MR Security: Learning from IoT's Mistakes

A2 | Wed 23 Jan | 3:50 p.m.–4:35 p.m.

Presented by

  • Diane Hosfelt

    Diane is a security engineer in the Mixed Reality team at Mozilla Research. The open source portions of her CV include working with open web standards and developing the Servo browser engine used in Firefox Quantum. She also leads the Formal Verification and Unsafe Code Guidelines working groups for Rust. An American expat based out of Yorkshire, Diane loves everything the great indoors has to offer – especially her cats Batman and Watson.


Virtual and augmented reality technologies are becoming mainstream, and their privacy implications are staggering. As a security engineer with the Mixed Reality (MR) team at Mozilla Research, part of my job is to explore what privacy and security will mean in an immersive world. VR and AR create a world that blurs the lines between technology and reality, with all of the security challenges that this entails. Intensely personal traits like a user’s gait and eye-tracking (just two of many examples) can and sometimes must be exposed for immersive experiences to work correctly. VR also introduces questions about personal (virtual) space and location data ownership (can I pop into your kitchen and hang out in AR? or leave some virtual 💩 on your doorstep?). It’s our job as technologists to figure out how to build systems robust against abuse. By looking back to what we got right and what we could have done better the last time we invited new technologies into our homes and lives, as well as discussing the new technological and legal challenges unique to VR, this talk will explore our current opportunities to get VR less wrong than we got IoT. Linux Australia: YouTube: