Virtual reality (VR) telepresence applications and the so-called "metaverse" promise to be the next major medium of interaction with the internet. However, with numerous recent studies showing the ease at which VR users can be profiled, deanonymized, and data harvested, metaverse platforms carry all the privacy risks of the current internet and more while at present having none of the defensive privacy tools we are accustomed to using on the web. To remedy this, we present the first known method of implementing an "incognito mode" for VR. Our technique leverages local differential privacy to quantifiably obscure sensitive user data attributes, with a focus on intelligently adding noise when and where it is needed most to maximize privacy while minimizing usability impact. Moreover, our system is capable of flexibly adapting to the unique needs of each metaverse application to further optimize this trade-off. We implement our solution as a universal Unity (C#) plugin that we then evaluate using several popular VR applications. Upon faithfully replicating the most well-known VR privacy attack studies, we show a significant degradation of attacker capabilities when using our proposed solution.

翻译：摘要：虚拟现实（VR）远程呈现应用及所谓“元空间”有望成为下一代互联网交互的主要媒介。然而，随着近期大量研究揭示VR用户可被轻易画像、去匿名化及数据抓取，元空间平台不仅继承了当前互联网的所有隐私风险，甚至更为严峻，而目前却缺乏我们在网页端惯用的防御性隐私工具。为应对此问题，我们首次提出了一种在VR中实现“隐身穿行模式”的方法。该技术利用局部差分隐私，可量化地模糊敏感用户数据属性，重点在于智能地在最需要的时间和位置添加噪声，以最大化隐私保护同时最小化可用性影响。此外，我们的系统能灵活适应各元空间应用的独特需求，进一步优化这一权衡取舍。我们将解决方案实现为通用的Unity（C#）插件，并通过多款流行VR应用进行评估。在忠实复现最知名的VR隐私攻击研究后，我们证明了使用所提方案能显著削弱攻击者的能力。