Eye-Tracking in Virtual Reality: A Visceral Notice Approach for Protecting Privacy

Eye-tracking is in our future. Across many fields, it is becoming widely used. This paper analyzes eye-tracking in virtual reality and characterizes the results as a case study that illuminates novel privacy risks. Our research question is: How can we support and protect users in this environ - ment? We consider a design strategy originally proposed by Ryan Calo called “visceral notice” that provides users with an experientially resonant means of understanding privacy threats. To make our case for visceral notice, we proceed as follows. First, we provide a concise account of how eye-tracking works, emphasizing its threat to autonomy and privacy. Second, we discuss the sensitive personal information that eye-tracking reveals, complications that limit what eye-track - ing studies establish, and the comparative advantage large technology companies may have when tracking our eyes. Third, we explain why eye-tracking will likely be crucial for developing virtual reality technology. Fourth, we review Calo’s conception of visceral notice and offer suggestions for applying it to virtual reality to help users better appreciate the risks of eye-tracking. Finally, we consider seven objections to our proposals and provide counterpoints to them.


Introduction
David Eggers's fictional satire of Silicon Valley, The Every, presents an incident where a powerful technology company uses eye-tracking technology to derail a politician's career.A "vigorous" "global debate about the ethics of eye tracking" follows. 1 However, as Eggers writes, "anyone hoping to hold back" the technology "was proven a fool." 2 Once "capitalists leaped in" and "apps and related products" started "proliferating," it was too late to prevent technology companies from engineering uncritical societal acceptance of their vision. 3It will be tragic if real life ends up imitating art.
Like it or not, eye-tracking is picking up steam.For example, eye-tracking could provide manufacturing companies with insights into the "cognitive state" of their employees, their situational awareness, their attention, and more, leveraging that data to identify, predict, and eliminate inefficiencies. 4In light of all the workplace possibilities, eye-tracking researchers warn that the technology "should never be used for 'big brother' style monitoring or for evaluative assessments of workplace satisfaction and performance." 5rkplace surveillance is just the beginning.Tobii, a prominent Swedish eye-tracking company, claims to "unlock the future" by applying eye-tracking to simulations that enhance how pilots and doctors are trained in high-intensity but low-risk environments.Eye-tracking could also gauge if drivers are attentive behind the wheel. 6Additionally, researchers are exploring the possibility of expanding eye-tracking to typical smartphones (no VR headset required).This shift has the potential to increase eye-tracking by "orders of magnitude." During this eye-tracking frenzy, it is important to look to the future and proactively address one of the most concerning applications: virtual reality (henceforth, VR).If the enthusiasm surrounding the metaverse is any indication, VR will likely be one of the largest eye-tracking domains.Currently, metaverse-oriented companies are investing heavily in VR technology and services. 7As recently as October of 2022, Meta released their newest VR headset (which has eye-tracking capabilities), the Meta Quest Pro, for a Selinger, Altman, and Foster: Eye-Tracking in Virtual Reality   To make our case for visceral notice, we proceed as follows.First, we provide a concise account of how eye-tracking works, emphasizing its threat to autonomy and privacy.Second, we discuss the sensitive personal information that eye-tracking reveals, complications that limit what eye-tracking studies establish, and the comparative advantage large technology companies may have when tracking our eyes.Third, we explain why eye-tracking will likely be crucial for developing VR technology.Fourth, we review Calo's conception of visceral notice and offer suggestions for applying it to VR to help users better appreciate eye-tracking risks.Finally, we consider seven objections to our proposals and provide counterpoints to them.
We recognize that eye-tracking exists outside of VR, that eye-tracking data in VR can be combined with additional information, and that even without eye-tracking, companies can collect and analyze a host of sensitive information in VR, including biometric data. 12Indeed, researchers who constructed an escape room game in VR to experimentally determine how many privacy data attributes an attacker can obtain, claim the metaverse presents "unprecedented privacy risks." 13Nevertheless, we limit the scope of our analysis to the privacy risks that eye-tracking poses in VR.Our justification is that developing the hardware and software needed to create maximum fidelity and engagement likely means relying heavily on eye-tracking.The confluence between technical requirements and privacy risks makes eye-tracking in VR a topic worthy of its own inquiry -especially because, as we will contend, designers can use the distinctive affordances of the medium (perhaps more effectively than in typical 2D applications) to highlight novel dangers.Relatedly, we recognize that visceral notice in the context of privacy risks is neither a comprehensive nor global solution.Nevertheless, as U.S.-based writers we live in a country where the notice-and-consent regime is central to privacy regulation.Consequently, this is our starting point, and we believe that our analysis of visceral notice's application to eye-tracking risks will have broader value.

How Eye-Tracking Works
The practice of eye-tracking dates to the late 1800s. 14Currently, researchers use several methods in controlled laboratory studies.For example, some approaches measure pupil dilation and facial expressions to gauge what users are looking at, how long their attention is captured, and what they feel about what they see.A more accurate method, though, is directly tracking infinitesimal pupil movements with infrared light (henceforth, IR).IR tracking shoots IR light at the eyeball to pinpoint the pupil's location and reveal where the user is looking.There are two ways of gleaning this information: dark pupil and light pupil tracking. 15If the IR light hits the pupil, a bright spot will reflect the light, revealing the pupil's location.If the IR light does not hit the pupil, the pupil is shown as a dark spot, whereas the rest of the eye is lighter.The main idea is that the technology can discern where the pupil is and where it is moving to, enabling eye-tracking technologies, virtual avatars, and users' digital interfaces to respond appropriately.
It is noteworthy that the field of user experience research characterizes eye-tracking as being at the "beginning of a golden age" because advances in hardware and software are democratizing eye-tracking. 16In other words, the technology is becoming so easy to use that it is accessible for people who lack a "highly advanced understanding of human physiology, engineering, and computer science." 17Consequently, it is reasonable to anticipate that eye-tracking will become increasingly prevalent.
By following and analysing our pupils, eye-tracking measures a host of involuntary eye movements that users have no autonomy over, including fixations (when users look at one object for an extended period of time), saccades ("rapid eye movements from one fixation point to another, lasting 30 to 80 ms"), smooth pursuits (following a moving object), and many uncontrollable movements (e.g., blinking, blink duration, blink frequency, microtremors, pupil size, and pupil reactivity). 18om all these movements, it is unsurprising that only twenty minutes of VR can generate approximately two million data points. 19For instance, saccades alone haemorrhage data: "the eye is constantly moving between fixation points," enabling trackers to collect high amounts of data. 20Researchers believe that for VR to feel sufficiently comfortable, immersive, and convincing, headsets will need to track individual eye movements more than 90 times per second. 21 consider the best-case scenario for corporate use of this data, even if we, optimistically and unrealistically, imagine that the companies providing VR services are all good actors and will use this data solely to improve user experience, privacy advocates still might Selinger, Altman, and Foster: Eye-Tracking in Virtual Reality have cause for concern.Since all the aforementioned small eye movements are involuntary, users are likely to be either unaware of the data they convey or physically unable to prevent it.With Instagram, conscientious users can choose not to like a post, and with Google, it is possible to use ad-blockers or turn off some data collection services.By contrast, since eye-tracking is unmediated by technological services like incognito mode and captures uncontrollable data spillage, users have less control over their privacy. 22ndeed, since it is early days for consumer VR, there currently are no standard privacyenhancing techniques. 23Given these limitations, heightened privacy risks are likely to follow.For example, while companies might use eye-tracking data for seemingly positive goals beyond optimizing user experience (e.g., improving safety), they could also collect eye-tracking data for targeted marketing. 24With its wealth of information, eye-tracking technology has been referred to as "advertising's Holy Grail." 25 The situation is equally uneasy in cases where users can control their eye movements.Carefully controlling eye movements is "physically and cognitively tiring," and the fatigue increases over long periods. 26Consequently, we may be unable to consciously withhold personal information.27

What Mined Eye-Tracking Data Reveals
Preliminary controlled studies suggest eye-tracking data can be used to predict a user's gender, age, race, geographic origin, certain mental and physical conditions, sexual attraction and preferences, personality traits, skills, mental strain, drug use, and certain cognitive processes. 28Eye-tracking sensors could even identify anonymous users by analysing their irises (which have unique biometric signatures) as well as unique biometric processes like pupil reactivity and gaze velocity.29Such data might be capable of predicting users' values, interests, and decisions -implicating privacy interests and potentially causing privacy harm.
Sociocultural norms can influence visual behaviours, including where people look and when they avoid meeting another person's gaze.Still, researchers caution against making generalized claims about the impact of background conditions like culture that lack contextual sensitivity. 30Nonetheless, some of the claims about what eye-tracking can reveal are surprising.According to psychologists, when people of different cultural backgrounds view a video depicting a culturally specific practice, their eye movements reflect whether they are familiar with what they observe. 31Similarly, researchers found that subtle differences in eye movements occur when subjects view the faces of people from other races and their own race. 32Finally, when people read languages that are not their native tongue, their eyes move differently compared to native speakers. 33wever, researchers stress that in many cases it is too soon to tell what eye-tracking will be able to reveal or predict accurately.Controlled studies contain confounding variables.For example, there are many reasons why eyes dilate, and researchers could misinterpret whether dilated eyes signal desire or fear.Additionally, some inference methods have yet to be implemented outside of controlled conditions. 34e limits of current eye-tracking research point towards two ominous possibilities.Some start-ups and smaller app developers could follow the AI trend of creating "snake oil" eye-tracking applications that are riddled with incorrect or incomplete descriptions of the technology's power. 35The scientifically unsound or incorrect eye-tracking inferences that result could end up negatively impacting lives, much like we have already seen with misapplications of biometric data. 36Conversely, since big tech companies have access to massive user data, highly advanced machine learning algorithms, and substantial latitude to experiment with their information, they likely are better equipped to generate more accurate predictions than the ones catalogued in peer-reviewed literature.This difference suggests our current understanding of eye-tracking's capabilities and harms is both underdeveloped and, worryingly, an underestimate. 37ol. 2 (2023)   Privacy Studies Journal

The Future of VR, Eye-Tracking, and Privacy
VR developers and theorists are pursuing an ambitious goal.Philosopher David Chalmers identifies the endpoint by speculating that "within a century we will have virtual realities that are indistinguishable from the nonvirtual world." 38Even if this is an overambitious projection, it is reasonable to expect future VR designers to attempt to create lifelike immersive worlds.Immersive VR is commonly defined as a sensory experience within a computer-generated world that is "almost real and believable" compared to the physical world. 39Creating immersive VR requires advances in software and hardware, and likely, increased eye-tracking.

3a. Eye-Tracking is Essential to The Future of VR
There are many reasons why eye-tracking is essential to the future of VR.For starters, it will help create immersive VR through foveated rendering.Foveated rendering mimics how human eyes work by blurring our peripheral vision to create a central and vibrant focus. 40Additionally, foveated rendering will help reduce simulation sickness, a phenomenon that occurs if the focus, rendering, visuals, or hardware are incorrectly calibrated. 41o make immersive VR mainstream, developers must minimize, if not stop simulation sickness. 42ditionally, foveated rendering potentially can reduce the computing cost of VR significantly.If eye-tracking can identify where our eyes are focused, foveated rendering can deprioritize detail in areas outside the user's focus, potentially making the technology more feasible to mass produce at high quality. 43e-tracking can also make it easier to direct and control content.For instance, new interfaces like direct gaze "gesture" interactions will improve interactivity and user experience.Suppose users could manipulate VR content with their eyes (e.g., open drop-down menus by looking in the corner or teleporting by blinking several times).Then, VR could be less physically taxing than the alternative of gesturing with controllers for hours.
While eye strain is a serious issue, eye-tracking can be a form of control that other sensory modalities support, such as voice and touch.
Other possibilities also exist for using eye-tracking to control content.Recall that the goal of lifelike immersive VR is to feel indistinguishable from physical reality.To achieve this state, the technology likely will trend towards systems that are incredibly easy to use, also known as systems that enable "ultra-low-friction" input.44Consider Meta's "intelligent click."45Using intelligent click, AI-infused software might be able to anticipate our desires.The intelligent click would only require users to click a button.Using predictive software, the system is supposed to do what we want, when we want, without the need to communicate anything explicitly.Gaze, analysed through eye-tracking, will likely be critical for sensing our intent and executing this functionality.
In the past, much of predictive eye-tracking relied on knowledge of the environment and the gaze point.46However, recently, researchers could predict interactions using only gaze, "independent of any knowledge of the eye's location or the gazed-upon object." 47These calculations require incredible computing power.And it will take time until eye-tracking technology can produce a mainstream "intelligent click."However, recent research has found a "hidden structure in gaze," which can be used to predict future gazes. 48Therefore, even though predictive eye-tracking may seem very sci-fi, it may not be that far away.And crucially, if predictive eye-tracking is popularized and integrated into lots of our technology, it seems patently clear that eye-tracking may be here to stay.
Another benefit is that eye contact, one of the most important forms of non-verbal communication, might also be enabled by eye-tracking. 49If VR avatars could meet our gaze in a Selinger, Altman, and Foster: Eye-Tracking in Virtual Reality manner that mimics regular human eye contact, VR social interaction might feel far more satisfying.
Still, research indicates that technology needs further refinement before VR avatar eye contact feels right.A study from Tampere University in Finland found that eye contact with VR avatars does not elicit the same physiological responses (e.g., momentarily slower heart rate and increased skin conductance) that eye contact with people generates.Although the researchers also note that this discrepancy might exist for a reason that may not apply to future technology-namely, online avatars currently do not look convincingly lifelike. 50To be sure, creating lifelike avatars will be difficult.It requires replicating features like micro expressions around the eyes and avoiding the psychologically uncomfortable design qualities of the uncanny valley.Still, it is not an impossible task.In sum, as VR avatars continue to improve and enhance social presence, their ability to meet our gaze will become more important, and eye-tracking likely will be critical to facilitating convincing interactions and conversations with them.
Innovators hope that someday VR will provide better options for some activities than physical reality.For example, education may get an upgrade if students can take realistic and engaging VR tours of places they otherwise could not visit-such as being led by an avatar of Jane Goodall through a simulated Gombe Stream National Park in Tanzania. 51Or dating could get more interesting if you could meet up with someone in a simulated version of Paris or the moon, instead of a local cafe. 52Indeed, Chalmers goes so far as to predict that VR "resolution will get better, until a virtual world looks exactly like a nonvirtual world …We may spend much of our lives in these environments, whether for work, socializing, or entertainment." 53VR eyetracking promises to improve immersion and feedback to these types of activities.
To achieve this heightened level of immersion, VR technology should be able to sense, process, and respond to many of the small signals our actions, words, and eyes broadcast into the world.During casual in-person conversations, we often subconsciously notice and react to slight tells that many people have.For example, if someone's eyes continually flick to the side and ceiling while you speak to them, it is reasonable to presume they are not entirely focused or might be nervous.Eye-tracking must capture and accurately represent these small movements virtually so other users can see them and respond.Additionally, to generate a "context appropriate interaction," with computer-generated non-player characters (NPCs), VR software should be capable of inferring whether a user's stare is aggressive, inquisitive, or fearful.Conversations with NPCs could be far more engaging if technology could discern when our glances signify interest (as opposed to revulsion) and tailor appropriate responses based on that information.In short, VR likely will rely heavily on eye-tracking to generate compelling and engaging VR experiences.

3b. Privacy Dangers of Eye-Tracking in VR
Eye-tracking has been compared to an uncontrollable like button, signalling tons of intimate information without a person's knowledge or consent. 54Brittan Heller aptly coined the concept "biometric psychography" to characterize the situation, defining biometric psychography as "the gathering and use of biological data, paired with the stimuli that caused a biological reaction, to determine users' preferences, likes, and dislikes." 55In the hands of advertisers, biometric psychography could supercharge targeting advertising, behavioural modification, and privacy violations.Fundamentally, users face heightened privacy risks in VR, many of which they are unprepared for and currently have little to no recourse to combat.
After all, common boundaries that people deploy in physical reality to protect their privacy do not apply in VR. 56 In daily life, for the most part, the threat of sustained eyetracking is as remote as the danger of telepathy.Furthermore, in special cases where it is prudent to prevent others from monitoring our eyes, like high-stakes poker, one can use physical barriers that might not exist in VR, such as protective dark glasses.Whether VR offers eye-tracking barriers will depend on what governance mechanisms are adopted. 57oreover, even if users are given easy-to-access settings for turning off eye-tracking, the practical costs for using those settings may be too high; programs that become necessary for work, school, socializing, or providing accessibility for users with disabilities could lose critical functionality.
More pertinently, people will have difficulty grasping the new VR eye-tracking privacy threats if their disclosure is buried in the long and dense terms of service agreements that over 90% of consumers never read. 58Simply put, we are concerned that users will still lack a meaningful understanding of the risks, even if they are explained.The problem is exacerbated by the fact that while eye-tracking on its own can be invasive, we should expect eye-tracking data to be aggregated with additional biometric information.If our eyes, voices, movements, and faces are surveilled in VR, privacy will be exceptionally Selinger, Altman, and Foster: Eye-Tracking in Virtual Reality hard to protect. 59To address these issues, we will consider a novel approach to presenting information about eye-tracking to users in VR.

Visceral Notice
Ryan Calo conceived of "visceral notice" as a potentially helpful strategy to get the majority of people that currently ignore privacy policies to more fully engage and comprehend them.Unlike inaccessible terms of service agreements that are lengthy and filled with legal jargon, visceral notice triggers familiar sensory experiences, delivering critical information.Crucially, Calo contends, "the goal of visceral notice is not to manipulate preferences but to give consumers the information they need to act upon their preferences." 60n other words, visceral notices should only be used as a tool to increase user awareness and comprehension of risks.It should not be deployed to intentionally modify behaviour like nudges. 61 a basic level, visceral notice can be understood in phenomenological terms because it draws from familiar, embodied experience.Calo provides a clear example of pain as information.Imagine a world where we receive a text-based "alert" that our body was in pain instead of feeling an intense first-person sensation.We can easily tune out the message -much like the flood of privacy notices that saturate our inboxes.Yes, pain is unpleasant, but it also has utility.Sometimes, we can benefit from acknowledging what pain communicates and be grateful that, discomforting as it may be, it grabs our attention. 62 some contexts, regulators already appreciate the benefits of visceral notice.For example, rumble strips on highways notify car drivers that they are moving off the main lanes and towards potential danger.While drivers can ignore traffic signs or roads that gradually trail off, rumble strips provide a visceral notice by triggering disconcerting sounds and vibrations. 63lo contends visceral notice can be applied to digital privacy policies, and outlines three main design methods to implement it: familiarity as warning, psychological response  64 We will explore each modality, offer suggestions for applying them to VR and eye-tracking, and consider objections to enhancing privacy through visceral notice.

4a. Experientially Enhancing Sensitivity to The Privacy Risks of Eye-Tracking
Because people are unaccustomed to having their eyes persistently tracked, it is crucial to notify them of this new mode of monitoring in VR.For the visceral experience to effectively convey the new threat, it should have two features.It should be attention-grabbing, and it should incorporate the specific privacy risk it is warning against.Fortunately, there is a simple way to combine both elements in VR.
Consider a typical online experience.We have become used to quickly skipping past the wording of online contracts and racing towards clicking the "I agree" button, and privacy scholars claim that the experience has conditioned us to behave like simple input-output machines. 65See the button, click the button.Do not bother to try to comprehend the terms, much less think about whether they are fair or even cost-benefit justified.Instead of seeing the offering as a negotiation, we experience it as background noise or a frustrating nuisance that delays our use of a desired product or service.The act of notice needs to be done differently -in a way that disrupts our auto-pilot habit and encourages us to reflect on what we are doing.For the experience to include the needed specificity that is appropriate to the future of VR, it must involve eye-tracking.
To combine both features, VR designers could display the terms of service contract in a new way.To move through the terms, users could use their eyes.As their tracked eyes scan the words, the contract will scroll up or down, depending on where attention gets directed.When someone is ready to sign off and accept the agreement, they would need to perform a visual feat that signals affirmative intention -something more robust than blinking over a 3-D "I agree button."One possibility is to present users with numbers arranged at different heights.To convey agreement, users would need to move their eyes over each number in the correct sequence -a process that utilizes the user-experience design technique of productive friction, requires concentration, and is unlikely to be accomplished by accidental or random behaviour.
This process is better suited to helping people appreciate that their eyes will be tracked than to understanding the range of privacy risks associated with eye-tracking data.After all, the contract still can contain features that limit intelligibility, like boilerplate jargon.Consequently, the contract should be limited to providing the most minimal level of permissions.Ideally, when users buy VR hardware and turn it on for the first time, the technology should guide them through an interactive 20-to 30-minute session that acquaints them with specific risks (see section 4b).This session could resemble the training screen users enter before playing a new video game.Here, they would be given further sensi- tizing experiences that acquaint them with the privacy risks before being prompted to agree to more data-intensive conditions.Once they agree, we recommend further implementation of visceral notice features within the user interface of VR to continuously alert users to privacy threats.
To ensure that users receive ongoing visceral notice privacy updates after buying VR technology, we suggest that developers and companies consider implementing visceral notice as a continuous and iterative design process.Ideally, with each software update (like periodic Apple IOS updates), companies could release an updated visceral notice privacy tutorial and updated visceral notice design features on the user interface.
In sum, we have provided three general proposals about how visceral reality could alert users of privacy risks.The first proposal entails modifying standard terms of service agreements by allowing eye movements to convey agreement.The second entails instituting an initial VR safety visceral notice tutorial when users buy new products.The third incorporates visceral notice features within VR interfaces.Using Calo's three visceral notice ideas, we will clarify how to implement our proposals.The recommendations are non-exhaustive and have not been tested.We aim to begin a critical discussion around visceral notice for eye-tracking and VR.We hope future research further refines the suggestions.

4b. Showing
By showing, Calo means using narrative and other demonstration techniques to present negative consequences or vulnerabilities in emotionally resonant ways.For example, Calo suggests that a company that provides loans can do more for consumers than merely disclose basic information, such as interest rates."We can imagine further inputs -for instance, what will happen to this or that borrower should he miss a payment or if inte- rest rates change -to dramatize other terms of the deal on offer." 66The idea is that design features that demonstrate to a user how a problem would affect them specifically, are likely to cause a more visceral response and understanding.We will offer several hypothetical ways to apply this strategy to eye-tracking in VR.
Our first suggestion is to have users viscerally confront the meaning of their eyes being tracked in the privacy training module described previously.In a potential immersive VR privacy module, users might find themselves standing on a pillar raised hundreds of feet.Beneath them, a crowd of people are looking at them, and before them are large TV screens, suspended in the air which are all recording and playing the users' current movements.After a short interval of this disorientating experience, the screen could present to the user relevant data and analytics concerning the scenario in the privacy module.
Alternatively, users could be placed in a virtual art gallery containing different painting styles (e.g., abstract and figurative), sculptures of human faces with varying skin tones, and strategically placed products.Users can be instructed to walk around and browse the exhibition.After a brief time, they are then presented with crucial eye-tracking information, ranging from heat maps illustrating where they were looking to statistics representing what they saw.The goal is to sensitize people to what eye-tracking can reveal and how seemingly innocuous visual activity can be surveilled and analysed, with rapid but not necessarily accurate assumptions generated about interests.Imagine you focused primarily on the figurative paintings and light-skinned sculptures.There could be several reasons why this happened.Maybe you are not a fan of cubism, or perhaps you like cubism, but the paintings in the gallery were constructed too poorly for your taste.Maybe you have biases, or perhaps you simply favoured the lighter-skinned sculptures because the lighting made them more visually pronounced.There are lots of possibilities.Hopefully, the experience (and perhaps some accompanying narrative) will prompt users to consider whether companies should have the power over this information and increase awareness of the privacy risks in VR.

Figure 2 Raised Pillar
Designers can further tweak the scenario so that it aligns more directly with Calo's loan example -an example that renders salient a harm that unfolds over time.Consider one of the most challenging privacy issues: helping individuals understand that individual actions can have profound long-term societal impacts.To illustrate this point through showing, users could re-enter the art exhibition after being presented with the initial core eye-tracking information.Now, the virtual space will have changed.If users previously looked more at figurative than abstract art, this time, only figurative art will be displayed.Or, if users looked more at light-skinned than dark-skinned sculptures, only light-skinned ones are displayed.Having had a chance to explore the updated environment, users are presented with an explanation for the change: the gallery has been altered to showcase seemingly preferential content.The experience could prompt the user to think critically about whether it is a good idea to engage in activities that exacerbate the influence of bias and lead to virtual worlds having less diversity.

4c. Familiarity as Warning
Another visceral notice method, familiarity as warning, is used by designers to "leverage the individual's familiarity with a previous technology to realign expectations with reality." 67For example, we are accustomed to microwaves emitting a noise when they are done; we are used to blue text on a website indicating a hyperlink; 68 and with newer cars, we expect a little beeping sound when our cars are in reverse. 69These expectations prime us to respond appropriately to the situation at hand.Each of our responding "interventions" is a conscious and intentional design choice intended to elicit specific behaviours. 7067 Calo, "Against Notice Skepticism," 1037; for more on how this concept is applied to standardizing XR safety, see https://www.theinformation.com/articles/we-need-a-911-for-the-metaverse.68 Calo, "Against Notice Skepticism," 1035.69 Calo, "Against Notice Skepticism," 1036.70 Calo, "Against Notice Skepticism," 1035.We can apply the same idea to privacy with eye-tracking by capitalizing on users' familiarity with previous indicators that prime them to privacy-awareness to encourage them to be more conscious and careful with immersive VR technology.Basically, users must grasp that their behaviour is being surveilled and data-mined.One way to do this is to leverage a helpful design feature that became popular during the pandemic.The video conferencing platform Zoom provides an audio alert that announces "recording in progress," adding the visual element of a pulsing red circle next to "Recording…" The notice is attention-grabbing for two reasons.It is multi-sensory (and thus more accessible than one that only stimulates one sense).Additionally, the circle evokes the recording feature on Apple's "voice memos," and the dot is reminiscent of the one signifying that the camera feature is enabled.In VR, similar elements could be adapted to say something like "Surveillance and Data Mining in Process." To focus the user's attention on eye-tracking, designers could combine the pulsing circle icon with an image of a watchful eye in the shape of a 3-D bright red eye icon.The eye icons should constantly be moving around, just like human eyes.Next to the icons, designers could insert text that conveys something like: "Alert: Eye-Tracking is Active," using fonts and colours that are familiar from other warnings.

4d. Psychological Response as Notice
Using the strategy "psychological response as a notice" designers can "leverage … visual and audio clues" that people respond to "in specific, predictable ways" to advance a consumer's understanding of how a new technology functions and the risks it poses. 71For example, studies show that people psychologically respond to technology with anthropomorphic features as if dealing with an actual person. 72Consequently, Calo notes, since "people are routinely being tracked by a variety of companies and other parties, but do 71 Calo, "Against Notice Skepticism," 1038.72 Ibid.Active  Selinger, Altman, and Foster: Eye-Tracking in Virtual Reality not realize they are," adding "an anthropomorphic cue could drive home the fact of tracking in a way that privacy policies cannot." 73e anthropomorphic cue that Calo suggests is to have a little avatar run across the screen when they click on new websites. 74Since seeing a physical manifestation of being followed is presumably uncomfortable, it can help the user to become more viscerally aware of tracking and take it more seriously than if the notice was a wall of boring text.For another example, imagine a little green gnomish figure tucked into the top righthand corner of a computer screen.It has bulging eyes (to signify eye-tracking), and stares intensely at users, always meeting their gaze directly.It might also occasionally blink or tap the foot slightly to attract users' attention.Being continually looked at by an anthropomorphic figure like the gnome can trigger our psychological discomfort -a sense of creepiness. 75terestingly, the experience of creepiness has a complicated relation to privacy.On the one hand, as privacy scholar Neil Richards argues, creepy is a poor basis for making normative judgments because the term is both overinclusive and underinclusive. 76On the other hand, since psychologists contend that creepiness is an "evolved adaptive emotional response" that tells us to "maintain vigilance," it may be useful in this context for alerting users of privacy dangers. 77re is one more suggestion.Suppose that little tendrils of colour trailed according to where users' eyes move.The colours might only be noticeable, not necessarily large, strong, or garish.The default for a feature like that would be "on" but could be turned off.This strategy plays on a dynamic that psychologists call "feature-based attention"  Selinger, Altman, and Foster: Eye-Tracking in Virtual Reality (henceforth, FBA). 78FBA is "the selective processing of a relevant feature over unattended feature," and in this case, the focal features are items like colours and motions. 79While psychologists find that correctly employed FBA can improve people's ability to understand and retain information, additional research should be done to determine its efficacy in this context.Furthermore, our eye-tracking design suggestions should be taken as conjectural ideas to consider implementing.As Calo notes, visceral notice suggestions require interdisciplinary empirical experimentation to validate.

Figure 4 Alert: Eye-Tracking is
Thus, in the context of eye-tracking, if future empirical studies could design, test, and apply FBA to increase awareness of eye-tracking, it could be an effective application of visceral notice.Regardless of the specific design feature, the goal is to stimulate lasting psychological responses to communicate to users that they are being monitored and tracked.

Objections and Replies
In this section, we will consider seven objections to using visceral notice in the manner detailed above, responding to each in turn.

5a. Notice-And-Consent Governance Is Flawed
The first objection is that the traditional notice-and-consent privacy governance model is fundamentally flawed.Sceptics convincingly argue that the model rarely generates  meaningful, informed consent due to factors like length, use of legal jargon, and lack of consumer bargaining power. 80As a result of these limitations, some critics advocate abandoning the notice-and-consent model and looking for better options.
Philosopher and privacy theorist Daniel Susser provides a compelling response to this objection.He contends that even if the notice-and-consent sceptics are correct, notice remains valuable. 81In other words, notice and consent issues need to be conceptually de-coupled because consent problems do not negate the utility of every form of notice.Specifically, Susser claims that effectively communicated notices can offer users a range of direct and indirect benefits, including providing "basic situational awareness" that enables us to be aware of threats and to enlist the help of experts to safeguard against them. 82For example, advocacy groups could take legal action, run consumer awareness campaigns, exert political pressure, or develop privacy-enhancing technologies. 83sser's approach to the value of notice reinforces the idea that implementing visceral notice strategies in VR does not equal endorsing a notice-and-consent model of privacy protection.Indeed, visceral notice should merely be one governance tool in a more extensive tool kit.In principle, it is compatible with drawing legal red lines, like banning targeted advertising, credit scores, inferences about sexuality, and more, based on eyetracking data.

5b. Design Has Varying Impacts
The second objection is that visceral notice strategies are too ambitious because, as Calo notes, different people can have varied responses to design and individual responses to visceral notice strategies can change.This objection criticizes a potential implementation problem-that visceral notice might only be effective for a limited group of people or that it if initially works, it might lose its efficacy after repeated encounters.Consequently, one response is that more research is needed to determine what works, given user diversity and changes to user experience over time, and whether viable changes can improve efficacy, potentially including customized and adaptable design choices.Another response is that the strategies proposed are appropriately ambitious.Visceral notice strategies might not work on everyone, but they have the potential to improve privacy awareness for a statistically significant number of people.The goal is not to present a perfect design solution but to launch privacy policies as an iterative process-to learn what works and what falls short and enter a virtuous cycle of adaptive change.Vol. 2 (2023) Selinger, Altman, and Foster: Eye-Tracking in Virtual Reality   5c.Nudging   Calo insists that visceral notice should only heighten people's appreciation of privacy risks, not nudge their behaviour.The third objection is that some of the design strategies we propose are too value-laden (e.g., too creepy, too intense, etc.).Consequently, they could nudge some people to undervalue the positive gains eye-tracking offers, and thus manipulatively alter their preferences.This objection hinges on empirical facts.Further study is needed to determine whether the design strategies will impact a statistically significant number of people.If so, a reasonable way to proceed is to propose and test replacements.In other words, not every VR visceral notice strategy has to be a nudge, just because some are.Alternatively, one might reject the anti-nudge criterion as contextually inappropriate.Particularly in the training modules that we propose, a case could be made that nudging is justified because the clear personal benefit of immersive engagement in VR is easier to appreciate than subtle privacy problems (e.g., endowing companies with more power by providing them with intimate personal information), harms that have a societal impact (e.g., eye-tracking data fuelling algorithms that decrease diversity in virtual worlds), and harms that are difficult to quantify (e.g., does using eye-tracking data for product placement or targeted ads diminish autonomy).From this perspective, nudging corrects an unfair epistemic imbalance by emphasizing non-trivial privacy risks that otherwise would be insufficiently vivid to trigger due consideration.Furthermore, if nudging is justified, more heavyhanded design choices may be appropriate.This position requires further debate because the allegation of unfairness will be valid in some privacy regimes but not others.To a large extent the fairness of individual risk hinges on what privacy and related protections a regime offers.
Finally, Calo distinguishes between facilitation-based approaches, which help people "develop and consummate their intentions," and friction-based approaches, which hinder people's ability to act freely and rationally.84Although no action is wholly facilitation or friction, we can generally discriminate between them based on the intentions and impacts of the nudging and notice in question.The intent of visceral notice is clearly to facilitate choice, and while the empirical impacts remain to be seen, we are hopeful.

5d Too Much Choice
The fourth objection is that if users are allowed to turn off any of the features proposed here, too many will exercise this choice for bad reasons, such as not wanting to see aesthetically noisy design elements.To avoid this poorly reasoned outcome, users should not be given the latitude to opt out.
Since some users will have good reasons for opting out, such as visual conditions that are incompatible with the visceral notice strategies, the concern about putatively bad reasons does not apply generally.But even if nearly all users opt out of our features, the outcome does not undermine our proposal.First, users would be no worse off than before the visceral notice design features.Second, the choice to turn them off would occur after receiving information concerning the risks inherent to eye-tracking.Indeed, even if the feature were only active for a few minutes, the time it would take for users to notice, wonder what it is, and turn it off, is far more than the time users currently spend reading terms of service agreements.

5e. Diminishing Salience
The fifth objection is that the visceral notice strategies outlined here can be, at best, temporarily effective.They will lose their salience because elements that are initially novel will become familiar.Once people experience them routinely, the features will lose their attention-grabbing power. 85ile it may be the case that people can become accustomed to and tune out traditional privacy notifications (terms of service agreements, for instance), the same logic does not necessarily hold for experiences.As Calo notes, even though we routinely hear cars' engines and no doubt are accustomed to them, the noise continues to be a useful tool for alerting people that a vehicle is nearby. 86Perhaps we associate the car's engine with danger; or maybe the engine's noise is noisy enough that we always notice it.
Future empirical research is required to identify how visceral notice can be effectively applied to eye-tracking and VR privacy.Ideally, visceral notice strategies for eye-tracking would attempt to achieve the same effect as the car engine; thus remaining consistently successful at attracting users' attention.Since the design features suggested in this paper have not been tested for efficacy, we do not know if they will meet this standard.Better results might follow from modified designs or selecting alternatives.Indeed, we cannot discount the possibility that visceral notice strategies need to be renewed frequentlythat when they become too familiar, they need to change.Additional consideration is required to determine how technology companies can adopt a format that is constantly changing, given how privacy reviews are structured.

5f. Companies Will Game the System
The sixth objection is that companies that profit from eye-tracking will try to unduly influence the visceral notice design process.Suppose it turns out that the visceral notice features alert people at first eventually fade into the background of their consciousness.In that case, companies might make design updates that aim at making the benefits of eye-tracking more pronounced -perhaps overstated.As Calo puts it, depending on Vol. 2 (2023) Selinger, Altman, and Foster: Eye-Tracking in Virtual Reality the incentives, companies may try to use visceral notice designs as tools for "their own advantage." 87This is a considerable objection.Realistically, some companies will look to capitalize on loopholes and policies that can be implemented in many ways.However, it is not a foregone conclusion that all companies will behave this way.Some may want to take full advantage of visceral notice strategies to differentiate themselves from competitors who place less value on privacy.Additionally, the companies that would use visceral notice in nefarious ways probably would do so regardless; the question is whether we want privacy advocates, governments, and privacy-friendly corporations to fight for this idea.Lastly, some legal regimes may be able to limit how much latitude companies may have co-opt or undermine visceral notice information.
However even if visceral notice strategies fail to gain traction with companies, another practical possibility remains.Third parties may be able to put them to good use.For example, organizations that promote digital literacy could use visceral notice design to enhance privacy education.In short, if visceral notice is, overall, a good idea, it ought to be spread and popularized.

5g. Cannot Compel Speech
The seventh objection is that in many countries, companies cannot be compelled to follow the specific design recommendations outlined in this paper.Indeed, even if the law could require companies to communicate privacy risks in VR better, they would retain a fair amount of discretion and latitude to meet this goal.Consequently, the visceral notice proposal is essentially a recommendation for self-regulation, and companies that pursue self-regulation can be counted on to select self-serving privacy-protection options.
Here, as with some of the above replies, we concede that, depending on the jurisdiction, companies may need to choose to use visceral notice strategies.Consequently, the incentives that impact choices matter.There may be stronger incentives to minimize user awareness of eye-tracking.Or the incentives might favour feigning interest in visceral notice to game the system.Nevertheless, admitting that incentives matter does not mean visceral notice strategies cannot be appealing.Should there be sufficient public support for privacy-enhancing techniques and a credible concern about backlash for failing to provide them, companies may find visceral notice an attractive option.

Conclusion
Nearly sixty years ago, in his seminal book, Understanding Media: The Extensions of Man, media theorist Marshall McLuhan offered a prescient warning that puts the old saying about eyes being the window to the soul in a modern capitalist context."Once we have surrendered our senses and nervous systems to the private manipulation of those who would try to benefit from taking a lease on our eyes and ears and nerves," McLuhan writes, "we don't really have any rights left."88Bleak as today's commercial internet can seem when viewed from the perspective of a privacy advocate, the future of VR remains open.It is not predetermined to be a dystopian setting where we surrender our eyes and rights.But given the commercial value of eye-tracking and the poor privacy record of leading big technology companies, we should heed McLuhan's warning.While these technologies are still developing, now is the time to act to formulate governance strategies capable of providing adequate privacy protection.We cannot afford to wait.
In this paper, we have proposed visceral notice as a practical and potentially valuable design strategy for communicating the key privacy risks that eye-tracking poses in VR.Since VR has distinctive affordances, and some of them, like eye-tracking, make us vulnerable to those who would abuse our personal information, it is wise to try to leverage the specific features of the media to help safeguard privacy.

Figure 1
Figure 1 Terms of Service

Figure 3
Figure 3 Art Gallery

Figure 5
Figure 5 Creepy Gnome