“…The collected studies discussing or proposing threat models consider application developers [26], [84], [64], [55], [27], [29], [65], [56], [123], [42], [113], [30], [67], servers [30], [84], [6], content creators [37], [84], device manufacturers [116], [84], other users [112], [134], [95], and hackers 1 [37], [123], [58] as the attackers in VR, or rely on general privacy threat models like Lindunn [31], [60], [28], [64]. Based on these studies, we adopt a more comprehensive and pervasive privacy-centered attacker classification specific to VR that encompasses the privacy repercussions of the above threat models.…”