When Oculus released the Quest and Rift S, everybody looked at the guardian feature with heart eyes and drool falling from their mouths. It wasn’t until after the release that the masses started to question what information these cameras were gathering, and who was gaining access to them.
The Rift S has an LED indicator that tells the wearer when the camera is active, yet many users found inconsistencies in the times camera was active and when the LED indicator was on. The VR community has been rumbling about this for quite sometime now, and Facebook has finally released a statement on the matter. Although it is late, it is better than never. If you look at the Privacy Policy on the two headsets and the Terms Of Service, neither discuss how the footage captured by the camera is used or stored. Upload VR reached out for a comment, and this is what Facebook said in response. (Note that they say “today” multiple times, not ruling it out how things will work in the future)
Facebook’s Statement
“The sensors on Quest and Rift S are primarily used to create a 3D map of your environment, which helps locate your headset and controllers in a known space so Quest/Rift S can work and keep you safe. This data is processed on the headsets.
The only information we keep on our servers today consists of performance metrics that don’t contain any recognizable detail about your environment. These metrics help us improve [the inside-out tracking system]. We don’t collect and store images or 3D maps of your environment on our servers today—raw images are not stored anywhere, and 3D maps are stored locally on the headset for Quest, and on your local PC (where you have access to delete it) for Rift S. This makes it possible for Quest/ Rift S to remember the playspaces you’ve already set up in multiple rooms.
We’ll notify users if collecting this information on our servers is required for future VR experiences we provide on Quest and Rift S, for example, co-located multiplayer experiences. (That said, it’s worth noting there are a few scenarios when users can opt-in to providing this information today: For example, when livestreaming, a user can choose to stream passthrough footage and thus that footage may be stored off platform/on their streaming surface—similarly, when submitting a bug report to Oculus a user can elect to include passthrough footage if it’s relevant to the report)”
Update
In more recent news, the company released a much less promising statement. In this one, we hear that they aren’t doing anything to stop hackers from gaining access to the cameras. This feels like the company has an “oh well” approach to their customers privacy.
- Like the white LED on Quest, the blue LED on Rift S indicates when the headset’s cameras are active; this is a hardware function which can’t be circumvented with software.
- If a hacker gains root access to Quest or the Rift S host system, it would be possible to access the cameras on the headsets (similar to a camera on a compromised smartphone or PC).
- Third-party developers cannot access the headsets’ cameras in any way.
Facebook says that hackers could gain access to the cameras, but third party developers don’t have access to them. If a game developer decided to try to hack in to your headset and see what you’re doing with your headset, Facebook would have nothing to stop that.
If you are familiar with the role that Facebook played in the 2016 US election, this could be alarming to you. Facebook has shown time and time again that they don’t mind sharing your information, regardless of how you are giving (or having it taken from you) to them. We hope we get a better response from Facebook in the near future, and it has a little more promise and resolve in it. For now, we have to live with what we don’t know.
