Just one day after a detailed report from WIRED revealed that Meta had quietly integrated a fully functional facial recognition system—dubbed NameTag—into the companion app for its smart glasses line, the company abruptly stripped the feature out of the latest version. Analysis of the Meta AI app’s code confirmed that all unactivated components associated with facial analysis, faceprint generation, and comparison algorithms were removed. The version published on Friday, following Thursday’s exposé, no longer contains any of the dedicated face‑recognition libraries that were present in earlier builds.
Andy Stone, Meta’s vice president of communications, responded to WIRED on Monday by characterizing the feature as “purely exploratory” and stated that “no final decision has been made on what to do here, if anything.” Yet the company had already shipped millions of devices with the dormant capability installed on users’ phones. WIRED’s initial investigation, published on Thursday, detailed how the NameTag system was designed to convert live camera feeds from Ray‑Ban Meta smart glasses into unique biometric signatures, or faceprints, and then match those against a local database of stored faceprints. Faces that could not be identified were cropped, indexed, and stored locally for later processing.
The existence of NameTag first surfaced in February when The New York Times reported, based on internal Meta documents, that the company was exploring facial recognition for its smart glasses and even considering a launch within the same year. One leaked memo described the timing as ideal for exploiting a “dynamic political environment” where privacy advocates might be preoccupied. WIRED’s subsequent analysis discovered that substantial portions of the system had been built into the Meta AI app as early as January, contradicting Meta’s public stance that no firm decisions had been made.
After the story broke, Meta’s communications chief Stone dismissed the report as lacking context, reiterating that because the feature was never activated, it “does not exist.” Meta’s CTO, Andrew Bosworth, went further, calling the reporting “incredibly misleading” and “absolutely dishonest.” However, the removal of the code within 24 hours suggests the company recognized the potential fallout—either from public backlash or from the possibility that a regulator might view shipping unreleased facial recognition software as a violation of privacy promises.
WIRED had submitted ten detailed questions to Meta prior to publication, including queries about whether the company had already built a database of face profiles for NameTag, how long the app would retain images and biometric data of unrecognized people stored on a user’s device, and whether that data might ever be transmitted back to Meta’s servers. Meta declined to answer any of those questions. It also did not address whether NameTag was designed specifically for blind or low‑vision users, a use case Meta had previously promoted. Nor did the company respond to concerns from privacy advocates that the system could be weaponized by stalkers or abusers to identify strangers in public spaces.
What the code contained
WIRED’s code analysis revealed that the Meta AI app included multiple libraries explicitly named for facial recognition tasks. One component handled the actual detection and alignment of faces in video streams. Another performed feature extraction, converting facial geometry into numerical vectors—the faceprints. A third module compared these vectors against a stored list. The app also contained code for an alert labeled “Person recognized” that would appear if a match succeeded. The same code infrastructure included a local folder—visible during certain debug modes—where cropped face images and biometric vectors of unidentified people were saved.
In the latest version of the app, all of these libraries are gone. The debug folder is empty. The “Person recognized” alert no longer exists in the interface code. The only remnants of NameTag are a few internal debug menu labels and a dead link that would have opened a recognized person’s profile page. According to cybersecurity experts who reviewed the app’s changelog, the removal appears to have been a deliberate, engineered removal of entire subsystems, not a gradual deprecation.
Broader implications and privacy concerns
The incident reignites the debate over facial recognition technology and the power of tech companies to deploy it on billions of devices without clear user consent or regulatory oversight. Meta has a particularly contentious history with facial recognition. In 2021, the company settled a class‑action lawsuit in Illinois for $650 million over its use of facial recognition in photo‑tagging on Facebook without obtaining users’ explicit consent under the state’s Biometric Information Privacy Act (BIPA). As part of that settlement, Meta shut down its Facebook facial recognition system entirely and deleted more than a billion faceprints. Yet the NameTag episode suggests the company never abandoned the underlying technology—it simply moved it to a different product.
Privacy advocates argue that the ability to identify strangers in real time through smart glasses poses a grave threat to anonymity in public spaces. “If a stalker, an abusive ex‑partner, or a political operative could point their glasses at a crowd and instantly get the names of people they don’t know, that would fundamentally change how we experience public life,” says Kade Crockford, director of the technology for liberty program at the American Civil Liberties Union of Massachusetts. Crockford notes that the Massachusetts House of Representatives recently passed a comprehensive consumer privacy bill that would impose strong enforcement provisions, including a private right of action that lets individuals sue companies for violations. “Meta’s sneaky tactics in slipping the face‑recognition code into its smart glasses show exactly why data privacy bills need the teeth of strong enforcement,” Crockford added.
The removal of the code, while welcome, does not address the original decision to ship it. “It’s not enough for a company to quietly patch out a feature only after being exposed,” Crockford explains. “The fact that Meta had a fully functioning system ready to go, installed on tens of millions of devices, is a clear signal that self‑regulation is ineffective. Lawmakers need to speak in the only language that Silicon Valley’s C‑suite understands: the language of fines, lawsuits, and mandatory transparency.”
The episode also raises questions about the future of smart glasses as a platform. Meta has invested heavily in its Ray‑Ban Meta glasses, positioning them as a stylish alternative to bulky AR headsets. The glasses include a camera, speakers, and a touchpad, but they lack a display. Meta’s stated vision is to eventually replace smartphones with wearable devices that combine communication, navigation, and information retrieval. Adding facial recognition could have made the glasses a tool for instant social matching—imagine walking into a conference and having your glasses tell you the name and LinkedIn profile of everyone you meet. But the privacy risks, especially when the recognition occurs without the other person’s knowledge or consent, are immense.
Legal frameworks around the world are still catching up. The European Union’s General Data Protection Regulation (GDPR) and its forthcoming Artificial Intelligence Act impose strict requirements on biometric processing, while several U.S. states like Illinois, Texas, and Washington have enacted biometric privacy laws. Yet no federal law in the U.S. specifically governs the collection of faceprints in public. Meta’s ability to ship facial recognition code—even if dormant—illustrates a regulatory gap that companies exploit. The ACLU and other organizations have called on the Federal Trade Commission to investigate whether Meta’s actions constitute a violation of previous consent decrees related to privacy.
Meanwhile, Meta has said little about its timeline for future iterations of NameTag. The company’s PR team did not respond to WIRED’s follow‑up questions about whether the feature is permanently shelved or merely postponed. Given the company’s pattern of pushing the boundaries of public comfort—for example, with facial recognition on Facebook, or with data collection from Oculus VR headsets—privacy experts expect the technology to reappear in some form once the public outcry subsides.
The debate also touches on the technical differences between facial recognition and other forms of biometric identification. Face recognition systems, even those running entirely on‑device, can still produce high rates of false positives for people with darker skin tones, leading to biased outcomes. In a product like smart glasses, where real‑time identification might be used in security or retail scenarios, such errors could have serious consequences. The National Institute of Standards and Technology (NIST) has repeatedly found that the most accurate commercial facial recognition algorithms show higher error rates for African‑American and Asian faces compared to white faces. Meta has not published any fairness evaluations of NameTag.
The incident also highlights a broader trend of “stealth development” in big tech—companies building and shipping features before they are officially announced, often hoping to gather user data or create a viral moment. In this case, Meta’s strategy backfired spectacularly. By embedding the code into an app that was already installed on over 50 million phones, the company inadvertently allowed security researchers and journalists to discover and document the system before any public launch. The rapid removal suggests that Meta is highly sensitive to optics, even if its internal documents indicate a willingness to exploit public distraction.
Looking forward, the outcome of the Massachusetts privacy bill and similar efforts in other states may determine whether companies like Meta can continue to treat consumers’ faces as raw material for new products. For now, the removal of NameTag gives privacy advocates a small victory, but the underlying technological infrastructure remains in place, ready to be reactivated at any time. The one‑day turnaround between exposure and removal demonstrates that when the spotlight is bright enough, Meta can act quickly—but it also shows that without that spotlight, the company was content to let millions of users walk around with a dormant facial recognition system in their pockets.
Source: Ars Technica News