This paper, submitted July 28, sheds light on the unique privacy risks of the metaverse, and provides a holistic security and privacy framework for VR environments - virtual reality devices (VR), connected to virtual telepresence applications and social “metaverse” platforms.
In this study, an adversarial program has accurately inferred over 25 personal data attributes that attackers can covertly harvest from VR users, including attributes like height, age, and gender, within just a few minutes of gameplay.
Link to the paper is 20 pages long and 20 Mb in size, but a good chunk of CPE reading there, for those who are interested. As the maximum size is 9 Mb you have to go get it yourself.
The link is: https://arxiv.org/abs/2207.13176