Your Cool New Oculus Rift Might Be Spying On You For Facebook

The Oculus Rift has finally begun shipping to fans that have been eagerly anticipating their pre-orders.  For many, the Rift is the virtual reality device beat despite the best efforts of HTC, Sony, and others.  According to some, however, the Oculus Rift may come with a greater cost than its $599 pricetag and we aren't talking about the beast of a gaming machine you'll need to adequately power it.  Instead, these concerns stem from Facebook's ownership of Oculus.  These concerns have been heard before, of course, back when Facebook acquired the company two years ago, but now Reddit detectives have offered up some evidence to support the suspicions.

Orlovsky and Oculus Rift Galyonkin
Photograph from Sergey Galyonkin

Reddit user Woofington has posted information regarding Oculus Home -- a client that gets installed as part of the Rift's software suite -- and its relation to Oculus' privacy policy.  He states, "When you install Oculus Home a background service with full permissions is spun up and never spun down. This service is used to detect when the rift is turned on so it can automatically launch the rift, but it is also used to constantly communicate with facebook servers."  The always running Home client processes in question have been identified as OVRServer_x64.exe and OVRServiceLauncher.  OVRServer_x64.exe maintains a connection to the Facebook owned fbcdn domain even with Home closed.  Reddit user wite_noiz experimented with blocking the processes from network traffic and received a couple of warnings concerning the headset being unable to access Graph and 360 Photos being unable to detect any photos, although it hasn't prevented their Oculus devices from working otherwise.

So what is this process doing, and why does it need a constant connection to Facebook's servers?  Short of an official statement, probes of the traffic have not revealed much beyond benign data such as versioning information or friend list polling.  This hasn't assuaged concerns, however, as many are picking apart the Oculus privacy policy.  Specifically, their policy includes a statement that they can collect information from a customer's local storage.  No limitations are offered in the wording, so arguably a user's entire hard drive is fair game for Facebook to scan and/or upload.  This information gathering is also fair game for third parties to use, of course, for marketing purposes.  This policy, some claim, means that at any time Facebook can begin collecting whatever data they desire even if they aren't doing so now, and it can be done without disclosure because the users have already agreed to the terms of use long in advance.

Facebook Oculus Privacy Policy Exerpt
Excerpt from Oculus Privacy Policy (4/2/2016), Click to Enlarge 

Whether this revelation gives you pause before slipping off into virtual reality land or not is up to you.  Many users don't care if their information is used for marketing purposes.  Still, the fact that there is no opt-out on a $600 product and that Oculus collects data even while the Rift is not in use is concerning and needs an official answer beyond founder Palmer Luckey flatly dismissing Woofington as an Oculus hater.

But hey, it's not like Facebook has ever done anything shady without user knowledge, right?