METAseen: analyzing network traffic and privacy policies in Web 3.0 based Metaverse

IF 7.5 2区计算机科学 Q1 TELECOMMUNICATIONS

Digital Communications and Networks Pub Date : 2025-02-01 DOI:10.1016/j.dcan.2023.11.006

Beiyuan Yu , Yizhong Liu , Shanyao Ren , Ziyu Zhou , Jianwei Liu

{"title":"METAseen: analyzing network traffic and privacy policies in Web 3.0 based Metaverse","authors":"Beiyuan Yu , Yizhong Liu , Shanyao Ren , Ziyu Zhou , Jianwei Liu","doi":"10.1016/j.dcan.2023.11.006","DOIUrl":null,"url":null,"abstract":"<div><div>Metaverse is a new emerging concept building up a virtual environment for the user using Virtual Reality (VR) and blockchain technology but introduces privacy risks. Now, a series of challenges arise in Metaverse security, including massive data traffic breaches, large-scale user tracking, analysis activities, unreliable Artificial Intelligence (AI) analysis results, and social engineering security for people. In this work, we concentrate on Decentraland and Sandbox, two well-known Metaverse applications in Web 3.0. Our experiments analyze, for the first time, the personal privacy data exposed by Metaverse applications and services from a combined perspective of network traffic and privacy policy. We develop a lightweight traffic processing approach suitable for the Web 3.0 environment, which does not rely on complex decryption or reverse engineering techniques.</div><div>We propose a smart contract interaction traffic analysis method capable of retrieving user interactions with Metaverse applications and blockchain smart contracts. This method provides a new approach to de-anonymizing users' identities through Metaverse applications. Our system, METAseen, analyzes and compares network traffic with the privacy policies of Metaverse applications to identify controversial data collection practices. The consistency check experiment reveals that the data types exposed by Metaverse applications include Personal Identifiable Information (PII), device information, and Metaverse-related data. By comparing the data flows observed in the network traffic with assertions made in the privacy regulations of the Metaverse service provider, we discovered that far more than 49% of the Metaverse data flows needed to be disclosed appropriately.</div></div>","PeriodicalId":48631,"journal":{"name":"Digital Communications and Networks","volume":"11 1","pages":"Pages 13-25"},"PeriodicalIF":7.5000,"publicationDate":"2025-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Digital Communications and Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2352864823001694","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}

引用次数: 0

Abstract

Metaverse is a new emerging concept building up a virtual environment for the user using Virtual Reality (VR) and blockchain technology but introduces privacy risks. Now, a series of challenges arise in Metaverse security, including massive data traffic breaches, large-scale user tracking, analysis activities, unreliable Artificial Intelligence (AI) analysis results, and social engineering security for people. In this work, we concentrate on Decentraland and Sandbox, two well-known Metaverse applications in Web 3.0. Our experiments analyze, for the first time, the personal privacy data exposed by Metaverse applications and services from a combined perspective of network traffic and privacy policy. We develop a lightweight traffic processing approach suitable for the Web 3.0 environment, which does not rely on complex decryption or reverse engineering techniques.

We propose a smart contract interaction traffic analysis method capable of retrieving user interactions with Metaverse applications and blockchain smart contracts. This method provides a new approach to de-anonymizing users' identities through Metaverse applications. Our system, METAseen, analyzes and compares network traffic with the privacy policies of Metaverse applications to identify controversial data collection practices. The consistency check experiment reveals that the data types exposed by Metaverse applications include Personal Identifiable Information (PII), device information, and Metaverse-related data. By comparing the data flows observed in the network traffic with assertions made in the privacy regulations of the Metaverse service provider, we discovered that far more than 49% of the Metaverse data flows needed to be disclosed appropriately.

查看原文本刊更多论文

METAseen：分析基于 Web 3.0 的元宇宙中的网络流量和隐私政策

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Digital Communications and Networks Computer Science-Hardware and Architecture

CiteScore

12.80

自引率

5.10%

发文量

915

审稿时长

30 weeks

期刊介绍： Digital Communications and Networks is a prestigious journal that emphasizes on communication systems and networks. We publish only top-notch original articles and authoritative reviews, which undergo rigorous peer-review. We are proud to announce that all our articles are fully Open Access and can be accessed on ScienceDirect. Our journal is recognized and indexed by eminent databases such as the Science Citation Index Expanded (SCIE) and Scopus. In addition to regular articles, we may also consider exceptional conference papers that have been significantly expanded. Furthermore, we periodically release special issues that focus on specific aspects of the field. In conclusion, Digital Communications and Networks is a leading journal that guarantees exceptional quality and accessibility for researchers and scholars in the field of communication systems and networks.