METAseen:analyzing network traffic and privacy policies in Web 3.0 based Metaverse  

作　　者：Beiyuan Yu Yizhong Liu Shanyao Ren Ziyu Zhou Jianwei Liu 

机构地区：[1]School of Cyber Science and Technology,Beihang University,Beijing 100191,China [2]State Key Laboratory of Cryptology,P.O.Box 5159,Beijing 100878,China

出　　处：《Digital Communications and Networks》2025年第1期13-25,共13页数字通信与网络(英文版)

基　　金：supported by the National Key R&D Program of China (2021YFB2700200);the National Natural Science Foundation of China (U21B2021,61932014,61972018,62202027);Young Elite Scientists Sponsorship Program by CAST (2022QNRC001);Beijing Natural Science Foundation (M23016);Yunnan Key Laboratory of Blockchain Application Technology Open Project (202105AG070005,YNB202206)。

摘　　要：Metaverse is a new emerging concept building up a virtual environment for the user using Virtual Reality(VR)and blockchain technology but introduces privacy risks.Now,a series of challenges arise in Metaverse security,including massive data traffic breaches,large-scale user tracking,analysis activities,unreliable Artificial Intelligence(AI)analysis results,and social engineering security for people.In this work,we concentrate on Decentraland and Sandbox,two well-known Metaverse applications in Web 3.0.Our experiments analyze,for the first time,the personal privacy data exposed by Metaverse applications and services from a combined perspective of network traffic and privacy policy.We develop a lightweight traffic processing approach suitable for the Web 3.0 environment,which does not rely on complex decryption or reverse engineering techniques.We propose a smart contract interaction traffic analysis method capable of retrieving user interactions with Metaverse applications and blockchain smart contracts.This method provides a new approach to de-anonymizing users'identities through Metaverse applications.Our system,METAseen,analyzes and compares network traffic with the privacy policies of Metaverse applications to identify controversial data collection practices.The consistency check experiment reveals that the data types exposed by Metaverse applications include Personal Identifiable Information(PII),device information,and Metaverse-related data.By comparing the data flows observed in the network traffic with assertions made in the privacy regulations of the Metaverse service provider,we discovered that far more than 49%of the Metaverse data flows needed to be disclosed appropriately.

关 键 词：Metaverse Privacy policy Traffic analysis Blockchain Data ontology 

分 类 号：TP3[自动化与计算机技术—计算机科学与技术]