What Meta’s Hidden NameTag System Was Built to Do
Meta’s facial recognition smart glasses controversy centers on hidden code in the Meta AI companion app that was designed to turn Ray-Ban Meta glasses into a tool for identifying people, recording biometric faceprints, and flagging recognized faces, all without clear disclosure or explicit consent from the people being recorded. Reverse engineering of the app, internally called Stella, revealed a complete face recognition pipeline. Three machine learning models detect faces, align them, and turn each into a 2,048‑dimensional biometric fingerprint stored on the user’s phone. An SQLite vector database powers similarity matching, while persistent storage keeps cropped face images and binary embeddings, including for “unknown” faces awaiting future identification. Hardcoded strings for a shelved “Connections” feature promise to “remember the people you met,” hinting at a near-launch capability that would quietly add smart glasses surveillance to everyday social encounters.
From Dormant Code to Overnight Deletion
WIRED’s investigation showed that Meta had already shipped substantial parts of this system, codenamed NameTag, to tens of millions of smart glasses users through the Meta AI app. Security researchers from EFF’s Threat Lab confirmed via static analysis that the faceprint tracking code was present and active behind the scenes, even though regular users could not yet access it through the interface. Another researcher demonstrated that once a face was manually added in debug mode, the glasses could recognize that person when they appeared in view. Within 24 hours of WIRED’s report, Meta pushed an update that removed the face recognition libraries, biometric workflow, and local storage folders for face images and embeddings. According to Gadget Review, “only debug fragments remain,” suggesting the removal was targeted at disabling functionality rather than rewriting the app from scratch.
Can Deleting Code Erase Surveillance Capability?
Meta describes NameTag as “purely exploratory,” but its quick deletion raises doubts about how much control users really have over smart glasses surveillance. Removing code from the current app does not guarantee backups are gone, that similar features will not return under a new label, or that intermediate biometric data was handled with meaningful safeguards. The system’s design kept faceprints on-device, yet the same infrastructure could, in later versions, sync to cloud services or connect to other databases. Meta’s track record matters here. EFF notes that Meta previously paid USD 650 million (approx. RM2,990,000,000) to settle a facial recognition lawsuit over mass scanning of photos and has internally discussed launching such features when critics might be distracted. That history makes it harder to accept unexplained experiments, especially when they involve faceprint tracking code deployed to millions of cameras mounted on people’s faces.
What This Reveals About App Store Oversight
The NameTag episode exposes how limited app store oversight can be when it comes to smart glasses surveillance. Both major mobile platforms cleared Meta’s companion app despite the embedded facial recognition infrastructure, including on-device vector databases, persistent storage of unknown faces, and notification hooks for “Person recognized” alerts. Because the recognition features were hidden behind dormant menus and debug-only paths, they sailed through review as if they were inert. App store checks tend to focus on what users can see and tap, not on buried pipelines that can be activated later with a server‑side flag or a minor update. That gap gives large developers room to pre‑position invasive capabilities ahead of time. The Meta privacy breach here is less about a single feature toggle and more about a playbook: ship the surveillance plumbing early, flip the switch when scrutiny dies down.
How Consumers Can Respond to Smart Glasses Surveillance
For consumers, the main lesson is that hidden features may exist even in apps and devices marketed as privacy‑aware. Facial recognition smart glasses can shift from novelty camera to networked surveillance device without obvious warning, especially when the crucial code already lives on your phone. Before buying or pairing such devices, review what permissions the companion app requests, whether it stores data locally, and how long it keeps images and embeddings. Consider whether you trust a company’s history on biometric data, not only its current settings screen. Disable camera or network permissions when you do not need them, and keep automatic updates visible so you notice big changes. People around you have no way to consent to or refuse being scanned by your glasses, which makes your decisions about smart glasses surveillance part of a wider social contract, not only a personal convenience choice.
