Wednesday, August 24, 2022

Danger: Metaverse Ahead! (Part 2)

Different vendors, and different commentators, seem to have different ideas about the nature of the Metaverse.  (It's difficult to opine about a technology when nobody can agree on what that technology actually is.)  However, all seem to agree that the metaverse will involve some kind of artificial reality.

Artificial reality or virtual reality will provide the interface to the metaverse, in the opinion of most.  Virtual or artificial reality will provide a layer of abstraction, hiding the nuts and bolts of what is going on in terms of communication and processing, from the user.

As has been famously said, any technical problem can be solved by the addition of a layer of abstraction, except for the problem of too many layers of abstraction.

Anytime you hide something in information processing, you are in grave danger of introducing some kind of security vulnerability.

We will be hiding, from the user, who or what they are actually talking to, in terms of machine and network connections.  We will be hiding, from the user, any idea of where processing is taking place.  There will be a lot of processing involved in creating the virtual or artificial reality itself.  Is this processing taking place on the user's machine?  Is this processing taking place on the host platform machine?  Is this processing taking place somewhere else in the cloud?  And then there's the question of what this processing is actually doing and how realistic, or consistent, the presentation to the user actually is.

There are going to be differences in devices that users use to access the metaverse.  We are already seeing inconsistencies and differences in communications devices, and the representations that they make of our communications.

For example, Gloria and the girls and I tended to communicate via WhatsApp.  WhatsApp has a number of communications functions, but we used it primarily for text messaging.  When I wanted to indicate a joke, being old school, I would use the standard text-based emoticons: generally speaking a colon, a hyphen, and a close parenthesis.  And now comes the first question about where processing takes place.  When I typed in those three characters, something, either the soft keyboard that I was using, or WhatsApp itself, would change it to a graphic emoticon, for transmission.  I don't know, for sure, which piece of software did that translation.  (I suspected it was WhatsApp, because the soft keyboard did seem to work differently with other programs.)  In any case the others would see a little happy face icon.  However, Gloria, using an Android device, what often see the little Android character, bearing a smile.  The girls, using iPhones, would generally see the more usual yellow happy face icon.  The three of us would see three different representations of what I had typed.  That is a minor inconsistency, and probably would not lead to any great misunderstandings.  But it is an inconsistency.  It is a difference.  A layer of abstraction has been added, and other people do not know, accurately, what it is that I actually did or said.

Now multiply that by an extensive range of devices from handheld smartphones to vision systems and sensing gloves.  Multiply that from input via text, or speech recognition.  Multiply that by speech recognition using artificial intelligence.  Multiply that by graphical representation systems, that are possibly also using artificial intelligence to both generate, and represent, communications.  The possibilities for mixed representation expand enormously.

Misrepresentation or inaccuracy is not the only possible problem of abstraction.

A number of issues can be hidden from the user and may threaten the security of both the user and the metaverse system itself.

Communication protocols, and authentication procedures and protocols, will also be hidden from the user.  Many issues and many security factors will be abstracted and therefore hidden from the user.  This abstraction will add layers of complexity to an already extremely complicated security situation.  Authentication will become much more important.  The protocols of communication, and authentication, will be hidden from the user.  They will be hidden in layers of abstraction that will add complexity to an already complex mix of communications protocols, networking protocols, middleware applications, and authentication.

The Metaverse, like the world wide Web before it, will attempt to become a grand unified field theory of the Internet.  Everyone will want their application to work in the Metaverse.  Everyone will want their business to function in the Metaverse.  Banking, finance, business transactions, and even real real estate sales, will take place in the Metaverse.  E-commerce will be apart of the metaverse, and will be one of the major drivers.  Therefore, authentication will become even more important.

Authentication will have greater significance.  At the moment, most authentication for many e-commerce functions will operate on the basis of some kind of cookie left on the machine.  This is node authentication, in a way.  But node authentication will be insufficient in a situation where the bulk of commerce is being done on the Metaverse, and individuals must be identified, authenticated, and their authorization verified.  Authentication will become much more complex, and, at the same time, attempts will be made to make authentication simpler for the user and more transparent.  The user will not want to remember passwords or pull out tokens to verify themselves.  Users are already used to the node authentication that places a cookie on their machine so that their banking, purchasing, online shopping, games, and other entertainments are all instantly accessible when they sit down at the computer, or when they pull out their smartphone.  They will not want a more complex system to verify themselves to the Metaverse.

The grand unification of communications and authentication, under the Metaverse, will add complexity, to an already complex environment.  And, of course, complexity is the enemy of security.  Therefore there will be many aspects of the internet of the metaverse that will be extremely complex with layers of abstractions, authentications and communications protocols that must all be verified, and must all work properly together.

If the Metaverse is to be a universal interface to the Internet, and all forms of communication, there will be issues of compatibility.  We are already seeing a variety of problems in this regard, with the existing Internet, and the World Wide Web.  Websites are being programmed in such a way that they will display on any device, screen, or window.  But in order to do this, the displays can be significantly different.  Indeed, in many situations, certain functions will not appear on the wrong sized device, screen, or window.  Certain websites can demonstrate this fairly easily simply by resizing an existing window very slightly.

Thus, in the name of compatibility, we have sites that can display completely differently to different users.  This can create enormous misunderstandings when users are, apparently, using the same website, and see completely different things.  At the very least, it is an enormous problem for technical support.  With the automation of web development, and the inclusion of application programming interfaces, and functional libraries, and point-and-click and cut and paste programming/citizen programming, these differences may not even be apparent to the system's managers, or owners.  Those charged with technical support may be completely unaware of the lack of functionality that different users will see depending upon their device, screen, or window size.

With such differences in our existing Web interfaces, how much greater will be the problems when we are dealing with the Metaverse, and devices ranging from three-dimensional artificial reality goggles, to simple smartphones.

No comments:

Post a Comment