Artizen XR Safety and Privacy Guide for Artists.Indd
Total Page:16
File Type:pdf, Size:1020Kb
XR Safety Initiative www.xrsi.org EXTEND REALITY WITH AWARENESS XR Safety and Privacy Guide for Artists EXTEND REALITY WITH AWARENESS! XR Safety and Privacy Guide for Artists DECEMBER 2020 Acknowledgements Kavya Pearlman Alina Kadlubsky XRSI The Cyber XR Coaliti on Marco Magnano Vandana Verma Sehgal XRSI / Ready Hacker 1 The Cyber XR Coaliti on Ryan Wegner Michaela Ternasky-Holland Ready Hacker 1 Acti vist Lens Grant Nancy Baker Cahill Jesse Damiani 4th Wall Acti vist Lens Grant Andrea Kim René Pinnell The Cyber XR Coaliti on Arti zen Cover designed by Alina Kadlubsky Design by Marco Magnano and Alina Kadlubsky This work is licensed under the Creati ve Commons Att ributi on-NonCommercial-ShareAlike 4.0 Internati onal (CC BY-NC-SA 4.0) License. To view a copy of the license, visit htt ps://creati vecommons.org/licenses/by-nc-sa/4.0/legalcode 2 CC BY-NC-SA 4.0 TABLE OF CONTENTS Executi ve Summary . .4 Chapter 1: Basic Cyber Hygiene Tips to Safely Extend Realiti es . .5 Password Manager . .6 Multi -Factor Authenti cati on . .7 Social Engineering . .8 Malware and Botnets . .9 Identi ty Management . 10 Ransomware . 11 Update your Systems and Browsers . 12 Intellectual Property . 13 Virtual Private Network . 14 Maintain Backups . 15 Chapter 2: Advanced Privacy and Security Enhancing Tips . 16 Trust and Safety in the XR Domain . 17 Make Future Truly Private with the XRSI Privacy Framework v 1.0 . 19 Focus Areas Overview . 20 3 CC BY-NC-SA 4.0 Executi ve Summary EXECUTIVE SUMMARY Advances in immersive media are transforming storytelling into story-living. Immersive media is no longer a “shiny Taking privacy and security into new toy.” Due to the catalyzing event of considerati on might not be a part of the COVID-19 in 2020, it has already begun natural creati ve process. However, it is changing the world for the bett er by essenti al to pay att enti on to these aspects bringing people closer together across faith, when designing and developing. These race, class, gender, and ability. When it proacti ve acti ons protect the arti sts comes to advanced technologies, what is themselves and the audience that may life-enhancing can also be life-threatening. potenti ally interact with the art or enter The new worlds that we are building on into the same thought space as the one top of our perceived reality bring along intended by the arti st. Today’s arti sts and privacy and security risks. As we head for developers are setti ng a precedent that the mass adopti on of these technologies will be followed by generati ons. Therefore and advancements, the risk awareness we must get it right to create a safe and and miti gati on are remarkably lacking trustworthy ecosystem. in this domain. We are at a signifi cant cross-secti on where the arti sts and media Many emerging technologies encounter community needs concrete guidance what is known as the Collingridge dilemma: and genuinely understand and carry it is hard to predict the various impacts of a out their share of security and privacy technology unti l it is extensively developed responsibiliti es. and widely used, but by then it is almost impossible to control or change. While we This guide serves all of the arti st and media may not account for all the unintended communiti es. However, it zooms in on the consequences, we know that we need subject of privacy and security for Individual to pay att enti on to data protecti on and creators, creati ve collaborators, and arti sti c privacy. While these technologies present developers. No matt er which role you play, new ways to create wonderful new realiti es, this guide can be used to ensure the key we should also keep in mind how they privacy and security considerati ons are can be used for repression, surveillance, taken into account during the design of XR propaganda, sow division, and how we risk products and experiences. Early adopti on losing privacy and control without adequate of these practi ces will help limit potenti al awareness and proacti ve acti ons over our cybersecurity and privacy threats. own data and networks. 4 CC BY-NC-SA 4.0 CHAPTER 1 BASIC CYBER HYGIENE TIPS TO SAFELY EXTEND REALITIES Everyone can use these resources and tips to secure your online accounts and digital devices better and keep your data safe, whether you are an XR artist or not. Extend Reality with Awareness! CHAPTER 1 XR Safety and Privacy Guide for Artists Basic Cyber Hygiene Tips to December 2020 Safely Extend Realiti es Password Manager Lockdown Your accounts Weak passwords or passwords shared between accounts can lead to compromises and account takeovers. A passphrase is a preferred alternati ve to keep your accounts secure. A passphrase can be sentences or phrases you like to think about and are easy to remember (for example, “I love electronic music.”). A strong passphrase is a sentence that is at least 12 characters long. While it used to be necessary to memorize a series of complex passwords to remain secure from breach, password managers have become a great alternati ve to When you log in to a service, you remembering passwords or passphrases. use your master password to access They usually rely on a single master the applicati on-specifi c password. password you have to remember and Password managers can also choose then store all your passwords for any lengthy random complex passwords other account. using a generator, so you never have to remember or even know all your passwords. Password managers also can Resources identi fy when you are using an insecure password. Dashlane LastPass KeePass browser-based 1Password password managers. 6 CC BY-NC-SA 4.0 Extend Reality with Awareness! CHAPTER 1 XR Safety and Privacy Guide for Artists Basic Cyber Hygiene Tips to December 2020 Safely Extend Realiti es Multi-Factor Authentication Further Strengthen your accounts using Multi-Factor Authentication (MFA) As a designer, arti st, or developer, you control of those accounts. Multi -Factor are likely going to have a public profi le, Authenti cati on (MFA) requires more which makes you a target for fraud as than one authenti cati on method from your contact informati on might appear independent sources to verify your in social media. Att ackers will oft en try identi ty. In other words, you obtain the to use publicly available informati on to system access that you wish to use only att empt brute-forcing att acks against aft er providing two or more pieces of victi m login credenti als to try and take informati on that uniquely identi fi es you. There are three categories of credenti als: something you either know, have, or are. SOMETHING YOU SOMETHING YOU SOMETHING YOU KNOW ARE HAVE Password Fingerprint Security Token or App Passphrase Facial Recogniti on Verifi cati on Text, Call, Email, PIN Number Voice Recogniti on Smart Card Figure 1 - Multi -Factor Authenti cati on (MFA) Many services off er multi -factor authenti cati on (MFA). To help protect Resources your accounts, check the setti ngs with each service provider where you usually PCI-DSS MFA Guidance log in with a username and password. You can also contact the service NSA Guidance for MFA provider’s technical support to see if MFA is available. If MFA is available, enable it. This includes any account List of Websites that off er MFA with a login such as emails, services portals, fi nancial webpages, or desktop applicati ons. 7 CC BY-NC-SA 4.0 Extend Reality with Awareness! CHAPTER 1 XR Safety and Privacy Guide for Artists Basic Cyber Hygiene Tips to December 2020 Safely Extend Realiti es Social Engineering Think Before you Act! Everyone can be victi mized by social mechanisms to validate identi ty and engineering, but as an arti st you may opens the door for sophisti cated threat be more at risk given the number of vectors, including the use of deep fakes. people you interact with, some of whom are known to you only in their If you are unsure whether an email virtual personas. Social engineering request is legiti mate, try to verify it with exploits our human nature, our desire these steps: to be helpful, or our submission to authority, and its practi ti oners craft ▪ Contact the sender directly realisti c scenarios that lead you to Using the informati on provided on any believe they are someone you can account statement, on the sender’s trust before they exploit your trust for offi cial website or on the back of a nefarious purposes. Cybercriminals have credit card. become quite savvy in their att empts to lure people in and get you to click ▪ Search for the sender online on a link or open an att achment. If But not with the informati on provided something seems unusual, practi ce in the email. cauti on. For example, if someone asks for you to perform a task via a virtual avatar or even through an SMS message that seems slightly out of character, follow up with a phone call or video Resources conference. Given XR’s potenti al to infl uence our reality, the threat of social NCSA guidance on Spam and Phishing engineering in the XR space requires 8 CC BY-NC-SA 4.0 Extend Reality with Awareness! CHAPTER 1 XR Safety and Privacy Guide for Artists Basic Cyber Hygiene Tips to December 2020 Safely Extend Realiti es Malware and Botnets Protect yourself from unwanted, and potentially harmful, fi les or malicious programs Malware and Viruses are harmful Install anti -malware and keep it up to programs that can be transmitt ed to date.