Personal
Business
Wholesale
Careers
Top Up
Pay Bill
Blog
Directory
Sign Up
search-icon
Personal
Business
Wholesale
Careers
Top Up
Pay Bill
Blog
Directory
Sign Up

Home Packs

Home Packs
Mix & MatchPre-mixed PacksSecond ResidenceOver 60sOffers

Internet

Internet
Home InternetWi-Fi CrewPlug'n'GO InternetSmart Wi-FiGO Secure NetPortable InternetFibre IslandOffers

TV

TV
TV PlansMovies & SeriesGO SportsEntertainmentRai Italia+TokisTV channel listOffers

Mobile

Mobile
Pay monthly plansTop-up plansYouth & kids planseSIM plansInternationalOver 60sGO Secure NetOffers

Devices

Devices
Device DealsSmartphonesLaptopsWearablesPlayStationHome ProductsTabletsTV DevicesSmart Hub

GO Energi

GO Energi
Complete PV systemInverter & Battery only

Moving to Malta

Moving to Malta

Support

Support
FAQsFormsUser GuidesSet up & install your deviceGO outlets & exclusive resellersContact Us

VR and AR: Protecting sensitive information in immersive experiences

03 October 2025

Personal

Share this post:

If you’ve strapped on a VR (Virtual Reality) headset or used an AR (Augmented Reality) app to place a virtual couch in your living room, you already know how magical these technologies can feel. In fact, the line between the digital and physical is blurring fast with games being more immersive and remote work feeling like sitting across from a colleague to name a few scenarios.

But while VR and AR open up exciting new worlds, they also create new streams of personal data, the kind of information most of us never think about, but that’s far more sensitive than a password or an email address. And just like with any new technology, the risks aren’t always obvious.

So let’s take you behind the curtain and explore what data VR and AR are really collecting, why it matters for your privacy and security and how you can protect yourself without losing the magic.

Why VR/AR data is different

When you scroll on your phone or click around a website, companies collect a lot, such as your browsing habits, your location, maybe your microphone or camera if you allow it. But VR and AR take this to another level. In a virtual world, your headset tracks where you look, how you move your head, what your hands are doing and even how fast your heart rate might change during a thrilling scene. Meanwhile, AR apps scan your living room, map the shape of your furniture and understand your environment well enough to drop digital objects right onto your coffee table.

And this information isn’t just technical, it’s personal. Here’s how:

Motion data can identify you – fast

In one of the largest studies to date, researchers showed that over 55,000 real VR users could be uniquely identified using only their head and hand motion. After training on five minutes of each person’s movement, they could pick the correct individual from a pool of 50,000+ with 94% accuracy in just 100 seconds.

Eye tracking reveals more than meets the eye

Eye-tracking systems, which are increasingly common in high-end and specialised headsets, can tell what grabs your attention, what makes you nervous and when you’re tired.

What can go wrong?

Some of the risks are easy to understand if you compare them to today’s internet. Hackers can still eavesdrop on networks, steal account logins or slip malicious apps onto your device. But immersive tech adds a new twist. If someone controls your headset, they control what you see and hear.

Sounds farfetched? In 2024, researchers from the University of Chicago, demonstrated what they called an “inception attack” on a popular headset. They managed to hijack the device and display a fake home screen and cloned apps that looked completely legitimate. One demo even tricked a user into approving a financial transaction that showed one amount in VR while secretly processing another. The lesson? Immersion can mask manipulation. If the platform is compromised, users may not realise they’re being deceived.

Even outside of sci-fi-style hacks, everyday data exposure can be worrying. Imagine your AR glasses scanning your living room to place virtual furniture, but those scans being stored or sold. Suddenly, a company or worse, an intruder, knows your floor plan. Or picture a VR fitness app that tracks your movements, which could reveal health conditions or physical limitations if leaked.

Man standing using VR set

The riskiest data types in VR and AR

Some data types that can be collected include:

  • Your movements: head tilts, hand gestures and body motions can uniquely identify you.
  • Your eyes: eye-tracking data shows not just where you’re looking, but what captures your interest.
  • Your surroundings: AR apps create detailed 3D maps of your room or office.
  • Your voice: social VR relies heavily on microphones, which means conversations and sometimes bystanders can get captured.

Each of these can seem harmless in isolation, but together they form an incredibly detailed profile of you, one that’s valuable to advertisers, data brokers and unfortunately, criminals.

Where attacks can happen

You don’t have to be an IT expert to understand where the weak spots are in VR and AR. Think of your immersive experience as a journey that data takes, starting on your device and travelling all the way to the cloud. Along the way, there are three main places where things can go wrong:

1. The device itself (your headset, AR glasses or phone)

If the device is hacked, out of date or running apps from shady sources, attackers can see what you see or even change what’s displayed. The “inception” demo researchers ran in 2024 mentioned earlier on is a good example.

2. The local network (your home Wi-Fi or public hotspots)

If your connection isn’t secure, someone on the same network, say in a coffee shop, could intercept your traffic. In some cases, they might even tamper with it, showing you altered content or quietly logging your activity.

3. The cloud or app platform

Finally, the services that run your apps can also be a target. Weak logins, buggy software or poor data handling practices can open the door to hackers. At this level, attackers can steal large amounts of user data at once or even take over accounts.

Using AR in the living room

How you can protect yourself

The good news is that protecting your privacy doesn’t require you to become a security expert. Small, practical steps can make a big difference. Here is what you should do:

Keep your device updated

It sounds simple, but many attacks take advantage of outdated software so updates often patch these holes.

Stick to official app stores

Sideloading apps or downloading from unverified sources is one of the easiest ways malware sneaks onto devices. So if you wouldn’t install a random APK (Android Application Package) on your phone, don’t do it on your headset.

Check permissions

If a game asks for access to eye-tracking data but doesn’t really need it, say no. Think of it the way you do with phone apps asking for your microphone or contacts.

Be cautious on public Wi-Fi

Just as with laptops and phones, connecting your headset to unsecured Wi-Fi can expose your traffic. If you must, use a VPN to add an extra layer of encryption. What to know more? Here is everything you need to know about VPNs.

Use strong logins and multifactor authentication

If your VR app ties to your bank, work or personal accounts, don’t rely on a simple password. Multifactor authentication (like a text code or authenticator app) adds protection.

Listen to your instincts

If something feels off, say the interface glitches during a payment or your environment looks subtly wrong, pause and double-check on another device. In VR, a fake screen can look very real.

VR and AR are still in their early days, which makes this both an exciting and a critical moment. We’ve seen this story before. When smartphones first arrived, most people didn’t realise just how much personal data they carried in their pockets. It took years of better design, stronger regulations and smarter habits for security to catch up. Immersive technology is now at that same turning point.

The difference with VR and AR is that the data involved isn’t just technical, it’s deeply personal. That’s why awareness is the most important first step. Companies and researchers are beginning to address the risks, but consumers have power too. Choosing trusted apps, checking permissions, keeping devices updated and being cautious on public networks all go a long way in keeping your digital life safe.

Would you like to find out ways to protect yourself in the digital age? Here is how you can understand and protect your data and how to keep your personal data safe.

Sources:
Unique identification of 50,000+ Virtual Reality users from head and hand motion data
Eye tracking in Virtual Reality: a broad review of applications and challenges
‘Inception attacks on Meta VR headsets