporting a different WebVR as a platform within its own right.

[00:26:27.550] Nate Mitchell: I think right now, we're VR geeks. We're geeks. And we want to see all of this VR technology succeed. Rising tide lifts all ships. From our perspective, WebVR is a really exciting initiative. You just talked about a few of the reasons. But the potential to create something, be able to publish that instantly, and reach an audience that not only includes all the VR headsets out there, but also includes people on mobile devices or desktop portals, and having them be able to experience it as well. That's super exciting. And, you know, there's a debate that you can easily have on, hey, is this actually the path to the metaverse, where you have sort of this infinite amount of content able to be created that's accessible to everyone? Now, I think the challenge to that sort of debate, or the counter to the, is this the pearl of the metaverse, is like, look, WebVR is still very early, you know, when you want to do sort of rich experiences as people generally imagine the metaverse being, those won't necessarily be easily produced in WebVR. How do you have an experience that sort of cuts across, like where I continuously keep my identity across all these WebVR things that have no sort of coherency, don't really communicate with each other? So there's a lot of, you know, it's not clear that it's gonna become the metaverse, but I think we really believe that it's an incredibly exciting opportunity for developers and for users, especially when we think about how do we get more content out there, right? When we started this conversation, we were talking about driving forward the state of the industry, and in particular, aside from all the hardware and software innovation we're doing, bringing more people into VR, price, and content being the key drivers of that, right? So WebVR is an opportunity not only for users to have more content, It's also an opportunity to expand the number of people that can develop for VR. And I think one of the things we're doing in this space is the React VR toolchain that we've been working on, which really puts the power of VR development in the hands of people who are familiar with web tech. That's super exciting. And even though the web VR sort of is limited in terms of, I think, what people will create, It's going to be really exciting to have that sort of potential opened up to a broader audience of developers who maybe don't have as much experience building with Unity or Unreal, but have an idea for something that's a perfect fit for WebVR. So, we're really committed to helping drive the standard forward, improving the quality of WebVR on Rift and on Gear. Carmel, obviously the browser initiative there, we're committed to that too. So WebVR is something we're super excited about at Oculus, and I think you're going to continue to see us drive that forward and talk about it more and more as the year goes on.

[00:28:58.818] Kent Bye: Great. And finally, what do you think is kind of the ultimate potential of virtual reality and what I might be able to enable?

[00:29:07.304] Nate Mitchell: So I think the ultimate potential for VR is really around It's really hard to say because I think VR is sort of limitless in its potential and early on we talked a lot about revolutionizing games but as we draw closer and closer and closer to that sort of holodeck like experience where you're able to meet people who maybe have even passed away. or go on journeys to impossible or real locations or connect with someone through sort of like a memory, sort of a spatial memory captured in time. The possibilities are limitless and especially around connecting people to each other. I think it's a part of the reason we're at Facebook, the potential to connect people like they've never been able to connect before. I think it's all there. So I think VR, as you know, has a tremendous way to go and evolve. We're still very, very early days. We're driving forward the state of the art in a big, big way. It's a big focus for us. And over the next 10 years, I think VR is going to change dramatically from where it is today to really be something that is ubiquitous. And like any good computing platform, I think it'll transform all the jobs that we do today. and create entirely new experiences and opportunities that aren't even in existence today. So we're committed, obviously, to seeing VR through in that regard. We really do see it as a computing platform, and I think we're doing everything we can to make sure that it succeeds. I'd like to think more than any other company out there. So yeah, big thank you, actually, to the community for all the support, because it's definitely not something we're trying to do alone. It's been awesome so far.

[00:30:44.921] Kent Bye: Awesome. Well, thank you so much.

[00:30:46.182] Nate Mitchell: Yeah, my pleasure.

[00:30:47.772] Kent Bye: So that was Nate Mitchell. He's the head of Rift at Oculus. So I have a number of different takeaways about this interview is that, first of all, I think privacy is probably the most important topic here that I really want to dive into. But I first wanted to just kind of tell the story of what I see is happening here. So Oculus wants to essentially just deliver the best VR experiences. And they don't want to have to be bothered by logistics like infrastructure or the nuances of architecting and maintaining a privacy policy. So they've basically handed that over to Facebook to take care of. And from Facebook's point of view, they have this compartmentalization where they're able to essentially do all sorts of things in the future of the roadmap of where they want to take this and how they want to use all the data. And I think that Oculus is pretty earnest and not really being all that worried about trying to monetize data from virtual reality. I think that's something that's more in the purview of Facebook. And so I get this sort of compartmentalization that's happening, where if I talk to Oculus about it, it's a little bit like, oh, well, I can't speak on behalf of Facebook, so I can only speak on behalf of what we're doing, and this is what we're doing. But also, there's been a number of different statements where Oculus has said, oh, don't worry, we haven't started to share any data information yet. Whatever Nate is saying about privacy, you know, it carries a certain amount of weight, but there's also things that he's sort of reacting to me asking the question and saying things that I don't necessarily think he really means. Just as an example, he says that we are very committed to protecting user privacy. Okay, that's fine. But he says it's one of our number one focuses, which is why we have a super detailed privacy policy. Having a detailed privacy policy saying all the things that Facebook can do doesn't mean that that's necessarily protecting user privacy. What it's doing is allowing Facebook to do everything that they want in terms of eventually gathering as much data as they want. So I don't think it's true that it's been one of their number one focuses because their number one focus has been to just provide the best VR experience possible, which is what Nate essentially says later on the interview. But also, if you look at the letter that they sent back to Senator Al Franken, they said that we take advantage of Facebook's expertise in other areas, including its large team of privacy and security professionals to help design and maintain privacy and security in our products. These collaborations allow Oculus to focus on what we do best, which is delivering the absolute best VR products and experiences. And I think that is true. Like Oculus isn't necessarily caring about the advertising revenue models or what they can do with all the data. They're just the engineers trying to make it work. But in the background, we have Facebook. They are totally interested in using all this data for advertising. And they've basically architected this privacy policy to be able to turn on all sorts of data streams at any moment. And I think what I see happening is essentially Oculus saying, oh, don't worry. We haven't turned on those data streams yet. So just don't worry about it. So for example, in the letter that Nate Mitchell referred to, which is Oculus responding to Al Franken, Al Franken's asking about recording location, or are you sharing the location data? And Oculus says that Oculus does not currently share location information. OK, that's fine. They're not doing it yet. There's nothing stopping them from doing that at any time. And last year, Upload VR did a story about some of these issues about what Oculus was or was not recording, and Oculus responded. And in the last paragraph, it says, lastly, Facebook owns Oculus and helps run some of Oculus's services, such as elements of our infrastructure, but we're not sharing information with Facebook at this time. We don't have advertising yet, and Facebook is not using Oculus data for advertising. though these are things we may consider in the future. So these are a number of different instances where actually the privacy policy already gives all the legal framework to basically turn that on tomorrow if they wanted to. There's nothing stopping them from doing that at any time. Oculus is saying, don't worry, we're not passing anything over yet, just don't worry about it. It doesn't mean anything because actually it's already possible for them to do that already. Just by reading the privacy policy, there's all sorts of information that they're able to extrapolate and connect back to your personal identity. So at the end of the day, what really matters is that the privacy policy is enabling all sorts of information sharing to happen. And so it ranges from not only your physical movements, your location, communications that are happening, which is a vague enough term that I think that they've described it as being like, okay, we're just talking about forum posts, but communications with other users could eventually mean that they want to take the information that's currently just being cached with conversations that you're having, maybe run it through an AI algorithm, turn it into a transcript, and then store that data forever. I think that if you look at the privacy policy, it's written open-ended enough that they could do that, and there's nothing really to stop them, even though if they're not doing that yet. So I think there's also an open-ended amount of interpretation for what does that mean, communication? Does my eye gaze and my eye tracking, does that information, is that private or public information? Or is that physical movements of my body, which is covered in the type of data that they're able to record and store? So, I think the big issue here is that they're recording and storing all this data, they're tying it back to your personal identity, they're aggregating it with third-party data, whether it's financial data, whether it's from your bank or mortgages, or, you know, if this passes the Congress, then whatever websites you've been browsing through your ISP, that could be data that is able to be sold and aggregated with your Facebook profile. So in the privacy policy, they've basically laid out a framework to be able to gather all this data, tie it back to your identity, and to eventually sell you ads. Now, whether or not Oculus ever serves you an ad, ever, like it doesn't matter if any of these services actually get fed back into Oculus, it could be that Oculus is always just treated as this data vacuum to be able to take all this data, pass it over to Facebook, and we never see any impact of that within the virtual reality service. Now, I don't think that's necessarily going to happen. I think we're going to have all sorts of other things like galvanic skin response to see like emotional intensity or facial expressions or eye tracking. And with all those things put together, you get emotional states and what you're feeling and what you're reacting to. So depending on what you're looking at within a VR experience, Facebook's going to eventually have this profile of what has emotional saliency for you, what you're paying attention to. and who you're talking to and potentially even what you've said. And there's this moment when Nate was essentially saying, you know, we're very committed to user privacy, something we take very seriously, something we're really focused on. We're committed to taking care of user privacy. And you're asking the right questions. Keep asking them. I think right now everything's in a good place across the industry, but that could change. And that's something for folks like you to keep chatting about. Well, it's true that it's part of my role as a journalist to start to track and talk about these things, but it also could be Oculus' role to be a leader in privacy and to be able to architect a privacy policy that actually is putting in more protections for the user than enabling their parent company of Facebook to do whatever they want. I mean, I sent an email to privacy at oculus.com back on January 11th, basically asking them, OK, there's a there's a section here in your privacy policy saying that if you want to access any of the data we've recorded, just send us an email and we'll go back to you. And I sent that on January 11th and never received any response at all. So if privacy actually was a priority for Oculus, then I think I would have heard some response. But the fact that I didn't, I think just sort of reiterates the fact that they're being more reactive to privacy rather than proactive. And I think that Nate actually kind of sees that this is happening. He says that, I think that you're absolutely right. And that, you know, there's going to be a lot of potential pitfalls over the future of VR and AR around privacy, because there's never been a technology that brings so much of you into the experience. which is sort of like that double-edged sword, and that's the power of VR. But yeah, used in the wrong way or in the wrong hands, you can be tracked probably more than you would normally expect to be, right? And I think that's only going to become more and more important as we develop new technologies and bring even more of you into the experience. And users are going to want to know and understand what's actually happening under the hood. which I totally agree, that that is totally true, and that we are on this technological roadmap of adding eye tracking, galvanic skin response, facial movements, emotional states, you know, that's like, within the next couple of years, that's already going to be here. and that as I look at Oculus's privacy policy, there's nothing preventing them from recording and capturing all of this very intimate biometric data, tying it back to your personal identity, taking everything you ever say or do within a VR experience, and tying it to this super mega profile to be able to sell ads to you either on Facebook or on Oculus. So just take a look at the third-party doctrine. Look this up on Wikipedia. The third-party doctrine essentially says it's a legal theory that holds that people who voluntarily give information to third parties, such as banks, phone companies, internet service providers, email servers, and even companies like Facebook, Google, or anybody else, any data that you give over to them essentially, that you have no reasonable expectation of privacy. So what that means is that there's a lack of privacy protection that allows the United States government to obtain information from third parties without a legal warrant and without otherwise complying with the Fourth Amendment prohibition against search and seizure without probable cause and a judicial search warrant. So that means any data, any data at all that you're given over email, biometric information, anything that you're handed over to any company is no longer protected by the Fourth Amendment. You're basically forgiving your right to privacy to that information. And so this technological roadmap is essentially eroding our right to privacy. So if we suddenly decide to give over all of our eye-tracking data, all of our emotional states, all of what we're paying attention to, that's essentially like privatized Big Brother, where if the government decides to go to Facebook and say, okay, show me all the data that you have on Kent Pi, they have to essentially just hand over their entire database of all the information that they have. And I think that's what's at stake here is that what are you recording and why? I think that there's a little bit of disingenuousness here about like recording physical movements. Let's just take that as an example. You don't have to record physical movements and store them forever in a database in order to enable a multiplayer experience. Do you? No. I mean, I think even right now when Al Franken is asking, okay, are you recording all information that's happening, that's communicating with people on your service? And Oculus wrote back that the voice over IP communications are not being recorded. We do not store the content of these communications beyond the temporary caching necessary to deliver these communications to people who could be in different parts of the world. So what they're saying is that we don't need to record every single communication that's happening because we just need to cache it to deliver it. Well, that's essentially the exact same thing about recording physical movements. There's no reason why you need to record those forever. Now, from Nate's perspective, they're saying they're doing like these minute rolling windows of just trying to see if your movements are within a certain bounding box. But again, I go back to the fact that the way that the privacy policies architected and written is that it doesn't matter. The nuances of how they're technically implemented. It just matters what it's going to enable them to be able to do in the future, which is if you want to record every single movement that you do in VR, then they can record that, store it forever, tie it to your personal identity so that when the government comes to them, they just have to hand it over. So in talking to a lot of different biometrics data experts in the last number of episodes, if you want to go back and listen to the episodes I've done, go back to episode 493 to hear about Sarah Downey, talk about how giving information and data over to third parties is eroding our Fourth Amendment rights and that they should just not be recording the data. listen to episode 516 with Jim Preston talking about how privacy is a very complicated future and that it's going to take the entire VR community to really figure out some of these hard issues. Or look at episode number 517 to listen to a biometrics data expert to hear all the different data that you can start to get from biometric data and how, you know, the line between advertising and brainwashing is very thin in that as a behavioral neuroscience, he's actually very concerned about the potential for hacking these fixed action patterns, which is to be able to do a seamless response to not only advertise, but also start to shape behavior through these immersive environments. Or listen to episode 518, where I talk to a biometrics expert from the medical field and all the AI that they've been applying to this biometric data to be able to extrapolate all sorts of different medical information. So this biometric data is containing medical information that could be protected under HIPAA. But yet, this could be something as we move into the consumer VR, which has got a lot of concerns for what it means to be able to change the context over this biometric data and start to not only capture it and use it, interpret it, but tie it back to your personal identity. And then finally, in episode 514, I talked to someone from Toby who says that, from his perspective, you should always be getting explicit consent whenever you're trying to track and record eye-tracking data, because it is very intimate. So I think that Nate Mitchell is saying the right things, but if you look at what's already in place with the privacy policy, it's already kind of contradicting even the things that he says that he wants to enable. Just take, for example, this whole discussion about whether or not your identity should be anonymous or non-anonymous. Based upon all the different information that is available within the privacy policy within Oculus, they can basically put your identity back onto you. You just go through the number of things that they can combine here. So first of all, they're able to get your IP address, which, you know, that can be spoofed. So that isn't always going to necessarily tie you back to your identity. But there's certain device identifiers that are unique to your device that they're tracking. So basically, it's like a unique address that they know that it's at least your VR headset. Whether or not you're using it or not, they may not necessarily be able to know, but they'll be able to tie back your VR headset to anything that happens in that VR headset. And that eventually, if you get eye tracking, you'll be able to do iris scans and other things. I mean, I think there's going to eventually be biometric fingerprints such that, you know, based upon the information that they're getting, they're going to be able to tie that back to your identity. That's on the technological roadmap and will be available within a couple of years. your precise location based upon your IP address or if you're using the Gear VR based upon the cell phone data. So they'll be able to identify where your physical location is at. So if they already have your home address based upon your credit card number, then they could see, okay, based upon this person is in this location, then we can basically use your location to be able to unlock what your identity is. So then there's information about your physical movements, you know, that could eventually include gate detection or other sorts of ways to be able to unlock your identity. And then there's information that they give to us, which says, when you post, share, or communicate with other Oculus users on our services, re-receive and store those communications and information with them, such as the date a post was created. So I think right now when they say, such as the post when the date was created, they're essentially saying, OK, whenever you do a forum post or you're trying to get support from our support desk, then we're collecting this information. But the way that it's written basically could be at any moment they could turn that on to be able to record all of those voice over IP interactions and communications that you have and be able to store that and tie that back to your identity. So, again, if we go back to this discussion that Nate was saying is that, you know, within Oculus they've been having all these sorts of different discussions about whether or not your real identity versus being able to have a pseudonym or be completely anonymous, the importance of that being within the metaverse and what kind of controls can they give us around our identity to ensure that we're safe. and that they're committed to getting this right. The problem is, is that even if we have within the context of this VR experience, this illusion of an anonymity, if they're able to collect all this data on the backend and tie that back to our personal identity as a part of the privacy policy, then there's actually no guarantees that anything that you do anonymously within an Oculus Rift connected device within these services is that they're basically saying that we can tie that back to your identity and store it forever. So even if they give us these surface level controls, and from Oculus's point of view, on the back end, Facebook's able to essentially crack that anonymity if they wanted to, based upon all of the different data that they're already able to connect the dots and be able to determine who you are. So I guess that's a little bit what I mean is that there's things that Nate is saying, but I don't think he necessarily has really dug into the privacy policy and looked at all the implications of how already, essentially, there's no guarantees that are provided within this privacy policy to ensure that that anonymity is protected. So I think right now, Oculus is basically standing in this position of saying, okay, we're not really looking at advertising where we haven't turned on the data streams. We know we haven't done that yet. And that's essentially what they're saying is that, you know, don't worry, we haven't done that yet. But what I'm seeing as somebody who is looking at the privacy policy is that it doesn't matter if they give us these assurances that they're not doing it yet, because they could do it at any moment at any time. And I think that looking at the technological roadmap, there's nothing in this privacy policy that I see that is saying we are not going to collect and record all this biometric data. We're not going to store it forever. In fact, there is a question where Al Franken asked Oculus, how long are you going to be storing this data? And they just simply didn't answer that part of the question. They just answered other things, but they conveniently did not answer how long they're going to be storing this data. which essentially we can assume is forever. Because in their privacy policy, they say, even if you decide to tell us to delete all this data, we're going to retain it for after that. We have the right to be able to still keep it anyway. So I would encourage everybody, if you're concerned about this, to write privacy at oculus.com, ask them some questions. And that if Nate is saying this is actually one of their top priorities in the long run, and they want to get this right, then please reach out to privacy at oculus.com and send them a message, you know, send them links to this podcast or ask them specific questions of how long are you going to record this data? What are you going to do with biometric data? Why do you need to store and record physical movements forever? Why can't you cache them temporarily? What kind of protections can we have? What kind of transparency can we have within this privacy policy? How can we have some sort of insurance to build trust? So I just wanted to bring back Jim Preston from episode 516 where he said that, you know, he's not necessarily trying to go towards a dystopian future or a total utopian, but it's going to be somewhere in the middle versus a really complicated and complex issue of privacy and how this is going to really end up being worked out. And I hope that this is the start of an ongoing discussion and dialogue where we can start to not only hear from these companies what they want to see with privacy, but what they're actually going to do in terms of being able to protect our privacy in these different ways. So that's all that I have for today. I just wanted to thank you for listening to the Voices of VR podcast. If you enjoy the podcast, then please do spread the word, tell your friends, and become a donor. Just a few dollars a month makes a huge difference. So donate today at patreon.com slash voicesofvr. Thanks for listening.