cancel
Showing results for 
Search instead for 
Did you mean: 

Senator Al Franken`s letter to Oculus CEO over privacy concerns

DrOculus
Adventurer
It seems the privacy concerns surrounding the Oculus Rift automatic collecting and sharing of user data such as "users physical movement`s and dimensions"...and also that Oculus does not guarantee any of the data it collects about users to be 100% secure and holds no responsibility for its theft if that were ever to occur has gained more attention.
Senator Al Franken has written to Oculus CEO Brendan Iribe with a whole host of privacy questions regarding the Oculus Rift

Here is the link to the letter http://www.franken.senate.gov/files/letter/160407OculusLetter.pdf

I think it is a good thing that people have this debate as we go forward with this new VR technology and the whole automatic collection of user data and its sharing be addressed. Especially when the data collected is given no guarantee that it is 100% secure and there is no opt out option for the data collection and no option to have you`re data anonymized.
60 REPLIES 60

Dreamwriter
Rising Star
But, the Rift software doesn't collect any data like that, and the data *is* anonymized. And it's sent encrypted too.

DrOculus
Adventurer


But, the Rift software doesn't collect any data like that, and the data *is* anonymized. And it's sent encrypted too.


It does collect data like that and it`s in the privacy policy and this is why this Senator has sent a letter to the CEO of Oculus for clarification....have you read the Letter?

Amatyr
Protege
I'd assume they have to share user data about physical movements and dimensions with 3rd parties to make multiplayer possible, right?

DrOculus
Adventurer

Amatyr said:

I'd assume they have to share user data about physical movements and dimensions with 3rd parties to make multiplayer possible, right?


from the Privacy Policy...
 
"2. How do we use information?...
We use the information to do a number of things that help us provide our Services to you and our partners. Here are some examples:

    To provide our Services. We use the information we collect to provide you with the Services you use or request. For example, we use this information to:

        Provide you with hardware, content, games, apps, and other experiences;

        Create accounts and user profiles;

        Communicate with you about our Services;

        Enable user-to-user communications;

        Provide technical support;

        Notify you about updates to our Services; and

        Customize your experiences based on your online activities, including the content, games, apps, and other experiences you interact with; the other online services you use; and other information we collect.

    To improve, and develop your experience. We also use the information we collect to understand and improve our Services and to develop the virtual reality ecosystem. For example, we may use the information to:

        Solicit and analyze input and feedback about our Services;

        Identify and address technical issues on our Services;

        Conduct and learn from research about the ways in which people use our Services; and

        Improve services offered by others, such as third parties that offer content, games, apps and other experiences on our platform.

    To market to you. We use the information we collect to send you promotional messages and content and otherwise market to you on and off our Services. We also use this information to measure how users respond to our marketing efforts.

    To promote safety and security. We use the information we collect to help promote safety and security, such as by investigating suspicious activity or violations of our terms or policies and protecting our or others' rights or property.


DrOculus
Adventurer
...sorry this is directly below "Information about your physical movements and dimensions when you use a virtual reality headset."...
Third parties may also collect information about you through the Services, as described below.

Related companies. We may receive information about you from other companies that are within the family of related companies that are legally part of the same group of companies that Oculus is part of, or that become part of that group, such as Facebook, and may combine that information with other information we collect about you. View a complete list of related companies at https://www.oculus.com/en-us/related-companies/.


ColinB
Adventurer
Interesting post but senseless to post it here.
With their Oculus type rose colored glasses and the juvenile fanboys who ONLY want their CV1 no matter what, your post will not be taken any notice of.
It's because of the attitudes of people like these that surveillance is becoming rife and unfortunately acceptable.
Seriously, posting such things in a group/forum like Oculus with  the average age probably around 15, if that, is an exercise in futility.


 

Dreamwriter
Rising Star

DrOculus said:



But, the Rift software doesn't collect any data like that, and the data *is* anonymized. And it's sent encrypted too.


It does collect data like that and it`s in the privacy policy and this is why this Senator has sent a letter to the CEO of Oculus for clarification....have you read the Letter?


Do you have a link to anything about how the Rift software is currently sending motion tracking data? Because I have a link to exactly what data is being sent from the software, and nowhere in it is any mention of user's physical movements or dimensions. The only data being sent is stuff that has nothing that anyone would care about, no privacy concerns at all. It's sending things like how long it takes Oculus Home to load a scene, if it ever crashes, average framerate, if you have the required specs, things like that. The data is encrypted, and no personal information is being sent to tie it to the user.

https://www.reddit.com/r/oculus/comments/4ddj1g/what_oculus_network_traffic_contains/

DrOculus
Adventurer



DrOculus said:



But, the Rift software doesn't collect any data like that, and the data *is* anonymized. And it's sent encrypted too.


It does collect data like that and it`s in the privacy policy and this is why this Senator has sent a letter to the CEO of Oculus for clarification....have you read the Letter?


Do you have a link to anything about how the Rift software is currently sending motion tracking data? Because I have a link to exactly what data is being sent from the software, and nowhere in it is any mention of user's physical movements or dimensions. The only data being sent is stuff that has nothing that anyone would care about, no privacy concerns at all. It's sending things like how long it takes Oculus Home to load a scene, if it ever crashes, average framerate, if you have the required specs, things like that. The data is encrypted, and no personal information is being sent to tie it to the user.

https://www.reddit.com/r/oculus/comments/4ddj1g/what_oculus_network_traffic_contains/



From the reddit post you linked...but taken the users names out..."Question is someone asking the Question..."Topic Poster"" is the guy who did the analytics reply...
"

[–]Question 15 points 3 days ago 


"Quote Topic PosterThe Analytics I found are only the ones for Oculus Home, and as such may not include Analytics sent from services."




I thought everyone cared about the service. After all, wasn't it the
OVRServer_x64.exe service that was contacting a Facebook endpoint? Not
Oculus Home.



Has anyone decompiled/captured the data that's being sent from the services?




[–]Topic Poster2 points 3 days ago 

Nope,
I haven't found where the .dlls for it are stored, and there's no
guarantee they'll be in a decompilable format even if they are. Hence
why I put the warning up that it only pertained to Oculus Home.




Also in the Oculus  Privacy Policy...
"1. What kind of information is collected?///......
Information Automatically Collected About You When You Use Our Services. We also collect information automatically when you use our Services. Depending on how you access and use our Services, we may collect information such as:  .............

Information about your physical movements and dimensions when you use a virtual reality headset.

Why put "Information about your physical movements and dimensions when you use a virtual reality headset." if they are not going to do that?...that Privacy Policy is telling you they are going to do that...why put it in the Policy if they are not going to do that?




Dreamwriter
Rising Star
Um, the top comment under that guy's one was about the service. You only had to look one post down to see it. The one that starts
I did the same analysis for the oculus service a while ago. I also used fiddler but you need to set the service to use a proxy manually.
(Copied pasted from my notes while looking at the service)
TL;DR: Oculus wants to know if your system meets their recommended specs and make sure that the software is kept up to date

It doesn't matter what they say they may at some point in the future do, what matters is what they are doing.