Meta Secretly Built Face Recognition Into Smart Glasses Used by Millions — Without Telling Anyone
Menlo Park, Thursday, 4 June 2026.
Hidden code found in Meta’s AI app reveals a near-ready facial recognition system capable of identifying strangers through Ray-Ban smart glasses — raising urgent privacy alarms across Europe.
A Hidden System, Months in the Making
On June 3, 2026, WIRED published a detailed code analysis revealing that Meta — the parent company of Facebook, Instagram, and WhatsApp, headquartered in Menlo Park, California — had quietly embedded a facial recognition system into its Meta AI companion app, which has been downloaded over 50 million times [1]. The feature, internally referred to as ‘NameTag,’ was designed to identify people captured through Meta’s Ray-Ban and Oakley smart glasses by matching their faces against biometric data stored on users’ phones — all without the knowledge or consent of the individuals being identified [1]. This was not a feature that had just appeared overnight. Core components of the system, including three separate AI models responsible for detecting, cropping, and encoding faces into unique biometric signatures known as faceprints, had been integrated into the app software as early as January 2026 [1]. A subsequent update in May 2026 rebranded the dormant feature under the name ‘Connections,’ suggesting active internal development continued well into the spring of this year [1].
How the Technology Actually Works
The mechanics of the NameTag system are technically sophisticated and operationally concerning in equal measure. If activated, the feature would use the cameras embedded in Meta’s Ray-Ban and Oakley smart glasses — manufactured by EssilorLuxottica — to capture images of faces in the wearer’s field of view [1]. Those images would then be processed through three sequential AI models: the first to detect the presence of a face, the second to crop it precisely, and the third to encode it into a unique biometric signature, or faceprint [1]. That faceprint would then be cross-referenced against a database stored locally on the user’s phone, triggering a notification if a match is found [1]. Faces that cannot be matched would be saved to a ‘pending’ folder for future identification [1]. Independent security and privacy researcher Buchodi, who reviewed the embedded code, stated plainly: ‘The main components of a face-recognition feature are already in Meta’s companion app… Not many pieces stand between this and a working feature’ [1]. Cooper Quintin, a senior public interest technologist with the Electronic Frontier Foundation’s Threat Lab, was equally direct: ‘The feature is not yet exposed to consumers but seems nearly ready to go… Despite the billions of reasons not to, Meta seems to have created the capacity to turn their customers into a distributed surveillance machine’ [1].
The Stated Benefits — and the Broader Tension
Meta’s own promotional language for a potential rollout framed the feature in warm, social terms — the Meta AI app’s user interface included the phrase ‘remember the people you met,’ suggesting the technology could serve as a kind of augmented memory aid for users navigating social environments [1]. There is also a documented accessibility angle to the technology. In 2025, Meta had planned to debut facial recognition on its smart glasses at a conference for the blind, citing a 2018 study by Cornell Tech and Facebook that demonstrated accessibility benefits for visually impaired users — though that debut never took place [1]. These potential use cases — helping people with face blindness, supporting accessibility for the visually impaired, or enabling socially anxious individuals to navigate introductions more confidently — represent a genuine class of benefits that innovation professionals have long associated with computer vision and wearable AI [GPT]. However, the manner in which the technology was integrated — silently, into software already distributed to millions of devices, without any public announcement — sits in direct tension with those stated benefits [1]. As Woodrow Hartzog, a privacy law professor at Boston University, observed: ‘We know that the more these systems are deployed, the more people come to see them as unexceptional. And the more we come to see them as unexceptional and routine, the more people tend to start to take their moral cues about whether it’s desirable or good to have your face scanned. That’s just human psychology’ [1].
A Company With a Long and Costly History on This Issue
What makes the June 2026 revelation particularly striking is that Meta has been here before — and has paid dearly for it. The company first launched facial recognition technology back in 2010 [1]. In 2019, it agreed to a $5 billion settlement with the U.S. Federal Trade Commission and the Department of Justice over privacy violations [1]. It then paid a $650 million class-action settlement in Illinois over unlawful biometric data collection, before paying a further $1.4 billion settlement with the state of Texas in 2024 on similar grounds [1]. In November 2021, Meta made a public announcement that it was shutting down its facial recognition system entirely and deleting the face templates of over 1 billion users [1]. Yet despite this very public dismantling, internal tension over the technology never fully dissipated. Joseph Jerome, a former Meta Reality Labs policy official who joined the company in mid-2021, recalled: ‘There was always this tension of, well, when do we roll back out face recognition?’ [1]. Internal Meta documents published in February 2026 revealed that the company had planned its facial recognition rollout deliberately during what it described as a ‘dynamic political environment,’ with the apparent intention of minimizing public and critical scrutiny [1]. By April 2026, more than 70 advocacy groups had already pushed back against the emerging reports of the feature, even as Meta publicly claimed it was still ‘thinking through’ the technology [1]. The total financial exposure Meta has already absorbed over biometric data practices amounts to 7.050 billion dollars across these three major settlements — a figure that underscores how persistently the company has returned to this domain despite repeated legal consequences [1].
Meta’s Response — and What Comes Next
Faced with WIRED’s findings on June 3, 2026, Meta spokesperson Ryan Daniels offered a carefully worded denial of urgency rather than a denial of the facts themselves: ‘Regardless of any sensational reporting, the facts are simple: We’ve said before we’re exploring these types of features, and what you’re seeing is merely evidence of that exploration… Nothing has shipped to consumers and no final decision has been made on what to do here, if anything. If we do decide to roll something out, we will take a thoughtful approach and do so with full transparency. One decision we can be clear about — we are not building a central face database’ [1]. Meta itself described its approach as ‘a very thoughtful approach’ [1]. Critically, however, the spokesperson’s statement does not address why code for an unreleased biometric system was silently embedded in an app on over 50 million devices, nor why neither Meta nor manufacturing partner EssilorLuxottica have clarified to users whether data is transmitted to servers, or what opt-in or opt-out mechanisms would apply [1]. For European regulators, those omissions are likely to be the central point of concern. The EU’s General Data Protection Regulation classifies biometric data as a special category of sensitive personal data, subject to strict rules on processing, consent, and transparency [GPT]. The Dutch Autoriteit Persoonsgegevens, as well as regulators in other EU member states, have both the mandate and the precedent to investigate whether the silent embedding of NameTag into consumer devices constitutes a violation of GDPR — even before the feature is formally activated [alert! ‘No formal regulatory investigation or enforcement action by the Dutch AP or any EU regulator has been publicly confirmed as of June 4, 2026; this reflects a reasonable regulatory expectation based on GDPR provisions, not a confirmed fact’]. As smart glasses become an increasingly mainstream consumer category — with units like the Ray-Ban Meta and the recently launched Oakley glasses reaching consumers across Europe, including in the Netherlands [1] — the question of how AI-enabled biometric features are disclosed, governed, and consented to is moving rapidly from an abstract policy debate to a live regulatory flashpoint.