Meta's hidden facial recognition code in Ray-Ban glasses reignites privacy fears

Non-consenting individuals could be identified and tracked in public spaces without awareness or consent, affecting protesters, journalists, migrants, and domestic violence victims.
The infrastructure, once normalized, becomes very hard to constrain.
Privacy experts warn that Meta's facial recognition system, even if not yet activated, represents a permanent shift in surveillance capability.

Meta's 'NameTag' feature would identify faces captured by smart glasses cameras, converting them to biometric signatures and matching against stored data on users' phones. Meta previously paid $2.05 billion in settlements for unauthorized facial recognition data collection, making this discovery particularly sensitive to regulators and privacy advocates.

  • Meta embedded 'NameTag' facial recognition code in its AI app, downloaded 50+ million times
  • System converts faces to biometric signatures and matches them against phone contacts in real time
  • Meta previously paid $2.05 billion in settlements for unauthorized facial recognition data collection
  • Code components distributed to users' devices beginning January 2026, though feature remains inactive

Meta embedded facial recognition code in its AI app for Ray-Ban smart glasses, enabling real-time identification of people in public spaces. The discovery reignites privacy concerns after the company previously abandoned facial recognition technology.

Meta has quietly embedded facial recognition code into its AI application, and the discovery is forcing a reckoning the company thought it had already settled. Researchers at Wired uncovered components of a system called "NameTag" nested inside the Meta AI app—an application downloaded more than 50 million times—that would allow the company's Ray-Ban smart glasses to identify people in real time. The system works by detecting a face through the glasses' camera, extracting it, converting it into a biometric signature (essentially a facial fingerprint), and comparing it against data stored on the wearer's phone. If there's a match, the user gets a notification with the person's identity.

Meta insists the feature is not active and no final decision has been made to launch it. Company spokesperson Ryan Daniels said the code represents only "exploration" of the technology and that nothing has been released to consumers. Yet researchers from the Electronic Frontier Foundation and independent security analysts have examined the system's components and found them substantially functional. One researcher was able to test parts of the infrastructure by introducing a facial signature and triggering a "person recognized" notification. The main technical pieces—face detection, image cropping, biometric signature creation—have been distributed to users' devices through app updates beginning in January.

The timing and method of discovery matter because Meta has a fraught history with facial recognition. In November 2021, the company announced it was shutting down Facebook's facial recognition system and would delete over one billion biometric models associated with its users. That reversal came after years of legal and political pressure. Meta paid $650 million to settle a class action lawsuit in Illinois over collecting biometric data without proper consent, and another $1.4 billion to Texas for using facial recognition to harvest biometric information from millions of people without authorization. The company denied wrongdoing in both cases but the settlements stood.

What makes this discovery different—and more alarming to privacy advocates—is the shift from identifying faces in uploaded photos to identifying them in the physical world, in real time, through a device worn on someone's face. The Ray-Ban glasses have cameras, microphones, and AI integration, making them a permanent interface between the wearer and their surroundings. The core concern is what experts call the "bystander problem": people whose faces could be recorded, processed, and identified without their knowledge or consent. Even if the biometric signatures stay on the user's phone, fundamental questions remain unanswered. Who controls the creation of these facial signatures? Who decides whose face gets added to a biometric contact list? How can someone refuse to be recognized by glasses worn by strangers?

In the United States, more than 70 civil rights organizations—including the American Civil Liberties Union and the Electronic Privacy Information Center—have already asked Meta not to integrate facial recognition into its smart glasses. They point to risks ranging from individual stalking to state surveillance, and specific harms to protesters, journalists, migrants, and domestic violence victims. Europe's regulatory framework is stricter. The General Data Protection Regulation classifies biometric data used for identification as a special category of personal information subject to heightened restrictions. The European Data Protection Board has argued that facial recognition technology, especially in publicly accessible spaces, must meet strict criteria of necessity, proportionality, and clear legal basis. While recent guidance focuses mainly on police use, the underlying risks—surveillance, misidentification, absence of genuine consent—apply directly to consumer products with permanent cameras.

Internal Meta documents reported by the New York Times in February suggested the company was considering launching the technology in a "dynamic political environment" where civil society organizations might be distracted by other issues. That raises a question about strategy: was this meant to slip through unnoticed? The company maintains no final decision has been made, but the fact that the necessary AI models have already been distributed to user devices blurs the line between research and infrastructure-in-waiting. For Meta, smart glasses represent a central bet on the next phase of personal computing. After the metaverse investment, the company is pushing AI-powered devices that can answer questions about what users see, translate conversations, record video, and function as permanent assistants. Analysts see the glasses as one of Meta's most promising hardware plays, especially after expanding the Ray-Ban and Oakley partnership.

There are legitimate uses for facial recognition—helping people with visual impairments identify acquaintances, improving accessibility, facilitating social interaction. Meta has invoked these arguments before. But when the same technology is embedded in discrete glasses connected to artificial intelligence, it can also normalize the invisible identification of anyone who passes in front of a camera. That normalization is what keeps privacy advocates awake at night.

Nothing was released for consumers and no final decision was taken about what to do here, if anything.
— Ryan Daniels, Meta spokesperson
The technology appeared to be almost ready to function.
— Cooper Quintin, Electronic Frontier Foundation researcher
A Conversa do Hearth Outra perspectiva sobre a história
Inventor

Why does it matter that Meta says this code isn't active yet? Isn't that reassuring?

Model

Not really. The components are already on millions of phones. The question isn't whether it works—researchers have shown it does—but whether "not active" is a meaningful distinction when the infrastructure is already in place and distributed.

Inventor

So you're saying Meta could flip a switch and turn this on?

Model

Essentially, yes. And that's the political problem. Once the technical foundation exists, the conversation shifts from "should we build this?" to "why haven't you activated it?" The company has already done the hard part.

Inventor

But Meta paid billions in settlements. Don't they have incentive to be careful?

Model

You'd think so. But those settlements were about the past—about Facebook's photo tagging system. This is different technology in a different context. The company seems to be betting that smart glasses are different enough that old rules don't apply.

Inventor

What's the actual harm if someone's face gets matched to their phone contact list?

Model

The harm isn't just about your own phone. It's about what happens when millions of people are wearing these glasses. You could be identified by strangers without knowing it. A protester could be tracked. A domestic violence survivor could be found. The bystander has no say.

Inventor

Couldn't Meta just promise not to do that?

Model

They've made promises before. And even if Meta keeps its word, what about when other companies make similar glasses? What about when governments want access? The infrastructure, once normalized, becomes very hard to constrain.

Inventor

So what happens next?

Model

Regulators are watching. Europe will likely move first with restrictions. In the U.S., civil rights groups are mobilizing. Meta will probably claim it's still exploring, still deciding. But the code is already there, waiting.

Quer a matéria completa? Leia o original em Público ↗
Fale Conosco FAQ