Home » Business Topics » Metaverse

Security Issues in The Metaverse

cybersecurity vulnerability Log4J and hacker,coding,malware conc
Your data will be a target for hackers in the Metaverse. Image: Adobe Stock [Licensed]
  • Issues that will affect the metaverse range from hacking to cyberbullying.
  • Proposed solutions are far from perfect.
  • We may see end-to-end encryption disappear soon.
  • The only real solution might be not to enter the metaverse at all.

The advent of the metaverse compounds a list of existing security concerns. The addition of another dimension to Web 2.0 brings with it more opportunities for cyberbullying, exploitation of sensitive information, and property theft.  While each area of concern has targeted solutions, we have a long way to go before the metaverse will be a safe space to store and share information.

User information and Messaging

“[The metaverse] is going to aggravate the preexisting privacy issues that we’re not currently dealing with very well.”

Caglar Yildirim, direction of Northeastern University’s Mixed Reality Research Group [1].

Experts agree that data surveillance, collection, and extraction will be present in the metaverse. More user information will be collected and distributed than ever before, due to the immersive blend of virtual and real worlds. Multiple sensors will collect an array of sensitive personal data, ranging from heartbeat patterns to detailed social interactions. Once in the metaverse, that information will not be directly under your control, making it a ripe target for hackers or prying eyes.

Many solutions to protect personal information have been proposed. These include [2]:

  • Encrypting information before it enters the metaverse.
  • Face swapping and 3D model replacement, which uses machine learning to create a computer-generated version of a user’s face or body.
  • Matting: Matting software identifies the foreground object (you) and distinguishes it from the background (your chaotic dining room).

Face-swapping and matting won’t provide full anonymity unless you can encrypt your data. End-to-end encryption, which completely protects your data by encrypting your sent message with a key, is already used in apps like Signal, Telegram, and Wickr [3]. However, there are signs that end-to-end encryption is coming to an end.

Governments have long been trying to persuade tech companies to allow a “backdoor” into private messages. With the recent passage of the EARN IT act [4], aimed at preventing child sexual abuse material (CSAM), we may see that happen sooner rather than later. According to an article on Stanford Law [5], end-to-end encryption “…is likely to be targeted as being contrary to best practices for preventing CSAM” because if a file is unreadable due to encryption, that makes CSAM difficult to detect. If lawmakers are successful in dismantling end-to-end encryption, it will leave your messages open to unwanted surveillance and malicious actors [6].


Cyberbullying is an enormous cultural issue, with about 16% of school age children reporting online harassment [7]. It is already difficult to detect because it can be done anonymously using pseudonyms or by hacking into a victim’s social media accounts. The metaverse will provide even more opportunities for bullies and stalkers to cloak in anonymity, becoming a place for where bullying and harassment are rife.

“Those [harassment] issues have not been resolved and they’re going to happen, I have no doubt. It seems reckless at this moment to move into that space without even thinking about it.”

Communication Studies Professor Brooke Foucault Welles [1].

One way to tackle this is with shielding—the ability of an avatar to block certain keywords or scenarios around them like a class bully, or a stalker; The offensive words or scenario don’t disappear from the metaverse, but the user is shielded from it [2]. The tool won’t work in every situation because sometimes harassing and bullying behavior is nuanced and difficult to detect. A second option is for a user to simply cloak or teleport away from the offensive behavior. While that can stop exposure to the behavior, the downside is that it happens after the user has been subjected to the abuse.

Theft and Counterfeit Goods

Counterfeit goods have become ubiquitous in Web 2.0 and will certainly be present in the metaverse. One proposed solution to digital theft is invisible watermarking, but watermarking has been shown to be ineffective against theft and may easily become unreadable [8]. The blockchain may be a solution to the problems of ownership, traceability, and transfer of property, but there are problems with that too: MIT’s Technology Review warns that “the security of even the best-designed blockchain systems can fail in places where the fancy math and software rules come into contact with humans, who are skilled cheaters.” [9]

The Nuclear Solution

The simplest solution to solving all these security and privacy concerns is to prohibit users from entering the metaverse in the first place [10]. If that Draconian measure doesn’t come to fruition and you do choose to enter the metaverse, do so at your own risk.


[1] Metaverse Privacy

[2] Metaverse: Security and Privacy Concerns

[3] What’s App Loses Millions of Users

[4] Blackburn & Colleagues’ EARN IT Act Closer to Becoming Law


[6] Encryption: A Tradeoff Between User Privacy and National Security

[7] Bullying at School and Electronic Bullying

[8] Digital Watermarks

[9] How secure is Blockchain really.

[10] The social metaverse: Battle for privacy