WIRED's code review found unreleased face-recognition functionality, internally called "NameTag," embedded in the Meta AI app, which the publication says has been downloaded more than 50 million times (WIRED). The code, added to the live app as early as January, would convert faces captured by Ray-Ban and Oakley smart glasses into biometric "faceprints" stored or compared on a user's phone and trigger notifications when someone is recognized (WIRED; Gizmodo). Cooper Quintin, a security researcher at the Electronic Frontier Foundation's Threat Lab who reviewed the code for WIRED, called the implementation "nearly ready to go" (Gizmodo/WIRED). Civil-society groups including the ACLU have publicly urged Meta to halt or disavow these plans in a letter signed by more than 70 organizations (Mashable; ACLU).
What happened
WIRED published a technical review finding unreleased face-recognition code, internally named NameTag, embedded in the Meta AI app, the companion app used with Ray-Ban and Oakley smart glasses (WIRED). WIRED reports the app has been downloaded more than 50 million times and that core components were added to the live app as early as January (WIRED). Per WIRED, the functionality would detect faces, crop them, convert them into biometric "faceprints," compare them against faceprints stored on a user's phone, and surface notifications when matches occur (WIRED). Cooper Quintin, a security researcher at the Electronic Frontier Foundation's Threat Lab who reviewed the code for WIRED, described the implementation as "nearly ready to go" (Gizmodo; WIRED).
Technical details
Editorial analysis - technical context: Public reporting describes three on-device model roles being present in shipped app builds: face detection, face cropping/segmentation, and encoding faces into biometric signatures. Industry practice for on-device face systems is to keep inference local while enabling updates via model downloads; that architecture reduces some server-exposure risk but preserves a significant biometric attack surface on user devices. Reports also note the phone-side database is configured to accept updates from Meta, which observers treat as a functional design choice with operational implications (WIRED).
Context and significance
The emergence of embedded face-recognition code matters because of Meta's past legal and regulatory history. WIRED notes Meta previously sunsetted its large-scale faceprint dataset in 2021 and paid a $650 million class-action settlement; WIRED also reports a $1.4 billion settlement the company agreed to in 2024 in related litigation (WIRED). Civil-society opposition has been vocal: more than 70 groups including the ACLU have publicly demanded Meta halt or disavow the feature (Mashable; ACLU). Public reporting also cites internal deliberations and memos about targeted rollouts and timing considerations (TechCrunch).
What to watch
observers will monitor whether Meta enables the feature in production, how the phone-side faceprint database is provisioned and updated, whether the company publishes a technical privacy specification, and any regulatory or enforcement actions from state attorneys general or the FTC. Watch for concrete company disclosures about opt-in controls, retention windows, and third-party access to the biometric data; if those details are published, they are the factual basis for further technical and compliance assessment. Additionally, advocacy letters and potential state- or federal-level privacy legislation remain likely influence points on deployment decisions (ACLU; TechCrunch).
Editorial analysis: For practitioners, this episode reinforces a recurring pattern: embedding dormant or reversible biometric capabilities into consumer-facing apps accelerates adversarial and regulatory scrutiny. Security teams and product engineers building similar features should plan for high-scrutiny threat models, clear opt-in/consent flows, and auditable local data handling practices, because public code presence alone can trigger legal and reputational consequences even before a feature ships.
Scoring Rationale #
Notable privacy and security implications for practitioners: an unreleased biometric pipeline appears embedded in an app downloaded by millions, and civil-society and legal precedents make regulatory scrutiny likely. The story affects product design, threat modeling, and compliance work.
Practice with real Ad Tech data
90 SQL & Python problems · 15 industry datasets
[Active Search Campaigns by BudgetEasy](/problems/sql/active-search-campaigns-by-budget)
[High CPC Clicks & Poor Landing PagesMedium](/problems/sql/high-cpc-clicks-poor-landing-page)
[Campaign ROAS by Attribution ModelHard](/problems/sql/campaign-roas-by-attribution-model)
250 free problems · No credit card