#715: VR Privacy Summit: Open Web Privacy Lessons for the Immersive Web

diane-hosfeltMozilla Mixed Reality’s Diane Hosfelt says, “The immersive web has all of the problems of the 2D web, they’re just magnified and they’re harder.” She says the the privacy challeges around biometric data privacy are even more dire because you can’t change your biometric signatures and you can’t recover it. Hosfelt’s job at Mozilla is to secure the Servo immersive web browser engine, and so she’s thinking about how to apply the last 20 years of open web security and privacy problems, risks, and potential mitigations to the broader immersive web community. She recently authored a post titled Principles of Mixed Reality Permissions where she lays out the “PACE principles” of Progressive, Accountable, Comfortable, and Expressive.

I had a chance to talk with Hosfelt after the VR Privacy Summit that happened at Stanford University on November 8th, where we talked about making comforable privacy and security workflows that avoid the existing permission fatigue for Cookie authorization, the limitations of occuluding biometric movements through random noise, how independent researchers reveal privacy risks by combining data from multiple sources, an exploration of many of the open privacy challenges on the immserive web, and the open problem of how to educate consumers about the capabilities of these new immserive sensors, their uses, and possible dire consequences of them.


This is a listener-supported podcast through the Voices of VR Patreon.

Music: Fatality

Rough Transcript

[00:00:05.452] Kent Bye: The Voices of VR Podcast. Hello, my name is Kent Bye, and welcome to the Voices of VR Podcast. So I had a chance to go to the VR Privacy Summit, which had representatives from all across the VR industry. There were academics, people from the medical fields, and different technologists from different companies. And one of them was Diane Hausfeld. She's on the Servo and Mixed Reality team at Mozilla Emerging Technologies, and so She's been thinking a lot about browser security and what's it mean to be on the open web and start to transform it into the immersive open web and what type of issues come about when you start to have immersive technologies that are revealing all sorts of intimate biometric data and what's it mean for you to go into a website and what are the security implications of what can that website see and how does that data have any sort of assurance that it's going to remain private. So these are the type of questions that Diane has been thinking about and she's trying to take some of the lessons from the open web and to not repeat a lot of those mistakes but also see how much harder the immersive open web is going to be in facing some of these privacy issues. So that's what we're covering on today's episode of the Voices of VR podcast. So this interview with Diane happened on Thursday, November 8th, 2018 at the VR Privacy Summit at Stanford University in Palo Alto, California. So with that, let's go ahead and dive right in.

[00:01:31.191] Diane Hosfelt: I am Diane Hossfeld. I'm on the Servo and Mixed Reality teams at Mozilla Emerging Technologies. And basically what that means is that I work on looking at how we can secure the Servo browser engine, which is written in Rust, and how I can take the ideas from my work with that and apply it more broadly towards an immersive web browser and experience and think about what are the problems and the risks, potential mitigations and how do we get to a place where we learn from all of these mistakes we've already made over the past 20 years with the web. The immersive web has all of the problems of the 2D web. They're just magnified and they're harder. We have all the same problems. They're just more, you know, I don't want to be dystopian, but they have more dire consequences. In particular, when you lose control of your biometric privacy, you both can't change that and you can't recover it. So we see that the consequences are both more subtle on the immersive web and they're potentially more risky and dangerous. And so what Blair McIntyre and I have done on the Mozilla Mixed Reality team is we've thought about what principles do we need in order to have less bad permissions in an immersive web environment. We already know that people are having trouble with permission fatigue. We just click through. I do it too. I get really angry at the cookie consent notification. And I just click until it gets out of my way. Right? So what do we need to think about while we're trying to create this web that enables casual, immersive experiences with both alone and with other people in a virtual and augmented space? And what we've come down to is what we're calling the PACE principles. And this is progressive, accountable, comfortable, and expressive.

[00:03:44.985] Kent Bye: Nice. And so what were some of the mistakes of the 2D web that, if we don't pay attention, we're going to fall in and repeat in the immersive web?

[00:03:52.668] Diane Hosfelt: Well, so the one off the top of my head is the visited design rule. So you have a web page, and you've visited some links on this web page. Well, now, if that page can tell the difference in color of links, it knows what you've visited, which we call the trivial history leakage bug. So things like this, how do we protect your history, right? And what are these confounding factors? And it's not just from the 2D web, it's like generally the number of sensors and especially the always-on capabilities that we're looking at to enable very rich experiences. You know, you can use the accelerometer of your phone. It can be used remotely to determine what your pin is. And then you've leaked how to unlock your phone. And there are all sorts of things where we have these sensors and we think that we know the types of data that they can expose. But then independent security researchers come along and they combine it with other sources of data that are either appropriately or inadvertently leaked. It's just so hard to tell what the possible consequences of combining these sensor datas are. And it's even harder to communicate that to your average person. When we have experts in the field not connecting these dots until an independent researcher points it out, how can we expect my 93-year-old grandmother to understand this. But then we also want to be able to use these VR experiences in places like nursing homes, right? That's already happening.

[00:05:38.214] Kent Bye: And maybe you could talk a bit about some of the metaphors or lessons that you get from the cryptographic security aspects and what type of aspects can be applied to the privacy dimensions of virtual and augmented reality.

[00:05:51.199] Diane Hosfelt: So definitely one problem can be the granularity of data that you can collect using either a single sensor or a combination of sensors on these devices, particularly head-mount devices. We can draw a parallel between that and timing side-channel attacks, right? And the reason I say this is that a mitigation for timing side-channel attack, which is where you have two simultaneous executions happening on the same hardware and one is potentially malicious and it can tell based on timing events, like it can extract cryptographic key data based on how long it takes a certain algorithm to do, right? And one potential mitigation for this is actually to introduce noise. However, if you have a non-random mathematical distribution and then you insert a random noise generator over that, it can be possible still to extract that non-random data out, particularly if your random data isn't as good as you think it is, and we as humans are terrible with randomness.

[00:06:59.975] Kent Bye: And I guess one of the things that you have cookies in the 2D web, but in the immersive web, there's a sense of being able to track all sorts of sensitive data of what you're looking at, your biometric data. And I guess if you think about the open web, you're going to have all these entities that are out there. seems like a bit of a Wild West as to what they're going to be able to potentially capture and use and for whatever context. And so how does that come down to servo and the browser level? What type of methods do you implement to be able to either mitigate or minimize? Or how do you even approach that? Or is it just a giant open question as to how we navigate all of this?

[00:07:34.448] Diane Hosfelt: I would say it is an open question, and that is why one of the principles is accountability that we've thought up for these PACE principles, right? Because with accountability, if you know what pages are collecting, sending, storing, persisting, right? Or say that you've given an application or a webpage access to files on your device and they're changing files. Well, they need to be accountable for these things that they do. And this might be like a slightly wonkish approach here, but something that we're seeing after the Spectre and Meltdown causes of attacks that were published earlier this year. is browsers either have moved or are moving to what they call site isolation or process isolation, where different origins run in different processes, so that we can avoid the interference of processes that can leak these side-channel datas, and in particular, this concern is speculative execution. But the end result is we are isolating sites in their own processes to minimize these data leakages. And what that actually allows us to do from a web perspective is now that we have, we know the process that's running, say, DuckDuckGo.com, right? Well, now we know what DuckDuckGo is doing, because before we kind of had all of these origins running in the same process. And that can be very difficult to track the accountability of, like, Is my camera on for just this side or is it on for all of this? Who's actually getting this data? Etc. So there are advances, right, that we're in the midst of that I think are going to help with accountability, which really underpins all of this.

[00:09:26.942] Kent Bye: One of the things that was mentioned today was Lightbeam as a tool to be able to give some transparency as what is actually being tracked, and that's a Mozilla extension. And also, what would that look like in VR, and to be able to show what the potential, maybe dystopic possibilities are. I don't want to give people bad ideas, but at the same time, I'm curious to hear your perspectives on Lightbeam as an educational tool in terms of what's happening, and is there going to be needing some sort of similar thing within immersive technologies to be able to give some sort of visualization as to what's at risk here?

[00:09:56.218] Diane Hosfelt: I think it is a great idea and that is now on my to-do list. So I don't have an answer for you right now, but I am definitely going to think about it and try to work on that, because we've been discussing how can we educate people. It's a hard problem, it's not obvious, and it's definitely a personal goal of mine for the near future, is how can we educate people about the censors, their uses, potential consequences, and the fact that informed consent on the web really isn't informed right now.

[00:10:28.685] Kent Bye: And for you, what were some of the big highlights of the VR Privacy Summit or takeaways that you're leaving here with?

[00:10:34.641] Diane Hosfelt: I am particularly excited to get the input of people from especially the medical community because once we're trying to steal this idea of informed consent, which of course originates and permeates medical research as well as medicine, right? They've been through a lot of this. They've saw, well, they haven't solved. They've thought about these problems. They have these review boards trying to remove bias and everything. And when we are in an XR or an MR paradigm, right, we've introduced a new dimension of physicality to our technological experience, right? You know, we're literally taking over people's senses. And so that's very tied in with ideas of bodily autonomy and behavioral modification, all of these kind of scary things. So it's exciting to me to be able to speak to and learn from people who do this research in the medical arena. And what can we learn from a privacy-preserving perspective?

[00:11:41.078] Kent Bye: Great. And for you, what's the ultimate potential of virtual and augmented reality and what it might be able to enable?

[00:11:49.756] Diane Hosfelt: Oh gosh, that's a hard question. I mean, the dream is Apparition, right? So I live abroad. My family's in the States and I live in England and I miss my family a lot. So really the dream is that we create this more connected, more global world and I guess we can create more empathy in previously isolated communities and create more of a world that sees all people as people. And then for me personally, I get to be closer to my family virtually. But more generally, I think that if we all just come together and appreciate our similarities more than our differences, which is very, very real in a virtual world, that the world will be a better place. God, that sounds silly, but I think that that's the ultimate promise.

[00:12:45.315] Kent Bye: Great. Well, thank you so much for joining me today.

[00:12:47.196] Diane Hosfelt: Thank you so much. It was great to meet you.

[00:12:50.132] Kent Bye: So that was Diane Hausfeld. She's on the Servo and Mixed Reality team at Mozilla Emerging Technologies. So I have a number of different takeaways about this interview is that first of all, the immersive open web is going to be all the same problems of the open web, but more, just more difficult and more challenging in so many different ways. So one of the things that happens generally on the open web is that there are these independent security researchers who are constantly thinking about different ways of finding security breaches and security holes and how to take information and start to combine it in interesting different ways. And so that was one of the things that I think that coming from the open web community, you get a little bit better appreciation in terms of how you can start to piece together information. And it's not that that information on its own is damaging, but then when you start to combine it with lots of other information, it can create this aggregate picture. And so one of the things that Diane is saying is that we're going to start to see a lot from independent researchers of taking a lot of this biometric and immersive data and start to combine it with other data that's available and to start to extrapolate all sorts of different information and insights about individuals. This is already starting to happen to a certain extent, just in terms of what kind of biometric information and gait information, how you walk and how that could be considered personally identifiable information, because people's skeletal structures and how they move their bodies are pretty consistent. I mean, if you've ever spotted someone that you know walking really far away, sometimes you can just detect who someone is just by the way that they're walking and so if you take that into VR you have this idea that it's actually going to be very difficult to have anonymous embodied immersive exploration because instead of having this incognito mode you're already broadcasting so much information about your biometric data and that if you try to add noise on top of that then what Diane is saying is that that's not going to make any difference because if the noise is truly random then you're able to still see a very specific mathematical structure that's emerging out of that and so While I've tried that approach in the past, it doesn't necessarily even work because mathematically when you add noise to something that is a non-normal distribution, then you can still extrapolate that non-normal distribution from that. So if you're trying to hide or occlude your movements within virtual reality with random noise, then it's just not going to work. I mean, the other thing is that whenever you're in a virtual environment and you're broadcasting information to other people within that context, then there's nothing really to stop them from capturing that information. And so not only do we have to worry about what happens if these individual companies are storing all this biometric data, but what's it mean to have this biometric data generally available for anybody to start to capture and record? It's going to be a lot more difficult to have controls around that. So there's been a big push around talking about de-identified data when it comes to some of these biometric data. And I think that as time goes on, my suspicion philosophically is that it's going to find more and more biometric signatures that are coming from this data that's being stored. They're going to be able to unlock it in different ways. I mean, in some ways it's already a non-trivial thing to do that for certain things because it's so easy to start to unlock this information. That was one of the things that I think that was coming up at the VR Privacy Summit was just to look at what that data is and how that's already personally identifiable information. And how to exactly navigate that and deal with that I think is a whole other range of issues that I think the VR industry is just now beginning to start to reckon with in some ways. But that overall, Diane's been looking at some of these lessons of the open web and looking at permission fatigue and trying to find if there's other ways to just make that whole process a little bit easier. Maybe it's a machine readable declaration that you're able to declare that you don't want anybody recording cookies on you. So Diane and Blair McIntyre have put together these PACE principles, which is the Progressive, Accountable, Comfortable, and Expressive. And so on November 2nd, there is a blog post called Principles of Mixed Reality Permissions, where Diane and Blair had put together this blog post exploring all these various different issues. She talks a lot about informed consent, which is that there has to be disclosure, comprehension, and voluntary agreement that they're actually consenting to whatever is happening. And so there's lots of things that can happen on the web in terms of either taking over your website or asking for permission for your microphone. And so the risk is that if you're not really paying attention to that, then you could have malicious actors start to do all sorts of crazy stuff with either activating your microphone and start listening into it. And so there's a lot of security features that are built in to prevent those types of things from happening. But there's this general philosophy that they're developing, which is that the permissions should be progressive, accountable, comfortable, and expressive, these PACE principles. So the progressive web is just the concept that you're getting better and more and more functionality as you move forward, and that you should have some sort of insight that as you're adding more and more capabilities of these different sensors, that you are at each step of the way consenting to allowing tracking of your different head tracking data, for example. There's different possibilities for either leaking information or turning on your camera on your mixed reality device. You could start to scan what's happening in your room. You could start to capture other people's faces. If you're capturing accelerometer data and you're typing in your password, you could start to leak information from your password. Diane goes into this deep dive into all the different risks that are out there, and there's a lot more risks than I think we're necessarily aware of. Then there's the dimension of accountability, which is that once you activate a permission, you should be able to either revoke the access to that permission, or you should be able to have some sort of accountability mechanism to be able to get some sort of insight as to what data are currently being collected or monitored by that page. This is one of the problems that I had with Oculus privacy policy, because it's essentially like I had a conversation, an interview with them where they were saying, oh, no, we're not recording any of this. But according to how the privacy policy was written, the day after they talked to me, they could completely change their mind. they have no obligation to tell me or anyone else in the world that they are actually now doing that when the thing that they told me on the record that they're not doing that currently at that moment, that's only at that moment in time. And so to have no accountability mechanisms for what data are actually being covered means that the privacy policies can be so broadly written in that there's no sort of transparency or accountability as to what data are actually being recorded at any moment. And so trying to build that level of accountability into the open web I think is going to be even more important, especially as you're going to these different websites who may or may not be able to have access to some of this information. And if they are having that access to that information, if it's an immersive web experience, then what are they doing with that data? As time goes on, we're going to start to see more and more independent research from what types of things you can do with that data that are being collected. At this point, there's enough scary stuff that I think is possible that if you read through this blog post, it starts to link off to some of that. But I think it's only a matter of time before they start to realize that when you put all these different data from these different sensors together, what type of information you're going to be able to extrapolate from that. The other principle is comfortable. She talked about the permission fatigue that happens from clicking on the cookie authorization notifications, and it is annoying for a lot of people. I mean, the cookie notification would be a lot different if it was like actually an option and a choice to just opt out of those cookies. Then you could have some sort of machine readable setting in your browser that you could say, you know what, I don't want any companies recording or saving any cookies. You just make that as a setting and it's a machine readable code that's sent out and that would be a completely different way to doing that and it would be a lot more comfortable and I think that some of those best practices of how to actually do that are probably going to be needing to be figured out as we move into the immersive web where I think it's going to be much more data that is going to be made available that's going to allow you to do some different things but there's also different security risks are involved with that and it has to be a a comfortable experience otherwise you're just going to fatigue people out and they're just going to say it's not worth clicking through all these buttons all the time in order to actually give explicit permission. And finally there's the expressive dimension of permissions where there's going to be a couple classes of either dangerous or not dangerous types of permissions that you can grant and there's got to be a way to bundle those together in some sort of comprehensive way. Just as an example there's the audio data or the camera that's on the VR headset anybody that you go to a website they could start to activate and start to eavesdrop on what you're saying. They could also start to potentially capture the front-facing camera data from the headsets. So just being mindful that there may be explicit permissions that are made available or not made available and that there's going to be a way to combine and make it just more dynamic because there's going to be a lot of different sensors that are going to be made available over time. So a big takeaway is just that the security on the web is very complicated and nuanced and it is only going to get a lot worse as we start to add more and more data and more and more information into these immersive web experiences and that I'm just super glad that there's Mozilla who's looking at these issues to really try to figure out what are some of the best practices for permissions on the immersive open web. So, that's all that I have for today, and I just wanted to thank you for listening to the Voices of VR podcast, and if you enjoyed the podcast, then please do spread the word, tell your friends, and consider becoming a member of the Patreon. This is a listener-supported podcast, and so I do rely upon your donations in order to continue to bring you this coverage. So, you can become a member and donate today at patreon.com slash voicesofvr. Thanks for listening.

More from this show