Edges of the Metaverse, Part 3 of 6: Protecting Privacy & Consent for Our Digital Bodies

The metaverse challenges us to stretch our collective imaginations to the edges of our digital experience.

While building the navigation engine for the metaverse, we at Lighthouse have grown accustomed to thinking about its edge cases, mysteries, and unresolved dilemmas.

And we’d love to invite you into some of our late-night musings.

In this third installment of our six-part series, The Edges of the Metaverse, we talk to builders about constructing a metaverse that respects — rather than restricts — our individual dignity, autonomy, and agency.


Key Takeaways

  • The metaverse can enhance and expand the breadth of the human experience, bringing us closer together and enabling the previously impossible — provided we have the right frameworks in place to protect user privacy and consent.

  • Many builders in the web3 space are working to create shared standards, ethical frameworks, and interoperable technologies to safeguard user freedom, safety, and consent while traversing virtual worlds.

  • At Lighthouse, we believe that your sense of exploration and play should be grounded in cognitive consent and unencumbered by unfair information extraction, covert manipulation, and concealed influence.


Many of us in web3 and the metaverse want to reinvent the web and lay down new pipes because we didn’t like it over there, so to speak. That is, we envision immersive digital spaces that support rather than subvert basic human freedoms, expanding the capacity for societies to flourish in a way that the “default” web has failed to embrace and enable.

That is not to say that the latter doesn’t hold joy, or beauty, or splendor. Quite the opposite: the modern world does hold all these things — and humanity deserves to enjoy them without struggling against the negative externalities that contemporary digital life has normalized.

Afforded the generational opportunity to rebuild the web’s critical infrastructures from first principles, Lighthouse — like so many of our friends in web3 — is committed to shipping products that sidestep the familiar patterns that lead to the same surveillance that has defined the internet for the past 20 years.

We get it: forging new paths through the dark forest is harder than falling back on old habits — even if some of those habits haven’t served us well. Humanity is a cyclical history of repeated mistakes. (Or, as Balaji Srinivasan put it, a gradually-ascending helix):

Regardless, when we normalize dysfunctional patterns, they act like gravity wells — and we don’t even notice that we’re being pulled into the same Molochian trap that hurt us last time. The very elements of web2 that blockchain technologies claim to reject — namely, surveillance capitalism and disregard for sovereignty and consent — are already starting to crop up in crypto in new and troubling ways.

One element that the open metaverse must re-examine critically and redesign wholesale is how worlds treat user identity and privacy. Digital security is already paramount, but it will become absolutely existential in the metaverse, where we and possessions are nothing BUT data. In fact, as our lives grow increasingly digital, we should upgrade our understanding about our personal boundaries and bodies to encompass our data — because online, all we are is data.

A Mental Catch-Up

So how do we bring our mental models for digital privacy and consent up to speed with where the tech is headed? Our Twitter Space last year, “Avatars, Identity & Privacy in the Metaverse” (part of our Meet the Metaverse series) explored exactly this topic.

“When I think of my ideas in this space, I start off with the physical space where we hang out every day,” said Evin McMullen on the Twitter Space. Evin is the founder and CEO of Disco, which builds “data backpacks” to help users self-custody their identity data and reflect it to the world the way they choose.

You wake up. You get out of bed. And when you do, you immediately interact with mobile devices, smart home devices, computers, and other applications and services. “The business model of web2 surveillance capitalism is that each of these interfaces is optimized to consume as much data about us as possible,” Evin added.

That data is then used to provide us with personalized experiences, but also to display ads informed by our data exhaust — the digital trail of metadata we leave behind as we traverse the internet — and algorithmically optimized to convince us to buy things at exactly the moments and contexts when we are most susceptible to influence. Sometimes, this influence is consensual, but most of the time, it is inferred and not warranted nor wanted.

In the web2 world, most of us aren’t in a position to take custody of our identity data. We have no means to reduce our data exhaust to serve only our explicit, declared preferences instead of leaving insights for advertisers to mine for psychological vulnerabilities.

“We’re leaving these little shards of ourselves with bread crumbs of our activities in various different applications, but you know we don’t wake up in the morning with dreams of logging in,” Evin said. “The kinds of experiences that we are enabling are largely dictated by parties that didn’t really ask us what we wanted. And so the intention of consent, the volition of our activities, is dictated by the designers of applications that we had no participation in bringing to bear.”

Building Self-Custody as a Habit

M3 steward Jin, who goes by @dankvr on Twitter, conceals his physical identity online despite his prominence as a speaker, hacker artist, and VR developer. While that decision comes with some tradeoffs, it has allowed Jin to explore the benefits of participating in the new possibilities of a virtual web3 economy with anonymity. “People don’t want to dox themselves, for many good reasons,” Jin said during the Space.

Getting identity data storage and transfer rights will involve trial and error — both for product designers and for users themselves. Jin suggested a fun and surprising way for users to develop new and unfamiliar self-custody habits with less liability involved. “Digital pets can be a pretty big catalyst for self-sovereign ownership of data and also as vessels for AI,” Jin said, adding that refining the technology with pets instead of people could help address the “uncanny valley” effect where humans feel a sense of unease or even revulsion toward highly realistic depictions of the human form.

Making secure avatars and other identity mechanisms as approachable as a Tamagotchi has a bit of UX genius to it. The psychological phenomenon of developing emotional attachment to machines, robots, or software agents has been dubbed The Tamagotchi Effect, and it helps simulate aliveness while limiting some of the risks associated with overexposure of personal data. “Pets are so forgivable. If they’re a little derpy, it’s fine,” Jin explained. “It can also become a catalyst for digital ownership of keys and hardware wallets as well, if we transform the design. I just think we can make it more fun, into something like a Tamagotchi.”

Towards Interoperable Identity

There are broader ways to view metaverse identity than just your avatar in a virtual world. For Disco, identity encompasses all the ways by which people express themselves online — including the names we go by, the actions attached to that name, and the amount of information users consent to providing to others.

“You go by a lot of different names out there in the world. You have a Bitcoin address, an Ethereum address, a Twitter handle,” Evin said. “We consider the metaverse as your ability to show up in any digital or physical environment, and receive a personalized experience based on the parts of yourself that you choose to share.”

Disco is building tech that lets users discreetly convey those traits wherever they may choose to go virtually, while also allowing them to verify key identification data without revealing all of their connected identities at once. “Our identities are not fixed, and public, and permanent, and we need metadata that will be similarly flexible,” Evin said.

That’s a challenge in the traditional web2 application ecosystem, where impersonation of large accounts or notable figures is rampant on social platforms like Twitter or Discord. “Until now, there really hasn’t been an independently verifiable way to prove your ownership of handles or identifiers across platforms,” Evin said.

Shared standards are necessary for contextual privacy protection and identity management without having to wade through confusing terms of service and legalese: performative documents that practice "consent theater" that nobody understands anyway. This makes interoperability of avatars and other virtual assets critical for a safe and accessible metaverse. Eugene Capon, a social media futurist and advisor for the XR Safety Initiative, said that he views identity as the “8th layer” of the metaverse, referencing the seven layers defined by Beamable CEO Jon Radoff.

“When we have cross-platform compatibility with social identity, I think that’s really when we’ve won this next generation of the internet,” Capon said.

The Rights to Representation

ToxSam.eth, the CEO of Crypto Avatars, a platform for creating interoperable avatars that can be monetized for artists, said that those common standards will help when it comes to transferring the visual (ie. graphical) representations of those identities across virtual ecosystems.

However, ToxSam.eth also noted in the Twitter Space that another actor may want to have a say when it comes to avatars — the creator who built the avatar in the first place. For example, some avatar builders may not want their creations to be used in sexually-explicit settings.

“I believe that if I create something, I should be able to define what is going to be, you know, the licensing behind it,” ToxSam.eth, and whatever restrictions may be imposed as a result of that.

That tension between the desires of the avatar designer and the avatar user may be resolved in the future in a number of ways. Users might buy AI-generated avatars from a provider that doesn’t impose any expectations for how the avatar is used. In addition, there will most likely be a host of avatar designers who don’t place any restrictions on their creations once they are sold, also allowing users to craft an identity around that avatar unencumbered by anyone’s input but their own.

Advertising is also highly dependent on how platforms and technologies treat aspects of identity, data, privacy, and consent. While most traditional companies use cookies to track your online whereabouts, cookie tracking is being phased out as governments start discouraging the practice. But with on-chain avatars, advertisers could use public wallet addresses to identify potential customers and track their actions.

In advertising, there might be ways to draw on zero knowledge principles, where a user can decide who gets to view their data and under what conditions. For instance, they might declaratively state that they are in the market for new sneakers and agree to receive ads related to them — but prevent ad targeted based on inferred interests from their data exhaust.

Evin noted that asking about ways to allow users to sell their data is often the wrong question. “We are all digital immigrants here in web3, and we’re going to need some trust cues brought along to help us understand what actions of ours have consequences,” Evin said. “Once users are in a position of taking custody of their data, we can invite a conversation around what it means to license that data.”

That conversation will need to involve simple fixes, such as possibly finding ways to serve up personalized display ads without providing too much information, of course. However, it will also require much deeper level conversations about the permissions we grant and the security we should expect as we interact with each other on the internet.

“Right now we are living in a system of coercion. We are striving toward a system of consent,” Evin said. “Consent is sexy, as we know. But what is really sexy is mutual enthusiasm informed by enthusiastic, affirmative consent to dive head into the experiences that we want to be a part of.”

Check back next week for Part 4, where we imagine how the spatial internet will change the familiar domains of tracking and analytics.

In the meantime, come world hop with us! Our Chrome extension makes navigating the spatial internet dead simple.

Get it here: https://extension.lighthouse.world

Subscribe to Lighthouse
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
Verification
This entry has been permanently stored onchain and signed by its creator.