THE term "metaverse" first entered cultural vernacular in 1992 when Neal Stephenson's dystopian science fiction novel Snow Crash hit bookshelves.
Snow Crash's metaverse described a virtual world, one that humans visit via augmented reality, the Internet, and using eye goggles.
Just like Mark Zuckerberg's vision, the characters in Snow Crash enter the metaverse embodied in an avatar of their choosing and use encrypted electronic currency to buy virtual real estate in the metaverse, much like what is happening today on blockchain-enabled virtual reality (VR) platforms like Decentraland and Sandbox.
According to Meta's blog, the metaverse is "the next evolution of social connection". Zuckerberg explains that "You can think about the metaverse as an embodied Internet, where instead of just viewing content, you are in it."
He and others see the metaverse as the next iteration of the Internet. Much like the dot-com boom in the 1990s when people rushed to buy up domain names, individuals and organisations are buying non-fungible tokens (NFTs) and planting their corporate flags in the metaverse.
In fact, the metaverse wave has reached Malaysian shores. More companies are offering virtual experiences — food festivals, games and concerts — to consumers on popular meta≠verses. Just this year, a local fashion brand sold over 6,688 NFTs, bringing in over RM3 million in revenue.
Without being overly alarmist, it's worth examining what the creation of this metaverse will entail from privacy, security, and public policy standpoints.
Stakeholders hope to learn from the early days of the Internet.
To be sure, the Internet's nascent days revolutionised commerce, but this didn't happen seamlessly. For example, websites in the early 1990s were littered with scams. Bad actors took advantage of users' unfamiliarity with the technology by creating sites to impersonate banks, organisations and other entities. Undoubtedly, phishing campaigns, crypto jacking, and other scams will be prevalent in the metaverse as well.
SECURITY AND PRIVACY CONCERNS ABOUND
From a security perspective, cyberattacks will increase significantly. There will be Internet of Things (IoT) devices and wearables from multiple vendors. Sensors will collect data from offices and homes, and metaverse companies will actively process a colossal amount of user behaviour in real time.
As mentioned before, the use of avatars will make it easier for bad actors to commit fraud, and the prevalence of cryptocurrency transactions will make it easier for them to hide ill-gotten gains.
Things are equally concerning from a privacy perspective. Companies that run the metaverse will use AR/VR devices that collect a ton of personally identifiable information (PII), including financial and personal data. After all, how else will the businesses and organisations in the metaverse verify who the users are? Even more problematic is the fact that many of these businesses will want to collect biometric data, such as fingerprints and facial recognition.
All this constitutes a level of personal data collection that is not currently socially acceptable, but in a few years, who knows? As we've seen, when it comes to giving up personal data, the public eventually acquiesces. It can be a bit of a slippery slope. The metaverse may well be a catalyst for an artificial intelligence act or a national digital privacy act that prohibits the sale of user data to third parties. Until then, however, these remain troubling, open questions that will be answered by metaverse players and market dynamics rather than legislation.
The writer is an enterprise analyst at ManageEngine