The Meta Quest 2 is the most popular VR headset of the moment. The device has not been without criticism, however. Considering Meta’s history with privacy violations, it’s important to ask: how safe is the Meta Quest 2?
As it turns out, Meta collects a ton of private data that it doesn’t really need. Additionally, the Meta Quest 2 has two main security risks:
- Cameras generate raw image data from hand tracking and eye tracking that can be used for advertising purposes, and even to identify users personally.
- Audio from voice dictation is stored for a certain amount of time and can reveal a lot of personal information.
Moreover, the Meta Quest 2 headset is not entirely invulnerable to malware. Since the device is connected to Wi-Fi, one way to improve your security is by installing a VPN over your router.
We recommend NordVPN.
Want to know more about the risks of the Meta Quest 2 and what data gets collected exactly? Take a look at the full article below!
The world of virtual reality is booming. In 2023, there will be an estimated 70 million VR users in the United States alone. That is more than 20% of the population. The bestselling VR headset of the moment? The Meta Quest 2.
Formerly known as the Oculus Quest 2, the Meta Quest 2 was first released in 2020. Since then, it’s become immensely popular. However, the headset has also raised concerns when it comes to privacy and security.
The company behind the Quest 2 is Meta, which has been involved in a wide range of privacy scandals and data breaches over the last decade. Besides privacy issues, experts have expressed their concern about the security of the Quest 2 headset, especially when it comes to protecting users against cybercrime.
In this guide, we’ll take a close look at the Meta Quest 2 and tell you everything you need to know about its privacy settings and security issues!
What Is the Meta Quest 2?
The Meta Quest 2 is the successor of the Oculus Quest VR headset that came out in 2019. In October 2022, Meta released the Meta Quest Pro, which is considerably more expensive and aimed at businesses. The Meta Quest 3 is scheduled for a 2023 release. For now, the Quest 2 headset remains the current market leader.
With the Quest 2 headset, you can bring VR right into your living room. There is a large headset you can place over your eyes, which blocks out your view and projects a virtual reality environment. With two controllers – each in one hand – you can move around, “touch” things, and immerse yourself fully in the VR world.
The Meta Quest 2 is used for a whole range of purposes. From treating people with symptoms of PTSD to providing medical training in hospitals, there are many ways VR can contribute to society. There are countless educational opportunities, and of course, you get to play games as though you’re actually in the game.
Does the Meta Quest 2 live up to expectations?
Overall, sales of VR headsets went down over the course of 2022, but Mark Zuckerberg, Meta’s CEO, doesn’t seem fazed. The Meta Quest Store is filled with games and apps to try. His vision for a virtual reality world where we work, play, and socialize is known as the metaverse: a place where people will be able to do almost anything they want.
Unfortunately, progress is slow. Haptic technology and graphics are still rudimentary. Horizon Worlds, Meta’s own social virtual reality app, is also not as popular as many had hoped. It’s unsafe for children and has been criticized for poor moderation.
The Meta Quest 2 headset itself has also not been without criticism. In Germany, the headset was initially pulled from the shelves for violating privacy regulations. Users needed their Facebook accounts to sign up, a requirement that only recently has been changed. Now, instead of being forced into a Facebook login, you can also log in with a separate Meta account.
Security: How Safe Is the Meta Quest 2?
The more time we spend online, the more our privacy is affected. With the rapid speed of technological developments, it has become a challenge to find any real privacy. Your speakers are always listening in on you, your baby monitor might be spying on your children, and your smartwatch knows more about your health than you do.
A VR headset like the Meta Quest 2 has its own security risks. Cameras and microphones are essential for making the experience as immersive as possible, but at what cost?
Meta Quest 2: Cameras
To make its VR simulation work, the Meta Quest 2 uses four infrared cameras. Theoretically, raw image data generated with these cameras can be used to create a map of the room you’re in.
The main purpose of the cameras is to gather movement data via hand tracking and eye tracking. According to Meta’s privacy policy, the cameras are used to estimate hand size and positioning. With eye-tracking data, the image quality of your VR world is improved. On top of that, the data is used to make your avatar more real by copying your eye and facial movements.
While it might sound beneficial to have your VR world be as realistic as possible, there are clear privacy drawbacks when it comes to hand and eye-tracking data. This type of biometric data reveals a lot of information about you.
Moreover, it’s almost impossible to anonymize this data since each person has unique patterns of movement. In 2019, researchers showed that it is possible to accurately identify people on the basis of raw image data collected with VR headsets. This is certainly something to be aware of before investing in a Meta Quest 2 or any other VR headset. Now, what about voice?
Meta Quest 2: Microphone
Voice data can give away a lot of information about a person. In 2021, researchers at Rutgers University-New Brunswick showed that voice command features on VR headsets like the Meta Quest 2 come with serious privacy concerns.
The Meta Quest 2 collects voice data in two different ways:
- In the first place, voice data is created when you interact with other users and talk to them.
- Secondly, you can use voice commands corresponding to certain actions that your headset carries out.
VR systems have particular cybersecurity vulnerabilities when it comes to voice. This is because, in the virtual environment, live human speech is paired with facial dynamics.
The Meta Quest 2 supports voice dictation for things like entering websites. The Rutgers University study shows that malicious actors can easily derive speech content from VR headsets like the Meta Quest 2. This can include very sensitive information only you should have access to, such as phone numbers, PIN numbers, passwords, and financial details.
Moreover, Meta has a history of being accused of listening in on users via its products. While the company may not actively tap conversations, an investigation by Bloomberg showed that Facebook paid third-party contractors to transcribe audio messages exchanged on Messenger.
Other cybersecurity risks of VR
Can the Meta Quest 2 be hacked? While Meta itself claims it’s not possible to hack into the device, experts disagree. LSU researchers have shown that VR devices, like any other piece of tech, are vulnerable to outside interference.
In fact, in 2022, a cybersecurity company called ReasonLabs identified a cyber attack called Big Brother that can record VR headset screens from Android-based devices, such as the Meta Quest 2.
The particular type of malware used for the Big Brother attack is first entered on a user’s computer, where it stays idle until a VR headset is connected to the same Wi-Fi network. Screen recording can then be done remotely.
There are also several other security vulnerabilities to keep in mind before purchasing or using a Meta Quest 2:
- Social engineering: Social engineering is the practice of cyber criminals deliberately manipulating users’ trust in order to get sensitive information out of them. Since VR relies so heavily on personal participation, it’s a great realm for criminals to abuse interactions with other people for their own gain.
- Malware: As with any other tech device, the Meta Quest 2 is vulnerable to malware. Certain VR apps can lead unsuspecting users to malicious content or even infected servers.
- Deepfakes: Motion-tracking data acquired from a VR headset is very useful for the creation of deepfakes. In turn, deepfakes are often used for revenge pornography.
Physical risks
It’s important to emphasize that VR is also not without physical risks. When immersed in VR, you’ll lose a great degree of awareness of your actual surroundings. There are countless incidents of people getting injured from playing VR and ending up with broken bones, concussions, and cuts.
While VR companies usually warn against over-use and recommend people clear their surroundings, some physical discomfort is very common, particularly eye strain and headaches.
Is it the same for the Meta Quest 2? In 2021, an investigation took place regarding rash and skin irritation caused by Quest 2’s foam face pad. Meta went so far as to recall face pads in Canada and the United States to re-examine them for unexpected substances or contamination during manufacturing. Sales were temporarily suspended.
Finally, VR can be damaging to people’s mental health. It has been associated with various psychological effects, including increased anxiety and disassociation. Meta’s Horizon Worlds has been criticized for creating an environment where harassment and abuse can thrive.
What Data Gets Collected by the Meta Quest 2?
Meta already knows a lot of information about you through its most popular apps: Facebook and Instagram. What does the Meta Quest 2 add to the portfolio? And where does the data from your VR use and your Meta account end up?
Data collected by Meta
Finding out exactly what data Meta collects from your Quest 2 use is quite the challenge. Meta has a range of privacy policies for each of its services. If you use an Oculus account to access Meta VR Products, a specific privacy policy applies to you. For users with Facebook accounts or a Meta account, a different privacy policy details what data Meta collects.
In essence, though, by using Meta Quest 2, you give Meta access to the same information, regardless of which type of account you use. We’ve outlined the most important details below.
Data | Details |
---|---|
Account | Name, email, phone number, password, date of birth, username, avatar, friend list |
Interaction with product | Interactions with VR games and VR apps, transactional information (purchase activity), information collected through cookies, type of device you’re using, its operating system, graphics processing unit, your browser, IP address, location-related data (GPS), apps you download, crash reports |
Environment and physical | Your defined play area, the position of your headset, audio data, hand tracking data, eye tracking data, fitness information in fitness-related experiences |
Camera and audio information | Raw image data of your surroundings, audio information recording in Horizon Worlds, your and other users’ most recent audio (“deleted when more time has elapsed than the rolling buffer,”) voice interactions, and commands |
Information from partners | How often and for how long are third-party services used, crash log information |
This is a vast amount of personal data that you can’t easily opt out of. When it comes to biometric data (eye tracking, hand tracking), Meta claims raw image data is processed locally before being deleted. However, data can still be derived from raw images. Meta refers to this as abstracted data.
This becomes relevant when looking at where your data ends up.
Meta Quest 2 and third parties
Besides functionality, Meta uses the information it collects for promotional services (including ads and commercial content). It is the main reason that Meta can offer many of its products for free: they combine data and profit from it by selling it to third-party advertisers.
When it comes to privacy, this is a slippery slope. The more personal and biometric data third parties get their hands on via the Quest 2, the more they’ll be able to see how users respond to cues. Advertisers—already experts at manipulating your behavior—will be able to learn, predict, and model ad tracking even better.
In a way, eye tracking functions like an unintentional “like” button we have no control over. We don’t even know what kind of information we might be giving away to companies, but they will be able to interpret it and respond accordingly. The issue is not that we might get to see a lot of ads we don’t want to see; it’s that we’ll see many ads we like and not even realize it.
This puts our privacy and autonomy at risk.
Meta: Privacy violations
Throughout the years, many scandals have come to light about how Mark Zuckerberg’s company treats user data. One of the most well-known is the Cambridge Analytica data breach.
In 2018, whistleblower Christopher Wylie informed the media that a company called Cambridge Analytica had purchased data from the Facebook accounts of tens of millions of U.S. citizens to unleash a “psychological warfare tool” online and get Donald Trump elected as president. As if the political consequences weren’t serious enough, the real legacy of the Cambridge Analytica scandal is its revelation that Facebook collects way more data than it needs.
Unfortunately, unethical data collection is but one example of Facebook misconduct. The list of transgressions ranges from spreading disinformation to failed content moderation. Facebook has been used to incite genocide against the Muslim Rohingya minority in Myanmar. In 2020, whistle-blower Sophie Zhang accused Facebook of failing to stop political manipulation by foreign governments.
In 2021, another whistleblower, Frances Haugen, leaked what has become known as the Facebook Papers, which show how Meta puts profit over people and deliberately exploits young girls’ mental health.
Can a company like Meta be trusted with all the physiological data collected by a VR headset?
How to Improve Your Privacy on Meta Quest 2
While it’s difficult to stop Meta from collecting lots of valuable data on you, there are some things you can do to make your Meta account more secure and improve your online security when using your Meta Quest 2.
1. Limit who can see your activity
We recommend limiting the amount of activity other people can see when you’re using your Quest 2. In the privacy settings of your Meta account, we recommend making the following changes:
- Change who can see your activity to “Only Me.”
- Change who can see your friend list to “Only Me.”
- Change who will get notifications about your activity to “Only Me.”
This means others will no longer be able to see when you’re online and what you’re playing.
2. Disable voice commands
Another key step to take to improve your security when using the Meta Quest 2 to is disabling voice commands. This will limit the amount of additional data Meta has access to. To do so, take the following steps:
- In your headset, go to “Settings.”
- Select “System.”
- Select “Voice Commands.”
- Go to “Voice Storage.”
- Disable “Store Voice Commands” and “Store Transcripts.”
3. Use a VPN
One of the best ways to make yourself less vulnerable to cybercrime and keep your data safe is by using a VPN. Your Meta Quest 2 is connected to your Wi-Fi network, so you can protect it by installing a VPN on your router. This way, your entire network is secure in one go.
Since VPNs use advanced encryption and an altered IP address, your data will be better protected. This means you’ll have more privacy while using your Meta Quest and be better equipped against curious hackers, too.
It isn’t possible yet to install a VPN directly onto your Meta Quest, which is why we recommend installing it on your router instead. It is likely that VPNs will extend fully to the world of VR in the near future, so keep an eye out for that!
In the meantime, we recommend NordVPN as the best solution for your Meta Quest 2. It is a fantastic, all-around VPN that offers a big server network, high speeds, and a user-friendly way to install it on your router.
4. Install secure antivirus software
You might not think it, but your Meta Quest 2 can be infected by malware, too. Luckily, the only way for that to happen is for the malware to be present on a different device connected to your Wi-Fi network first. That’s why it’s important to protect your whole network connection from threats.
A strong antivirus program will protect you from all sorts of online dangers, including malware, spyware, and phishing attacks. Although you can’t currently install antivirus software on a Meta Quest without hacking it (which we strongly advise against), you can protect the computers connected to the same Wi-Fi network with an antivirus solution so the malware can’t find its way to your Meta Quest.
If you’re looking for a good antivirus program to use on your devices, we recommend Norton 360. It offers great malware protection, is easy to install and use, and comes with many extra privacy and security options, like a password manager, smart firewall, and dark web monitoring.
Stay Cautious With the Meta Quest 2
The world of virtual reality has opened up countless possibilities for education, entertainment, and work. From playing incredible games to hosting virtual meetings with your international colleagues, the potential is very appealing.
However, when it comes to privacy, the risks are quite significant. The Meta Quest 2 is not actively spying on you via the cameras and microphone, but the amount of data that gets collected by this VR headset, both from your Meta account and through your use of the device, is excessive. While it might make virtual reality more realistic, biometric identifiers limit your personal privacy and will increasingly be used by advertisers to manipulate your behavior.
We recommend limiting who can see your activity as much as possible, investing in good antivirus software, and installing a VPN like NordVPN to limit additional data collection and keep your network protected. There’s a free NordVPN trial you can get to test out the VPN for yourself.
It is best to stay cautious when it comes to using Meta’s products and virtual reality in general.
Do you have any concerns about the Meta Quest 2? Check out our FAQ below to get some quick answers.
Yes, the Meta Quest 2 headset collects a lot of data about you. In the first place, account information such as your email, username, and profile information. On top of that, information that automatically gets collected includes your interactions with games and apps, your IP address, and location-related data (GPS).
Finally, since it’s a VR headset, the Quest 2 collects audio data, eye tracking data, and hand tracking data. This significantly affects your privacy.
Not generally, but it’s possible. In 2022, a new type of malware called Big Brother was detected. It infects your PC and stays idle until a VR headset is connected to the same Wi-Fi network. VR headset screen can then be recorded.
A more common practice, however, is other users recording interactions that happen within a VR world. Rather than looking through your headset, what you do in VR will be saved. Therefore, it’s important to stay cautious about what you do and who you interact with.
There’s not much you can do to make your Meta Quest 2 more private, but we have a few recommendations:
- Limit who can see your activity and profile
- Disable voice commands
- Use a VPN
- Download good antivirus software to protect your network
There are ways to make your VR use with the Meta Quest 2 a bit more private: not using your real name, limiting your interactions with others, and using a VPN like NordVPN.
However, you can’t make your Meta Quest 2 fully anonymous. Virtual reality requires a lot of biometric data (hand tracking, eye tracking, voice data) which can be used to identify you personally.