Artificial reality solutions may comprise an artificial reality client device paired to a computing system (a “stage”). The client device may include without limitation a headset or glasses. The stage may be a computer system or any suitable computing device. The stage may comprise sensors for detecting a user location, direction, and/or orientation, elements for data input and output including without limitation microphones, speakers, and screens. The stage may be capable of executing software applications. This pairing process between the stage and client devices may occur over a wired connection, but many artificial reality implementations include devices paired wirelessly. To ensure secure communications between the stage and client when communicating wirelessly, the stage and client may use unique identifiers to help identify trusted devices.
In existing solutions, these unique identifiers may be passed between the stage and client in plain-text using wireless communication standards, including without limitation WiFi and Bluetooth communications, which may permit an adversary—someone “listening” to the wireless communications—to view the unique identifiers. A device—including, for example, a stage or client—is mobile and may periodically broadcast the plain-text identifier and an adversary can use this identifier to track the user based on the mobile device's broadcasts. Existing solutions for preventing a device from being unknowingly tracked by an adversary focus on randomizing a unique identifier, such as a MAC address. In existing solutions, the MAC address may be randomized each time the device attempts to connect to the stage. For example, if the client uses a first MAC address in a first location and randomizes the MAC address before broadcasting at a second location, an adversary may have difficulty spatially tracking the client.
Randomizing the MAC address and other efforts attempt to anonymize the wireless communications between the client and stage. However, when the client and stage are both mobile such that the client may travel with the stage—for example, when the client is a pair of artificial reality glasses and the stage is a mobile phone—a third-party could eavesdrop on the wireless communication between the client and stage to track both devices, even when a randomized MAC addresses are used. Additionally, randomization of MAC addresses occurs only during the initial pairing process and will then use a particular MAC address once a connection is established between the client and stage, where the particular MAC address can then be used for tracking.