When XR Can Read Minds, How Will We Protect Our Privacy?

Image for post
Image for post
Image for post
Image for post

“Hey, I’m Cayla”

This is Cayla, the doll. It was launched in 2014 and won the toy of the year in countries around the world. She connects to the internet and uses Speech Recognition technology to answer your child’s questions just like a friend. It’s an example of IoT, Internet of Things if you asked.

“Can I tell you a secret, Cayla?”

Cayla: Sure go ahead! Be very quiet though. I promise not to tell anyone. It’s just between you and me because we are friends.

Awww... Isn’t it cute and adorable!

While kids were awed and family was loving them chat, the company was harvesting a pile of personal data. The toy’s vulnerabilities were first exposed in 2015 when a security researcher from Pen Test Partners hacked the doll. The fear is that by hacking the doll, someone could communicate with children on a call and obtain sensitive information. The recordings of the child, her friends, and family, can be used for targeted advertising. And all this information can be shared with unnamed third parties. Uhhh…


Not quite… Anyone with a smartphone can connect to Cayla within a certain distance. When we confronted the company that made and programmed Cayla, they issued a series of statements that one had to be an IT expert to breach the security. Shall we fact-check that statement and live hack Cayla together? Here she is. Cayla is equipped with a Bluetooth device that can transmit up to 60 feet, a bit less if there’s a wall between. That means I, or any stranger, can connect to the doll while being outside the room where Cayla and her friends are.

And remember, this kid-loving-hackable-toy won the toy of the year in countries around the world.


XR is not just going to store your searching or chatting history but everything related to wherever you go and whatever you do and whatever you mental-landscape is in your head with that Techy-Glasses switched-on, it will be stored. This data can be used to re-create your whole life.

In the months following the 2009 presidential election in Iran, protests erupted across the country. The Iranian government violently suppressed what came to be known as the Iranian Green Movement, even blocking mobile signals to cut off communication between the protesters.

We all know what consequences of such an act are possible…

Or even worse, what could have happened if the government had illegal access through companies to all the thoughts before the movement?

This day is closer than you might think. With the fast advancement in Neuroscience, Artificial Intelligence, and Machine Learning, we may soon know more about the brain without uttering a word with a simple portable device like this

Image for post
Image for post

In fact, in China, the train drivers on the Beijing-Shanghai high-speed rail, the busiest of its kind in the world, are required to wear EEG devices to monitor their brain activity while driving. The EEG might only share the brain-waves to the computer but the future will not be the same.

And don’t forget Facebook, sharing data with third parties to change political advertisement and decisions.

Image for post
Image for post

If our brains can be hacked like the Facebook app, then we are on the edge of a dangerous threat to our Freedom of Thoughts. If some unwanted organization or individual has access to our thoughts by any means then _BOOOOM_

What Are The Solutions?

1. Open-Sourced Database Management System

Storing data using an open-sourced data management system can help to bring 100% transparency to user-company data privacy deal. We can design such a system that generates a log file every time the data is copied, moved or used from the Glasses or storage. This log file will be accessible to the user. As it’s an open-sourced no company will be able to twist it’s working.

This means — no removal of data, no unauthorized use of data by the company, and not even copying data without consent.

2. One Way Transfer of Data

Have you ever thought to buy personal storage for using Google, Facebook, Amazon or any other application?

Well, why not! With the advancement in storage devices, we will soon have affordable less-space taking and more data-storing devices by 5–10 years. So why not let everyone buy personal storage for their AR-MR Glasses. That storage can be designed to only take data from the company and not to send it back. Means once the application is installed the company will be able to only update the code and will get no stats in return.

This raises a concern about the use of SaaS websites like Slack or WhatsappWeb. But ya, if there is any such website application we convert it into an in-storage application. This will make tools hard-to-access but ya better than sharing personal information for political manipulation.

3. Terms and Condition Document

Image for post
Image for post

This experiment was conducted by Finn Lützow-Holm Myrstad and colleagues to read popular apps T&C of an average phone. They printed out 900 pages of that and it took 31 hours, 49 minutes, and 11 seconds to read everything. This is super-unrealistic. Reading is one thing and understanding is another.

Look at this common section in the T&C page

Image for post
Image for post

This is from a dating app. The word used is no around to be understandable to a common person. Irrevocable, means ‘you can’t change your mind’ and perpetual means ‘forever’. That means once agreed to terms of sharing your info including your images they can use it anywhere anytime. So, not to mention what it would be like if your image is used in magazine 20 years after you stopped using the dating app in a pregnancy advertisement.

We need better documentation, and options for user to choose the rights of the company on their data. That means check box to agree for every right.

Remember, with XR the data is of your home, personal relations, and whatnot. You are going to use that Techy-Glasses 24/7 with an activated recording camera, it’s not like your smartphone which you have to take out from pocket to use. It will track your words as well as the sight and your thoughts.

So, ya, the fight for privacy will not end soon. What’s your thought on this? Do you have any other solutions? Share in comments…

Thanks for reading my blog! From now I am going to post a blog every Monday and Thursday at 8 PM. Follow me to read on

• Self-development💪

• XR😎

• Future and Technology🤖

Written by

Country Head Of VR-AR-MR Student Partner Program | AR-MR Developer And Evangelist | Microsoft Learn Student Ambassador٩(●ᴗ●)۶

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store