The adoption of virtual reality (VR) technologies has rapidly gained momentum in recent years as companies around the world begin to position the so-called "metaverse" as the next major medium for accessing and interacting with the internet. While consumers have become accustomed to a degree of data harvesting on the web, the real-time nature of data sharing in the metaverse indicates that privacy concerns are likely to be even more prevalent in the new "Web 3.0." Research into VR privacy has demonstrated that a plethora of sensitive personal information is observable by various would-be adversaries from just a few minutes of telemetry data. On the other hand, we have yet to see VR parallels for many privacy-preserving tools aimed at mitigating threats on conventional platforms. This paper aims to systematize knowledge on the landscape of VR privacy threats and countermeasures by proposing a comprehensive taxonomy of data attributes, protections, and adversaries based on the study of 68 collected publications. We complement our qualitative discussion with a statistical analysis of the risk associated with various data sources inherent to VR in consideration of the known attacks and defenses. By focusing on highlighting the clear outstanding opportunities, we hope to motivate and guide further research into this increasingly important field.

翻译：近年来，随着全球各公司开始将所谓的“元宇宙”定位为访问和互动互联网的下一个重要媒介，虚拟现实（VR）技术的采用迅速加速。尽管消费者已习惯于网络上的数据采集，但元宇宙中数据共享的实时性表明，隐私问题在新型“Web 3.0”中可能更加普遍。对VR隐私的研究表明，仅凭几分钟的遥测数据，各种潜在对手就能观察到大量敏感个人信息。另一方面，我们尚未看到针对传统平台威胁的隐私保护工具在VR中的对应实现。本文旨在通过基于对68篇已发表文献的研究，提出数据属性、保护措施和对手的综合分类法，系统化梳理VR隐私威胁与对策的知识。我们通过统计分析与已知攻击和防御相关的VR固有数据源风险，补充定性讨论。通过聚焦突出显著的研究空白，我们希望激励并引导这一日益重要领域的进一步研究。