Extended-Reality (XR) devices are packed with sensors that allow tracking of users (e.g., behaviour, actions, eye-gaze) and their surroundings (e.g., people, places, objects). As a consequence, XR devices pose significant risks to privacy, security, and our ability to understand and influence the behaviour of users -risks that will be amplified by ever-increasing adoption. This necessitates addressing these concerns before XR becomes ubiquitous. We conducted three focus groups with thirteen XR experts from industry and academia interested in XR, security, and privacy, to investigate current and emerging issues relating to security, privacy, and influencing behaviour. We identified issues such as virtual threats leading to physical harm, missing opting-out methods, and amplifying bias through perceptual filters. From the results we establish a collection of prescient challenges relating to security, privacy and behavioural manipulation within XR and present recommendations working towards developing future XR devices that better support security and privacy by default.
CCS CONCEPTS• Human-centered computing → Mixed / augmented reality; • Security and privacy → Human and societal aspects of security and privacy.