METAseen: analyzing network traffic and privacy policies in Web 3.0 based Metaverse

Yu Beiyuan; Liu Yizhong; Ren Shanyao; Zhou Ziyu; Liu Jianwei

doi:10.1016/j.dcan.2023.11.006

›› 2025, Vol. 11 ›› Issue (1) : 13 -25. DOI: 10.1016/j.dcan.2023.11.006

Original article

METAseen: analyzing network traffic and privacy policies in Web 3.0 based Metaverse

Author information +

History +

PDF

Abstract

Metaverse is a new emerging concept building up a virtual environment for the user using Virtual Reality (VR) and blockchain technology but introduces privacy risks. Now, a series of challenges arise in Metaverse security, including massive data traffic breaches, large-scale user tracking, analysis activities, unreliable Artificial Intelligence (AI) analysis results, and social engineering security for people. In this work, we concentrate on Decentraland and Sandbox, two well-known Metaverse applications in Web 3.0. Our experiments analyze, for the first time, the personal privacy data exposed by Metaverse applications and services from a combined perspective of network traffic and privacy policy. We develop a lightweight traffic processing approach suitable for the Web 3.0 environment, which does not rely on complex decryption or reverse engineering techniques.
We propose a smart contract interaction traffic analysis method capable of retrieving user interactions with Metaverse applications and blockchain smart contracts. This method provides a new approach to de-anonymizing users' identities through Metaverse applications. Our system, METAseen, analyzes and compares network traffic with the privacy policies of Metaverse applications to identify controversial data collection practices. The consistency check experiment reveals that the data types exposed by Metaverse applications include Personal Identifiable Information (PII), device information, and Metaverse-related data. By comparing the data flows observed in the network traffic with assertions made in the privacy regulations of the Metaverse service provider, we discovered that far more than 49% of the Metaverse data flows needed to be disclosed appropriately.

Keywords

Metaverse / Privacy policy / Traffic analysis / Blockchain

Cite this article

Download citation ▾

Yu Beiyuan, Liu Yizhong, Ren Shanyao, Zhou Ziyu, Liu Jianwei. METAseen: analyzing network traffic and privacy policies in Web 3.0 based Metaverse. , 2025, 11(1): 13-25 DOI:10.1016/j.dcan.2023.11.006

登录浏览全文

4963

注册一个新账户忘记密码

Data ontology

CRediT authorship contribution statement

Beiyuan Yu: Conceptualization, Investigation, Writing - original draft, Writing - review & editing. Yizhong Liu: Project administration, Supervision. Shanyao Ren: Visualization, Writing - review & editing. Ziyu Zhou: Resources. Jianwei Liu: Methodology, Project administration.

Declaration of Competing Interest

No conflict of interest exists in the submission of this manuscript. I would like to declare on behalf of my co-authors that the work described was original research that has not been published previously, and not under consideration for publication elsewhere, in whole or in part. All the authors have approved the enclosed manuscript.

Acknowledgement

This paper is supported by the National Key R&D Program of China (2021YFB2700200), the National Natural Science Foundation of China (U21B2021, 61932014, 61972018, 62202027), Young Elite Scientists Sponsorship Program by CAST (2022QNRC001), Beijing Natural Science Foundation (M23016), Yunnan Key Laboratory of Blockchain Application Technology Open Project (202105AG070005, YNB202206).

References

Publishing order | Descend order by publishing year | Descend order by cited within

[1]	J. Erazo, P. Sulbarán, Metaverse: above an immersion in reality, Metaverse 3 (2) (2022) 8.

[2]	X. Huang, What is the metaverse? —In the view of philosophical perspective, Meta-verse 4 (1) (2023) 12.

[3]	A. De Lucia, R. Francese, I. Passero, G. Tortora, Development and evaluation of a virtual campus on second life: the case of secondDMI, Comput. Educ. 52 (1) (2009) 220-233.

[4]	M.N.K. Boulos, L. Hetherington, S. Wheeler, Second life: an overview of the potential of 3-d virtual worlds in medical and health education, Health Inf. Libr. J. 24 (4) (2007) 233-245.

[5]	J.D.N. Dionisio, W.G. Burns III, R. Gilbert, 3d virtual worlds and the metaverse: current status and future possibilities, ACM Comput. Surv. 45 (3) (2013) 1-38.

[6]	P. Kapahnke, P. Liedtke, S. Nesbigall, S. Warwas, M. Klusch, Isreal: an open platform for semantic-based 3d simulations in the 3d internet,in: International Semantic Web Conference, Springer, 2010, pp. 161-176.

[7]	M. Bolanos, M. Dimiccoli, P. Radeva, Toward storytelling from visual lifelogging: an overview, IEEE Trans. Human-Mach. Syst. 47 (1) (2016) 77-90.

[8]	F.A. Alabdulwahhab, Web 3.0: the decentralized web blockchain networks and pro-tocol innovation, in: 2018 1st International Conference on Computer Applications & Information Security, IEEE, 2018, pp. 1-4.

[9]	S. Murugesan,Understanding web 2.0, IT Prof. 9 (4) (2007) 34-41.

[10]	Q. Li, Y. Diao, Q. Chen, B. He, Federated learning on non-IID data silos: an exper-imental study, in: 2022 IEEE 38th International Conference on Data Engineering, IEEE, 2022, pp. 965-978.

[11]	M. Hummel, K. van Kooten, Leveraging NVIDIA omniverse for in situ visualization, in:High Performance Computing: ISC High Performance 2019 International Work-shops, Frankfurt, Germany, June 16-20, 2019, in: Revised Selected Papers, vol. 34, Springer, 2019, pp. 634-642.

[12]	T.F. Tan, Y. Li, J.S. Lim, D.V. Gunasekeran, Z.L. Teo, W.Y. Ng, D.S. Ting, Metaverse and virtual health care in ophthalmology: opportunities and challenges, Asia-Pac. J. Ophthalmol. 11 (3) (2022) 237-246.

[13]	P. Fernandez, Facebook, Meta the metaverse and libraries, Libr. Hi Tech News 39 (4) (2022) 1-5.

[14]	H. Cui, Z. Xu, C. Yao, Will the metaverse be the future of the internet?, in: 2022 8th International Conference on Humanities and Social Science Research, Atlantis Press, 2022, pp. 2165-2170.

[15]	A. Gupta, R.K. Jha,A survey of 5g network: architecture and emerging technologies, IEEE Access 3 (2015) 1206-1232.

[16]	L. Jensen, F. Konradsen, A review of the use of virtual reality head-mounted displays in education and training, Educ. Inf. Technol. 23 (4) (2018) 1515-1529.

[17]	S. Scheggi, L. Meli, C. Pacchierotti, D. Prattichizzo,Touch the virtual reality: us-ing the leap motion controller for hand tracking and wearable tactile devices for immersive haptic rendering, in: ACM SIGGRAPH 2015 Posters, ACM, 2015, p. 1.

[18]	H. Duan, J. Li, S. Fan, Z. Lin, X. Wu, W. Cai, Metaverse for social good: a university campus prototype,in:Proceedings of the 29th ACM International Conference on Multimedia, ACM, 2021, pp. 153-161.

[19]	R. Trimananda, H. Le, H. Cui, J.T. Ho, A. Shuba, A. Markopoulou, OVRseen: au-diting network traffic and privacy policies in oculus VR,in:31st USENIX Security Symposium, USENIX Association, 2022, pp. 3789-3806.

[20]	G.N. Lewis, J.A. Rosie, Virtual reality games for movement rehabilitation in neuro-logical conditions: how do we meet the needs and expectations of the users?, Disabil. Rehabil. 34 (22) (2012) 1880-1886.

[21]	G. Riva, L. Gamberini, Virtual reality in telemedicine, Telemed. E-Health 6 (3) (2000) 327-340.

[22]	J. Radianti, T.A. Majchrzak, J. Fromm, I. Wohlgenannt, A systematic review of im-mersive virtual reality applications for higher education: design elements, lessons learned, and research agenda, Comput. Educ. 147 (2020) 103778.

[23]	S. Gunkel, H. Stokking, M. Prins, O. Niamut, E. Siahaan, P. Cesar, Experiencing virtual reality together: social VR use case study,in:Proceedings of the 2018 ACM International Conference on Interactive Experiences for TV and Online Video, ACM, 2018, pp. 233-238.

[24]	R.T. Azuma, A survey of augmented reality, Presence, Teleoper. Virt. 6 (4) (1997) 355-385.

[25]	M. Billinghurst, Augmented reality in education, New Horiz. Learn. 12 (5) (2002) 1-5.

[26]	M. Speicher, B.D. Hall, M. Nebeling, What is mixed reality?, in: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, ACM, 2019, pp. 1-15.

[27]	C. Andrews, M.K. Southworth, J.N. Silva, J.R. Silva, Extended reality in medical practice, Curr. Treatm. Opt. Cardiovasc. Med. 21 (2019) 1-12.

[28]	A.O. Kwok, S.G. Koh, Covid-19 and extended reality (XR), Curr. Issues Tour. 24 (14) (2021) 1935-1940.

[29]	A. Çöltekin, I. Lochhead, M. Madden, S. Christophe, A. Devaux, C. Pettit, O. Lock, S. Shukla, L. Herman, Z. Stachoňn, et al., Extended reality in spatial sciences: a review of research challenges and future directions, ISPRS Int. J. Geoinf. 9 (7) (2020) 439.

[30]	J. Hutson, R. Steffes, J. Weber, Virtual learning environments and digital twins: enhancing accessibility, diversity, and flexibility in training secondary educational administrators, Metaverse 4 (1) (2023) 16.

[31]	H. Vranken, Sustainability of bitcoin and blockchains, Curr. Opin. Environ. Sustain. 28 (2017) 1-9.

[32]	P. Treleaven, R.G. Brown, D. Yang, Blockchain technology in finance, Computer 50 (9) (2017) 14-17.

[33]	C.G. Schmidt, S.M. Wagner, Blockchain and supply chain relations: a transaction cost theory perspective, J. Purch. Supply Manag. 25 (4) (2019) 100552.

[34]	T.R. Gadekallu, W. Wang, G. Yenduri, P. Ranaweera, Q.-V. Pham, D.B. da Costa, M. Liyanage, et al., Blockchain for the metaverse: a review, Future Gener. Comput. Syst. 143 (2023) 401-419.

[35]	Q. Yang, Y. Zhao, H. Huang, Z. Xiong, J. Kang, Z. Zheng, Fusing blockchain and AI with metaverse: a survey, IEEE Open J. Comput. Soc. 3 (2022) 122-136.

[36]	G. Wood, et al., Ethereum: a secure decentralised generalised transaction ledger, Ethereum Proj. Yellow Pap. 151 (2014) (2014) 1-32.

[37]	Y. Liu, X. Xing, H. Cheng, D. Li, Z. Guan, J. Liu, Q. Wu, A flexible sharding blockchain protocol based on cross-shard byzantine fault tolerance, IEEE Trans. Inf. Forensics Secur. 18 (2023) 2276-2291.

[38]	M. Nadini, L. Alessandretti, F. Di Giacinto, M. Martino, L.M. Aiello, A. Baronchelli, Mapping the NFT revolution: market trends, trade networks, and visual features, Sci. Rep. 11 (1) (2021) 20902.

[39]	Z. Cheng, X. Hou, R. Li, Y. Zhou, X. Luo, J. Li, K. Ren, Towards a first step to understand the cryptocurrency stealing attack on ethereum, in: 22nd International Symposium on Research in Attacks, Intrusions and Defenses, vol. 2019, USENIX Association, 2019, pp. 47-60.

[40]	R. Leenes, Privacy in the metaverse: regulating a complex social construct in a vir-tual world,in: IFIP International Summer School on the Future of Identity in the Information Society, Springer, 2007, pp. 95-112.

[41]	Y. Wang, Z. Su, N. Zhang, R. Xing, D. Liu, T.H. Luan, X. Shen, A survey on metaverse: fundamentals, security, and privacy, IEEE Commun. Surv. Tutor. 25 (1) (2023) 319-352.

[42]	C.B. Fernandez, P. Hui, Life, the metaverse and everything: an overview of privacy, ethics, and governance in metaverse, in: 2022 IEEE 42nd International Conference on Distributed Computing Systems Workshops, IEEE, 2022, pp. 272-277.

[43]	L. Petrigna, G. Musumeci, The metaverse: a new challenge for the healthcare system: a scoping review, J. Funct. Morphol. Kinesiol. 7 (3) (2022) 63.

[44]	L. Rosenberg, Regulation of the metaverse: a roadmap: the risks and regulatory solutions for largescale consumer platforms,in:Proceedings of the 6th International Conference on Virtual and Augmented Reality Simulations, ACM, 2022, pp. 21-26.

[45]	Y. Liu, J. Liu, Q. Wu, H. Yu, Y. Hei, Z. Zhou, SSHC: a secure and scalable hybrid consensus protocol for sharding blockchains with a formal security framework, IEEE Trans. Dependable Secure Comput. 19 (3) (2022) 2070-2088.

[46]	S. Zimmeck, S.M. Bellovin, Privee: an architecture for automatically analyzing web privacy policies,in:23rd USENIX Security Symposium, USENIX Association, 2014, pp. 1-16.

[47]	S. Winkler, S. Zeadally, Privacy policy analysis of popular web platforms, IEEE Tech-nol. Soc. Mag. 35 (2) (2016) 75-85.

[48]	J. Laakkonen, J. Parkkila, P. Jäppinen, J. Ikonen, A. Seffah, Incorporating privacy into digital game platform design: the what, why, and how, IEEE Secur. Priv. 14 (4) (2016) 22-32.

[49]	P. Eckersley, How unique is your web browser?, in: International Symposium on Privacy Enhancing Technologies Symposium, Springer, 2010, pp. 1-18.

[50]	Y. Liu, J. Liu, M.A.V. Salles, Z. Zhang, T. Li, B. Hu, F. Henglein, R. Lu, Building blocks of sharding blockchain systems: concepts, approaches, and open problems, Comput. Sci. Rev. 46 (2022) 100513.

[51]	J. Zhou, C. Hu, J. Chi, J. Wu, M. Shen, Q. Xuan, Behavior-aware account de-anonymization on ethereum interaction graph, IEEE Trans. Inf. Forensics Secur. 17 (2022) 3433-3448.

[52]	S. Wang, W. Ding, J. Li, Y. Yuan, L. Ouyang, F.-Y. Wang, Decentralized autonomous organizations: concept, model, and applications, IEEE Trans. Comput. Soc. Syst. 6 (5) (2019) 870-878.

[53]	A. Bruns, A. Kornstadt, D. Wichmann, Web application tests with selenium, IEEE Softw. 26 (5) (2009) 88-91.

[54]	J. Ren, A. Rao, M. Lindorfer, A. Legout, D. Choffnes, Recon: revealing and con-trolling PII leaks in mobile network traffic,in:Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services, ACM, 2016, pp. 361-374.

[55]	W. Enck, P. Gilbert, S. Han, V. Tendulkar, B.-G. Chun, L.P. Cox, J. Jung, P. McDaniel, A.N. Sheth, Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones, ACM Trans. Comput. Syst. 32 (2) (2014) 1-29.

[56]	H. Cui, G. Meng, Y. Zhang, W. Wang, D. Zhu, T. Su, X. Zhang, Y. Li, TraceDroid: a robust network traffic analysis framework for privacy leakage in Android apps,in: International Conference on Science of Cyber Security, Springer, 2022, pp. 541-556.

[57]	Y. Li, W. Dai, Z. Ming, M. Qiu, Privacy protection for preventing data over-collection in smart city, IEEE Trans. Comput. 65 (5) (2015) 1339-1350.

[58]

H. Mohajeri Moghaddam, G. Acar, B. Burgess, A. Mathur, D.Y. Huang, N. Feamster, E.W. Felten, P. Mittal, A. Narayanan, Watching you watch: the tracking ecosystem of over-the-top tv streaming devices, in: Proceedings of the 2019 ACM SIGSAC Con-ference on Computer and Communications Security, ACM, 2019, pp. 131-147.

[59]	O. Hartig, J. Pérez, Semantics and complexity of graphql, in: Proceedings of the 2018 World Wide Web Conference, International World Wide Web Conferences Steering Committee, 2018, pp. 1155-1164.

[60]	B. Andow, S.Y. Mahmud, W. Wang, J. Whitaker, W. Enck, B. Reaves, K. Singh, T. Xie, PolicyLint: investigating internal privacy policy contradictions on Google Play,in:28th USENIX Security Symposium, USENIX Association, 2019, pp. 585-602.

[61]	Y. Hei, R. Yang, H. Peng, L. Wang, X. Xu, J. Liu, H. Liu, J. Xu, L. Sun, Hawk: rapid Android malware detection through heterogeneous graph attention networks, IEEE Trans. Neural Netw. Learn. Syst. (2021) 1-15.

[62]	B. Andow, S.Y. Mahmud, J. Whitaker, W. Enck, B. Reaves, K. Singh, S. Egelman, Ac-tions speak louder than words: entity-sensitive privacy policy and data flow analysis with policheck,in:29th USENIX Security Symposium, USENIX Association, 2020, pp. 985-1002.

[63]	Y. Hei, L. Wang, J. Sheng, J. Liu, Q. Li, S. Guo, Label graph augmented soft cas-cade decoding model for overlapping event extraction, Int. J. Mach. Learn. Cybern. (2023) 1-17.

[64]	C. Lee, H. Kim, S. Maharjan, K. Ko, J.W.-K. Hong, Blockchain explorer based on RPC-based monitoring system, in: 2019 IEEE International Conference on Blockchain and Cryptocurrency, IEEE, 2019, pp. 117-119.

[65]	X. Liu, R. Chen, Y.-W. Chen, S.-M. Yuan, Off-chain data fetching architecture for ethereum smart contract, in: 2018 International Conference on Cloud Computing, Big Data and Blockchain, IEEE, 2018, pp. 1-4.

[66]	A. Abuhashim, C.C. Tan, Smart contract designs on blockchain applications, in: 2020 IEEE Symposium on Computers and Communications, IEEE, 2020, pp. 1-4.

[67]	M. Glenski, E. Saldanha, S. Volkova, Characterizing speed and scale of cryptocur-rency discussion spread on Reddit, in: The World Wide Web Conference, ACM, 2019, pp. 560-570.

[68]	M. Horák, V. Stupka, M. Husák, GDPR compliance in cybersecurity software: a case study of DPIA in information sharing platform,in:Proceedings of the 14th Interna-tional Conference on Availability, Reliability and Security, ACM, 2019, pp. 1-8.