A security researcher manually added a faceprint of the philosopher Michel Foucault to Meta’s AI companion app and triggered a recognition alert. Foucault died in 1984. The feature is not released to consumers, but the code that made the match sits inside an app WIRED says has been downloaded more than 50 million times.
Users did not install NameTag as a separate feature. If WIRED’s analysis is accurate, the dormant code arrived through ordinary Meta AI app installs and updates, bundled into the same companion app used for Meta’s smart glasses.
That’s what WIRED found when it analyzed the Meta AI app that pairs with Ray-Ban and Oakley smart glasses. Buried inside the app is a dormant facial recognition pipeline: three AI models, a local biometric database, and UI traces named “Connections” that would prompt wearers to “remember the people you met.” The feature is not exposed to ordinary users. Researchers were still able to manually trigger core parts of the machinery.
TL;DR
- WIRED found a dormant facial recognition system called “NameTag” inside Meta’s AI app, which has reportedly been downloaded more than 50 million times
- Three on-device AI models detect faces, crop them, and convert them into 2,048-dimensional biometric embeddings
- Researchers manually triggered matching through a local vector search; Meta says nothing has shipped to consumers and it is not building a central face database
- Reporting indicates Meta considered different scopes, including people a wearer knows through Meta platforms and potentially public Meta accounts
- ACLU and 75 organizations have demanded Meta abandon facial recognition in Ray-Ban and Oakley glasses, citing bystander consent and abuse risks
- Meta’s response: “Nothing has shipped to consumers and no final decision has been made”
What NameTag Actually Is
The feature is called “NameTag” in Meta’s internal code. It is designed to work with the camera built into Meta’s Ray-Ban and Oakley smart glasses — glasses that look close to ordinary eyewear and are already worn in public by millions of people worldwide.
The apparent user experience, based on the “Connections” interface found in past app versions, is simple: you see someone, the glasses capture their face, the app logs a local biometric representation, and later notifies you when it sees them again. The tagline found in the app: “remember the people you met.”
What that description obscures is the technical infrastructure required to deliver it.
The Technical Pipeline
The recognition system uses three separate AI models running locally on the paired phone:
Model 1 — Face detection: Scans the live camera feed from the glasses and identifies frames containing human faces.
Model 2 — Face cropping and alignment: Extracts and prepares the detected face for embedding. In researcher testing, no-match faces were written locally under a folder named NameTagsPending.
Model 3 — Faceprint generation and matching: Converts the cropped face into a 2,048-dimensional biometric embedding — a numerical vector that uniquely represents the face’s geometry. This “faceprint” is then compared against stored faceprints using a cosine similarity search, which measures mathematical similarity between vectors to determine if two face images represent the same person.
A 2,048-dimensional embedding is not a simple hash. It is a dense representation that encodes facial features in a form that can be compared mathematically. The cosine similarity approach is standard in face recognition systems, and an independent researcher demonstrated that the dormant pipeline could be manually triggered to recognize a test entry derived from Michel Foucault’s face.
The demonstrated pipeline runs locally on the phone. Researchers did not find evidence that the dormant feature is currently identifying people for ordinary users or sending biometric matches to Meta. WIRED also reported that the local recognition database is configured to receive updates from Meta, which is exactly the part regulators will care about if the feature moves toward release.
On-Device: Legal Shield or Genuine Protection?
Meta’s engineering choice to run recognition on-device is the detail that makes NameTag both faster and legally complicated.
By processing faceprints locally, Meta can make an important architectural argument: it is not building a central face database in the way Facebook’s old photo-tagging system did. Each user’s recognition data could be stored and searched on that user’s own device.
That distinction matters in jurisdictions like Illinois, where the Biometric Information Privacy Act (BIPA) regulates the collection and storage of biometric identifiers. It is also relevant under GDPR, which treats biometric data used for unique identification as special category data.
But on-device processing does not automatically sidestep those frameworks. It complicates the consent, controller, retention, and deletion analysis. Regulators wrote many biometric rules around centralized systems, but a local faceprint created for identification can still raise biometric privacy issues.
The people whose faces are being captured and matched don’t get any benefit from this architectural choice. Their faces are still scanned. They still have no knowledge it’s happening. They still have no way to consent or opt out. The legal shield protects Meta, not the person being identified.
Two Versions, Two Threat Levels
Reporting indicates Meta considered multiple possible scopes for NameTag with meaningfully different threat profiles:
| Version | Scope | Threat level |
|---|---|---|
| Known connections | Recognizes people the wearer already knows through Meta platforms or a user-provided library | Limited compared with public lookup, but still a bystander consent problem |
| Public Meta accounts | Could identify people who have public Instagram or Facebook accounts | Severe if released broadly — real-time deanonymization of strangers in public |
The known-connections version is relatively contained. If it works exactly as described, it mainly means the wearer’s phone can recognize people already linked to the wearer or explicitly added to a local gallery. That is still sensitive, but it is closer to a memory aid than a public lookup tool.
The public-accounts version would be a different category of tool entirely. A wearer with broad Meta-account matching could walk through a public space — a protest, a hospital, a bar, a mosque — and identify strangers by name in real time, without those people having any awareness they had been identified.
Meta has not publicly confirmed which variant, if either, it intends to release.
The Threat Model: Who Gets Hurt
When 75 civil liberties organizations — including the ACLU — signed a joint letter demanding Meta abandon the feature, they weren’t responding to abstract privacy concerns. They described concrete populations facing concrete risks.
Domestic violence and stalking survivors. NameTag in the wearer’s hands is a tool for finding people who don’t want to be found. An abuser who knows their target’s face can identify their new home city, neighborhood, or workplace simply by walking around with the glasses on. Existing restraining orders don’t address a technology that can locate someone passively, in public, without any visible surveillance act.
LGBTQ+ people in hostile environments. Someone who is out online but not out in person — to family, employer, or in a country that criminalizes homosexuality — may have a public social profile. NameTag in the wrong hands could connect that public identity to a physical presence in a specific location, without any warning.
Activists, protesters, and political dissidents. Attendance at a protest, a union meeting, or a political event is consequential information. NameTag turns every wearer into a potential intelligence-gathering device, creating a risk even when the individual wearer has no hostile intent — because the device can be present in crowds where the wearer has legitimate reasons to be.
Immigrants. Several organizations specifically cited the risk to undocumented immigrants, for whom physical identification in public by a hostile actor carries severe legal consequences.
The ACLU’s letter made a point that Meta’s “thoughtful approach” framing doesn’t address: these dangers “cannot be resolved through product design changes, opt-out mechanisms, or incremental safeguards.” The fundamental problem is that bystanders have no meaningful way to consent to being identified, no matter how carefully the feature is designed.
Meta’s History With Face Recognition
Meta’s current position is not its first experiment with facial recognition at scale. Facebook launched “Tag Suggestions” in 2010, which automatically suggested names when users were tagged in photos. By 2021, it had built one of the largest civilian facial recognition systems in history.
In November 2021, under sustained regulatory and public pressure, Meta shut down the system and deleted more than one billion faceprints. The company cited “growing societal concerns” and a “need for regulatory clarity.”
Less than five years later, the code for NameTag began shipping to phones.
The 2021 shutdown appeared, at the time, to represent a retreat from broad social face recognition. Meta’s own announcement, however, said the company would continue exploring narrower uses such as identity verification, fraud prevention, and on-device recognition. NameTag sits uncomfortably between those two positions: not a public product, but also not merely an authentication feature.
The Regulatory Gap
GDPR and many national biometric privacy laws were written with centralized databases in mind. The enforcement model often assumes a data controller that collects, stores, and processes biometric data — an entity regulators can audit, fine, and compel to delete records.
NameTag’s architecture does not fit that model cleanly. Meta says it is not building a central face database. But if Meta ships the app, supplies the models, defines the matching logic, and updates the local database, regulators may still ask whether Meta determines the purposes and means of processing. The answer is not obvious.
This is the regulatory gap: capability can move to the edge faster than consent and accountability rules can adapt.
The EU AI Act bans certain real-time remote biometric identification uses in publicly accessible spaces for law enforcement, subject to narrow exceptions. Biometric identification systems can also fall into high-risk categories under the Act when permitted under EU or national law.
The legal question for consumer eyewear is less clean. A person wearing Ray-Bans in a coffee shop is not law enforcement. But a vendor-provided system that enables biometric identification of bystanders in public still raises GDPR, national biometric law, and AI Act classification questions. On-device architecture changes the analysis; it does not end it.
What You Can Do Today
If you’re a regular person concerned about being identified:
- There is no public opt-out mechanism for bystanders. NameTag has not been released, and no consent framework exists for people whose faces might be captured by someone else’s glasses.
- Be aware that smart glasses with cameras are increasingly indistinguishable from ordinary glasses. Meta’s Ray-Ban and Oakley products are designed to look like regular eyewear.
- Your public social media profiles are part of the attack surface. If your Instagram, Facebook, or Threads profile is public and includes clear face photos, you may be easier to identify if NameTag or similar systems are released with broad account matching.
If you work in security or privacy policy:
- Watch the EU AI Act guidance specifically on consumer biometric devices — this is where the regulatory fight will happen.
- The technical architecture (on-device, no central face database) is already being used to argue around existing frameworks. Regulators need to address capability, not just data location.
- The precedent matters beyond Meta: any company can now build a version of NameTag and make the same on-device argument.
The Bigger Picture
What makes the NameTag discovery significant isn’t that Meta built a face recognition system. It’s how it was built, when it was shipped, and what the architecture signals about the regulatory strategy.
The code was present in a live app downloaded more than 50 million times before anyone outside Meta publicly documented it. The engineering choices — on-device matching, local storage, no central face database — appear designed to maximize capability while minimizing regulatory surface area.
Meta’s 2021 faceprint deletion was a response to a specific regulatory environment. NameTag appears to be the answer to the question: what does face recognition look like if we design it to survive the next round of regulation?
The answer is: invisible to ordinary users, local by design, distributed through a mainstream companion app, and legally ambiguous by the time anyone finds it.
Related Posts
- No One in the Loop: The Autonomous Weapons Race — AI systems deployed without meaningful human oversight; the same dynamic in a different domain
- You Are Now the Minority: Bots Have Officially Taken Over the Internet — the broader context of automated systems increasingly operating on data about humans without their awareness
Sources
- Meta Smart Glasses Facial Recognition Code Is Already on Millions of Phones, Wired Finds — TechTimes
- Meta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of Phones — WIRED
- Researchers Find Dormant Face-Recognition Code in Meta’s Smart Glasses App — ID Tech Wire
- Meta accused of preparing facial recognition features for AI smart glasses — Digital Trends
- ACLU and 75 Organizations Sound Alarm on Meta’s Plan to Add Facial Recognition Technology to Ray-Ban and Oakley Eyeglasses — ACLU
- An Update On Our Use of Face Recognition — Meta Newsroom
- Letter to Meta on Facial Recognition Technology in Smart Glasses — Senators Markey, Merkley, and Wyden
- Navigating the AI Act — European Commission
- LGBTQ+ groups warn Meta’s facial recognition smartglasses could harm queers & abuse victims — LGBTQ Nation
- Meta Thinks Its Smart Glasses Could Stalk People in a ‘Thoughtful’ Way — Gizmodo
- Wired found code for an unreleased facial recognition feature in Meta’s AI app — Engadget
- Rights groups demand Meta cancel Ray-Ban facial recognition — Washington Times