New Meta Quest Pro report raises serious privacy concerns — here’s why

Meta Quest Pro
(Image credit: Meta)

Meta unveiled its latest VR headset this week and while the $1,500 price of the Meta Quest Pro made headlines, the new device has the potential to change the future of remote work and online collaboration.

Unlike the Meta Quest 2, the Meta Quest Pro is a mixed-reality headset geared towards professionals that want to work in VR in a meaningful way. As such, Meta’s latest headset ships with even more cameras to allow for better body and facial tracking. 

The device’s pro-level specs and additional cameras will make it easier to interact with other avatars in the Metaverse as well as with objects in the physical world since the Meta Quest Pro can overlay digital content onto your real-world environment. 

However, a new report from Wired suggests these innovations raise several serious privacy concerns especially when it comes to how the Meta Quest Pro collects personal data from users.

More cameras means more data points

Meta Quest Pro

(Image credit: Meta)

While the Meta Quest 2 has four built-in infrared cameras, the Meta Quest Pro has a total of 16 cameras. There are five cameras in the interior of the headset as well as five on the exterior with three cameras on each of the Touch Pro controllers.

The real privacy concern though comes from the fact that eye tracking data will be shared with third-party apps.

These new interior cameras make it possible to track a user’s face and eye movements as well as their facial expressions. Meanwhile, the exterior cameras will eventually allow the Quest Pro to show an avatar’s legs by copying their movements in the real world.

By adding more cameras, Meta also now has more data points to work with. When you use the Quest Pro, the company will know even more about your surroundings, not to mention your facial expressions and eye movements. 

The real privacy concern though comes from the fact that eye tracking data will be shared with third-party apps. According to an eye tracking privacy notice from Meta, the company is adding an eye-tracking icon next to apps that support this feature though.

At the same time, the raw image data from eye tracking is processed in real time on the Quest Pro and deleted once processing is complete. Meta also won’t store this raw eye tracking image data on its servers. If you choose to delete your account, any additional data you’ve shared with the company will be “deleted or disassociated from your account”. However, as Wired points out, “insights gleaned from those images may be processed and stored on Meta servers”.

Natural Facial Expressions

Meta quest pro

(Image credit: Meta)

When the Quest Pro launches on October 25, face tracking will be set to “off” by default. However, Western University assistant professor Luke Stark who spoke with Wired believes that this won’t last for long. This makes sense as the best experiences on the Quest Pro will likely utilize both face and eye tracking and Meta will want new users to see them for themselves.

Tacking our facial expressions will make VR more realistic but it will also give Meta access to even more data.

Natural Facial Expressions is one of the standout features of the Quest Pro and when enabled, it uses the five interior cameras to estimate how your face is moving. Your facial expressions in real life will then be mimicked by your avatar. It’s worth noting that if someone else uses your headset with this feature enabled, “the raw image data and abstracted facial expressions data from such person may also be processed” by Meta unless they disable the feature, according to a separate Natural Facial Expressions Privacy Notice.

At this week’s event announcing the Quest Pro, Meta CEO Mark Zuckerberg made the case that “our nonverbal expressions and gestures are often even more important than what we say, and the way we connect virtually needs to reflect that too”. This will make VR more realistic but it will also give Meta access to even more data. Even if how the company uses this data is completely above board, there’s always the chance it could be exposed in a data breach or a data leak.

In its report, Wired also argues that all of this intimate, personal data could potentially be used to emotionally exploit people in VR. By watching how users respond to content or experiences, marketing companies could show them ads that are so relevant that they might not even realize they’re ads in the first place.

How to protect your privacy in virtual reality

A person wearing a VR headset

(Image credit: Shutterstock)

The potential privacy and security risks of VR and AR have been top of mind for researchers for some time now. In a blog post, the cybersecurity firm Kaspersky highlights some of things you should be aware of if you plan to dive face first into the world of VR.

First off, you should always avoid disclosing any information that is too personal. While you can set up an account using your email address, you shouldn’t add a credit card to your VR accounts unless you absolutely want to buy something. You can also use gift cards purchased at a physical store to avoid having to input your credit card or banking details.

When choosing a VR headset or platform, it’s important you carefully review the data privacy policies or terms and conditions. It’s worth it to know what kind of data is collected, how it’s stored and whether or not it will be shared with third parties. You should also ensure that the firmware of your VR headset is up to date as the latest updates also contain security patches in addition to new features. Likewise, you may want to consider installing and using one of the best VPNs while in VR to help protect your identity and keep your data safe.

The Metaverse may very well be the future of work and socializing online but as it stands now, it’s up to you as to whether or not you want to use it. Instead of the Quest 2 or the Quest Pro, you can always choose from another one of the best VR headsets if you have any qualms about how Meta collects and stores your data.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.