Facebook Reality Labs head Andrew Bosworth released an internal memo, entitled “The Big Shift,” which underlines why the company needs to start building products now that better balance user privacy and user experience.

Even before Facebook moved to require all new Oculus users to sign in with Facebook, Oculus headset users were rightfully worried about the company’s treatment of user privacy. Facebook has a long track record of privacy scandals, including the Cambridge Analytic debacle, mass surveillance, and the amplification of misinformation (aka ‘fake news’). There’s more, but the list is comically long.

Virtual and augmented reality opens new, more intimate windows into user behavior though, with biometrical data obtained from VR/AR devices offering important vectors for understanding what makes each individual tick. It’s a treasure trove of user data which has largely gone untapped (and unleaked, as far as we know), but it won’t always be that way.

Now, Andrew Bosworth, the head of Facebook’s AR/VR Reality Labs team, is calling on his colleagues to put user privacy at the core of its products. The ‘Big Shift’ memo, seen in part below, was obtained by Big Technology, and first reported by OneZero.

“Starting in January we are changing the way we approach product development in FRL. Instead of imagining a product and trimming it down to fit modern standards of data privacy and security we are going to invert our process. We will start with the assumption that we can’t collect, use, or store any data. The burden is on us to demonstrate why certain data is truly required for the product to work. Even then I want us to scope it as aggressively as we can, holding a higher bar for sending data to the server than we do for processing it locally. I have no problem with us giving users options to share more if they choose (opt-in) but by default we shouldn’t expect it.”

In the memo, which was released December 22nd, Bosworth says he doesn’t simply aim to meet today’s expectations for user privacy, but wants to “differentiate our products on the basis of privacy. Let other companies scramble to keep up with us.”

Andrew Bosworth | Image courtesy Facebook

Bosworth, a 15-year Facebook veteran, first joined Microsoft in 2004; it wasn’t the same Microsoft we know today, but it was changing to prioritize user security in the face of a long history of ostensibly leaving virus and malware protection for third parties to sort out. Bosworth says in the memo it was due to “decades of buffer overruns and unchecked dereferences in a sprawling code base.”

A Three-game VR Workout Routine That's as Fun as It Is Physical

After his one and a half year-stint as a software designer at Microsoft, Bosworth says public criticism pushed the company to reprioritize security, which helped make it the trusted leader in the field as it is today.

“Today Microsoft is considered perhaps the most trustworthy software vendor in the world. It is trusted by an overwhelming majority of enterprise companies. Having been on the outside since 2005 it was impressive to watch their persistence yield a gradual but definitive shift in their reputation. I think this is a model for us at Facebook. We should become the undisputed leaders in providing privacy aware software.”

Bosworth disagrees with the view that Facebook doesn’t care about balancing privacy and user experience, but he says that due to a recent shift in public sentiment, the company must “consider the consumer experience holistically rather than at optimizing for each individual feature.”

Facebook now offers a new set of privacy functions which reveals what data the company is collecting when you use its VR devices. That’s moving in the right direction, however it’s clear the company as a whole still isn’t working on the same wavelength. This month alone Facebook has faced a major backlash due to its mishandling of WhatsApp user privacy.

Meta CTO: Android XR Rejected Due to Google's "restrictive" Terms & Plans to Fragment XR

“The next step is for the priority of privacy to permeate the entirety of our culture, we’ve made inroads here but we have a long ways to go. Privacy Review should become a simple housekeeping exercise unless we detect further shifts in public attitudes towards privacy.”

Whether it was intentional or not, Bosworth’s memo strikes at the heart of the matter: companies of size simply don’t act in your best interests when given free reign, and users need to prioritize privacy over user experience if they want to push entities like Facebook in that direction. It’s supposed to be a ‘Big Shift’ in the way Facebook currently operates, and we can see why.

“With new culture and new tools, [and] a concerted effort to revisit old products, we are on a long road to redemption. We shouldn’t expect any credit before it is due and perhaps not even until a good while afterwards. But we should nonetheless feel proud of the shift we are undertaking and confident in our ability to see it through.”

Facebook declined OneZero’s request to comment on the contents of the memo.

We’ve included the majority of ‘The Big Shift’ in this piece. You can check out the whole, unedited version here.

Alternative Text

This article may contain affiliate links. If you click an affiliate link and buy a product we may receive a small commission which helps support the publication. More information.

Well before the first modern XR products hit the market, Scott recognized the potential of the technology and set out to understand and document its growth. He has been professionally reporting on the space for nearly a decade as Editor at Road to VR, authoring more than 3,500 articles on the topic. Scott brings that seasoned insight to his reporting from major industry events across the globe.
  • Patrick Hogenboom

    Good luck prioritizing privacy when your core business is obtaining as much data on people as possible.

    • Exactly this

    • Ad

      Stop using logic. Facebook’s only media strategy has been gaslighting for a long time.

  • Rudl Za Vedno

    I really don’t care about their internal policy. FB products will stay a no go for me as long as I have to signup/login with FB account to access headset that I bought. That’s illegal in Germany and should be illegal everywhere.

    I’d be OK with a compromise of having 2 options, first one paying 500 bucks for a headset without FB login requirements or the second 300 bucks & FB account being a mandatory thing.

    • TechPassion

      You might drive Tesla in Germany, right? It is also connected to the central servers all the time and knows where you drive, what you do. How is this legal? :)

      • johann jensson

        Good joke. In Germany, were the internet infrastructure is worse than 3rd world eastern countries…

        Try again.

    • Ad

      The issue with a dual system is that it doesn’t solve anything, it just makes the people who care about privacy stop caring.

  • xyzs

    This guy is a close friend of Zuck and one of the very very first employee of Facebook.
    He made his life plan about empowering Facebook, since its early days.
    He never worked in video game industry.
    But Zuck made him CEO of Oculus…

    Now you know that, up to you making your opinion about the stuff he says…

    • johann jensson


      • Sven Viking

        I don’t think it’s much of an argument against him, but as far as I know the facts are correct. He moved from Microsoft to become one of the first 15 engineers at Facebook and “one of Zuckerberg’s longtime confidants.” No game industry jobs. https://fortune.com/2012/05/16/inside-facebook-2/

    • Ad

      Read his bio on Facebook, he’s the worst.

  • johann jensson

    There’s no privacy, unless we can use our HMD and the software completely offline. I stopped bying games that can’t be played without internet, after some bad experiences, and i hope other people wise up as well.

    • Charles

      Agreed, though I’d go with an OLED headset.

      • Sven Viking

        There aren’t a lot to go around. The only recent one I can think of is one of the many Pimax models.

        • Charles

          I think the Odyssey+ is still the best headset, if you get a VRCover, wear it correctly, and use OpenVR Advanced Settings to eliminate black smear.

          Or if you like wireless, the Vive Pro is also very good.

        • James Cobalt

          And it’s probably their worst model at that :-/
          And StarVR One is still going for $3k in the states despite having PPD similar to the original Vive.

    • Ad

      I’ve run SteamVR with steam not even running so often, it doesn’t have DRM.

  • I want to believe that this is the new attitude of Facebook, but it’s hard prioritizing privacy when your goal is offering targeted ads…

  • Gamer1st1

    Yeah, no thanks. Any company that can, and does, change on a whim, and can lock you out of your own hardware, won’t be getting my $. Possibly killing access to your software’s bad enough, but I won’t tolerate them doing it to hardware.

    • Till Eulenspiegel

      People use their email to sign up for an account for consoles, mobile devices, computers, etc. You know that all the apps and games are safe because no one will banned you for what you said in your email.

      Using a facebook account to buy games and apps for Quest is just dumb – you can be banned for accidentally saying things that they deemed as inappropriate. Even a President can be banned, that means your investment is always at risk.

      Facebook has no experience selling consumer products, Oculus is their first venture and it shows their naivety.

      • Gamer1st1

        Which is why I don’t use SM, and haven’t for years.I used email on their store to revive play games. That’s over now as well.

      • Sven Viking

        Additionally Facebook’s AI is so trigger-happy you can potentially even be banned for saying nothing, as with a majority of the people in this list.

  • Sven Viking

    It’s a nice memo, and I agree with it, but it’s hard to take seriously while they’re simultaneously forcing users off an existing system and onto a system with an enforced reduction in (max) privacy.

  • Ad

    This is nonsense and gaslighting. No reference to ads, to Apple, to how they’re trying to shut down Apple’s privacy measures, and the Microsoft comparison is nonsense because viruses didn’t make Microsoft money and security is actually often used as an excuse to harm consumers.

  • sebrk

    Step one: skip Facebook required login to use the HMD. No? Yeah that is what we’ve guessed.

  • James Cobalt

    Considering being the leader in XR is going to be a lot more valuable than being the leader in social network advertising, they might actually be taking this seriously. Though I suspect it’ll be many years before drastic changes are felt in the parent organization.

  • Till Eulenspiegel

    People use their email to sign up for an account for consoles, mobile devices, computers, etc. You know that all the apps and games are safe because no one will banned you for what you said in your email.

    Using a facebook account to buy games and apps for Quest is just dumb – you can be banned for accidentally saying things that they deemed as inappropriate. Even a President can be banned, that means your investment is always at risk.

    Facebook has no experience selling consumer products, Oculus is their first venture and it shows their naivety.

  • Amni3D

    Talk is cheap, let’s see how it works in practice.

    This is the same company that still forces you to install an unrelated mobile app to enter the home screen. Same company that said last Facebook Connect that they have no clue how they’ll handle privacy in AR, but “we’ll know when we get there :^)”. Same company where the CEO called its userbase “dumb fucks” for trusting him with data.

    They’ve pulled these cutesy PR stunts before. Nothing ever changes. If they cared about privacy, they had 16 years to prove a point.

  • JB1968

    That’s just pure bullshit from a company which main business is to suck out as much as possible data from each user.

  • Als89

    Very funny joke lmao

  • z

    a good first step would be to not force users to log in with Facebook

  • oomph

    Not using FB so
    will not use any of its other items
    I dunno why people put their private photos & info on a public platform that ….

  • Jim Hunter

    Dont buy Oculus product. I have the quest 2 that i purchased as a xmas gift. All of a sudden a couple days later the headaet lost its pairing with the controllers and now wont pair. I have gone through support on January 20th and today January 29th and another support person said they are still needing info which they already gave instructions for me to try to correct and nothing worked. So 9 days total and the last time someone reach out to me was 5 days ago. This is ridiculous service and a crappy way to get a warranty so they care nothing about privacy and nothing about their warranty. Just a absolutely terrible company and product. If microsoft makes a vr head set buy it stay away from Facebook Reality Labs.