Augmented Reality is part of Internet of Things, to the best I can see. It has all the security and Privacy issues and more: also safety issues, as virtual actions can be translated to effects in the real world which are dangerous. (Otherwise, the question is too broad to give specifics).

One aspect to consider in relation to security and privacy concerns is who has power and control over these systems. If the user has – and retains power at all times – including the option to completely remove all traces from the system, then the hierarchy is relatively flat and less concerning in terms of privacy and security. If the system maker has all control, including complete control of the data once it is submitted (maybe turning your smiling photo into an AR billboard selling a product), then that is a serious concern for privacy and identity management. The key elements for me in such a system are transparency of the policies and clarity and shared governance and control. If someone, fully aware of the situation and consequences, wants to post photos / videos / text about something in a public realm, like on social media, then they should be able to do that without any ambiguity about how such material will be used and stored and handled in the future. In an AR context, how that material is handled and how it is juxtaposed onto the physical world will raise many interesting issues in the future. The key to addressing it, though, at least in my opinion, is the distribution of power to the user and clear policies about use of material (not 20 pages of legalese text). How about one or two sentences? Something like: We appreciate you sharing your data with us, and using it on our system. While it is here, we want you to enjoy what our platform offers, but when you want to remove it, and disengage from our system, that is a decision completely up to you, and no part of your digital trace will be left behind or used without your explicit written permission. Or something like that! ... 

Given the particular application there are possible threats to human safety, which my be triggered by cyber attack or software virus.

I see danger if a user entirely relies on augmented reality technology and it becomes unavailable or compromised by malware. He might not perceive the peril and walk straight into the trap.

We are pretty much signing up to have our data commodified and resold each time we purchase/get a new app, or join a social media network. As Prof. Oppegaard says, no one reads the 20 pages of legalese that it's necessary to agree to in order to access these channels of sociability. It would indeed be more fair if the uses of the data we generate via app usage/social media were summed up in a few easy to understand sentences, so that we could have a realistic idea of what we are trading in return for access to such channels of communication.  That way we could make informed decisions. 

The agreements we sign give companies a lot of latitude to use our data as they wish.  I think the limits are what they think/find consumers will tolerate.  For example, we are accustomed to ads appearing in our Facebook (FB) feeds that highlight a product related to an internet search we performed 5 minutes ago.  But what if FB used our profile pics to make augmented reality mashups that could depict us in the shoes we just looked at or carrying the bag?  People may find this creepy now, but will they still find it creepy in 5 years after our tolerance has grown for highly personalized target marketing? In my mind, the danger is that we are simply sleepwalking into an age when it will not actually be possible to have any control over the uses of our data, without much public awareness or debate, and thus no regulation.

Some of the concept discussed are not Augmented Reality. Are simply technology, internet and social network apps. For my understanding, Augmented Reality (AR) is the combination of computer generated information to the real world. There are 4 types of AR:

- video see through: Architecture Apps that change the color of a room through the smart phone; kinetics games, car rear cameras with virtual lines that shows where the steering wheel is pointing; BMW's human/animal detection system through the infrared front camera that paint in yellow the human/animal

- glass see through: google glass; cars head display that projects speed, song and GPS info onto the front glass

- Spacial: the captured image is projected onto the the interested area. Exemple the VeinViewer. A device invented by Herbert Zeman (University of Tennessee). I've been studying the VeinViewer on varicose veins since 2005. It captures the image of the veins by an infrared camera and projects the images on the skin with a fraction of a second delay  

- Indirect: applications using webcams and QR codes showing an altered image in the computer's screen (for example an dinosaur text in a magazine that when you put in front of the laptop you can interact with a virtual dinosaur that is not on the magazine but appears on the image of the magazine in the computer screen

https://www.youtube.com/watch?v=PWnl_Kuetag

Article Vein Imaging: A New Method of Near Infrared Imaging, Where a...

Many times, VR/AR systems haven't implemented encryption for network connects, which is standard practice in more traditional communication tools such as instant messaging apps. Many VR/AR systems also rely on third-party apps or integrations with dubious security. As with other collaboration applications, the system might cache information on a local computer or network server; those data also might need to be secured, which could mean encrypting the data. These same systems can also be used as a jumping-off point for accessing the rest of your network. Further, a DDoS attack can create unexpected results in a VR/AR system, so be prepared with a business-continuity and disaster-recovery plan if a system is critical for a business process or classroom. The impact of compliance and legal requirements may be difficult to determine in these new environments, but sensitive data will still need to be adequately protected