Warning: *privacy not included with this product
Meta Quest Pro
Got an extra $1,500 lying around to dump on Mark Zuckerberg's high-end metaverse delivering headset? (we don't) Billed by Meta nee Facebook as "a whole new way to work, create, and collaborate,' the Meta Quest Pro seems to be targeted more at the business set that the average gamer or consumer set. With things like "high resolution mixed reality" and "authentic avatar expressions," Meta seems to really hope people will use these for work collaboration and such. Unfortunately, reports show that even Meta employees aren't too keen on collaborating in their own metaverse. So, is this expensive VR headset worth it? Well, that's up to you. Will your privacy be protected and respected if you use this VR headset? Given Meta/Facebook's track record on that, we'd have to warn, probably not.
What could happen if something goes wrong?
Meta (you know, the company that used to be Facebook), has a very long history of betraying users' privacy and trust. They've faced record fines around the world for this and have been caught hiding data leaks from their users. In April 2021, it was reported the personal information of more than 500 million Facebook users was shared online in a massive data leak. Then there was the 2022 admission that over one million Facebook users’ login info may have been compromised due to malicious apps stealing data through the Facebook third-party login (hey, Meta/Facebook did announce this themselves, so, good for them). All this this coupled with with the Facebook whistleblower testimony in 2021 to the US Congress that outlined the harms Meta/Facebook causes and the dishonest way they approach dealing with these harms and Meta/Facebook appears to be one of most immoral companies we review in *Privacy Not Included.
Now Meta has come out with the Quest Pro, their high-end VR/AR headset designed to deliver the metaverse (with or without legs) to your face. This expensive gadget also delivers a whole lot of cameras sitting on your head -- looking at your face, monitoring your eye movements, facial expressions, body movements, and at the world around you. The Quest Pro reportedly comes with 16 cameras total -- 5 looking at your face, 5 looking out from your face, and 3 each on the two controllers. It sure sounds pretty creepy.
So, this is the starting point for bringing a device that uses those cameras to track your eye movement, facial expressions, and your body and surroundings. Meta says in a blog post touting about the privacy of the Quest Pro that those eye tracking and facial expression features that monitor your face in real time are opt-in (who knows how clear the opt-in process is though?). At least one privacy expert has already warned that the opt-in of sharing facial data might not last long before it comes on by default. We tell consumers that Meta/Facebook isn’t a company that has earned a lot of trust when it comes to privacy, so we’d say, buyer beware.
To use the device, you’re required to have a Meta account (Meta says they will no longer require a Facebook account to sign into this VR headset, but will require a Meta account, which is an account you can sign up for with your email address or Facebook account). Still, you’re gonna be sharing lots of your data with a company with a horrible track record at protecting and respecting the heaps of data this VR headset can collect. And good luck figuring out which of the Meta/Facebook, Oculus, Supplemental Meta Platforms Technologies privacy policies applies to you when you use the Meta Quest Pro. It’s pretty confusing trying to sort all that out. Which makes sense when you read that Meta/Facebook’s own engineers struggle to keep track of, control, and explain the use of all the data Meta/Facebook collects.
So, the question comes down to, does Meta/Facebook have your best interests at heart when it collects all the data the Quest Pro is capable of collecting? From Cambridge Analytica to where we are today with Mark Zuckerberg’s hopes for the metaverse, the answer to that question is a resounding NO. We're afraid this device comes with *Privacy Not Included.
One more note on Meta from a privacy researcher’s point of view. Trying to read through Meta's crazy network of privacy policies, privacy FAQs, privacy statements, privacy notices, and supplemental privacy documentation for their vast empire is a nightmare. There’s so many documents that link to other documents that link back even more documents that understanding and making sense of Meta's actual privacy practices feels almost impossible. We wonder if this is by design, to confuse us all so we just give up? Or, if maybe even Meta'’s own employees possibly don’t know and understand the vast network of privacy policies and documentation they have living all over the place? Regardless, this privacy researcher would love to see Meta do better when it comes to making their privacy policies accessible to the consumers they impact.
Tips to protect yourself
- Connect your VR headset to a secure WiFi network
- Set up an unlock pattern and secure your VR headset with an extra layer of security that you can use to prevent others from accessing your device or saved passwords.
- Sign up with an email to create your Meta account rather than login in with your Facebook or Instagram account
- Minimize the amount of data shared with your Facebook account
- Do not sign up with third-party accounts. Better just log in with email and strong password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible.
- Set up your Facebook account's privacy settings
What can be used to sign up?
Meta or Oculus account required. Facebook or Instagram log-ins available
What data does the company collect?
Name, email address, and phone number
Contacts (optional, when you share content)
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
In September 2022, Meta was fined $405M for treatment of childrens' data on Instagram.
In October 2022, Meta Pixel was a cause of a data breach of sensitive healthcare data that hit 3 million patients at Advocate Aurora Health (AAH), a 26-hospital healthcare system in Wisconsin and Illinois.
In October 2022, Meta notified around 1 million users of potential compromise through malicious apps.
In August 2022, private and personal information of over 1.5 billion Facebook users were allegedly being sold on a popular hacking-related forum.
In March 2022, Meta received a $18.6M fine from the Data Protection Commision. The DPC found that Meta Platforms failed to have in place appropriate technical and organisational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data, in the context of the twelve personal data breaches. The decision followed an inquiry by the DPC into a series of twelve data breach notifications it received in the six month period between 7 June 2018 and 4 December 2018.
In October 2021, Facebook's WhatsApp was fined nearly $270 million by Irish authorities for not being transparent about how it uses data collected from people on the service.
In April 2021, it was reported that there was a personal data leak of about 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It included their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and, in some cases, email addresses.
In August 2019, Bloomberg reported that Facebook hired contractors to transcribe audio messages users sent through Messenger and Facebook confirmed the report.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Detailed Privacy FAQ & settings are provided, however, there are a confusing number of privacy policies to consider
Links to privacy information
Does this product meet our Minimum Security Standards?
Is this AI untrustworthy?
What kind of decisions does the AI make about you or for you?
Oculus Insight computes an accurate and real-time position for the headset and controllers every millisecond in order to translate your precise movements into VR
Is the company transparent about how the AI works?
Does the user have control over the AI features?
Meta’s VR Headset Harvests Personal Data Right Off Your FaceWired
Facebook Doesn’t Know What It Does With Your Data, Or Where It Goes: Leaked DocumentMotherboard: Tech by Vice
Meta warns 1 million Facebook users their login info may have been compromisedThe Washington Post
Meta Faces Another Lawsuit Over Health Data Privacy PracticesHealthITSecurity
VR Tracking Facial Expressions May Be the Next Privacy Nightmare—Here's WhyLifewire
Facebook hit with antitrust probe for tying Oculus use to Facebook accountsTechCrunch
Will the Oculus Quest still require a Facebook account? It’s complicatedThe Verge
Facebook’s Oculus Quest will soon be called the Meta QuestThe Verge
Facebook Just Gave 1 Million Oculus Users A Reason To QuitForbes
Facebook’s virtual reality push is about data, not gamingThe Conversation
Oculus will sell you a Quest 2 headset that doesn't need Facebook for an extra $500PC Gamer
Facebook VP of VR recommends checking your account is in 'good standing' before buying a Quest 2Fraser Brown
Got a comment? Let us hear it.