Within 48 hours of a public report exposing facial recognition technology embedded in Meta’s smart glasses app, the company scrubbed the code from millions of phones—then refused to explain what happens next.
The speed of Meta’s deletion is itself the story. Last week, researchers identified code in Meta AI, the companion app for Meta’s Ray-Ban smart glasses, that could convert images of faces into unique biometric signatures to identify strangers in public. The Electronic Frontier Foundation’s Threat Lab verified the findings through static analysis. The facial recognition system was designed to trigger “Person recognized” alerts and maintain databases of biometric signatures tied to people users encounter. By June 5th, following the public outcry, the code had vanished. Meta’s executives went on the defensive immediately, yet their actions spoke louder than their statements: the company had already begun the removal process.
- The Hidden Code: Meta embedded facial recognition capabilities into millions of Ray-Ban smart glasses apps before public discovery forced removal.
- The Deletion Speed: Meta scrubbed the surveillance code within 48 hours of exposure but refuses to explain whether removal is permanent.
- The Cambridge Parallel: The facial recognition system follows the same data harvesting architecture that enabled the Cambridge Analytica scandal.
What Meta will not say is whether this deletion is permanent. When WIRED pressed the company on whether it plans to bring the facial recognition system back in the future, or what it did with any data collected during internal testing, Meta refused to answer. That silence is the real problem.
This pattern has a precedent. Meta previously deployed facial recognition at scale and only abandoned it after facing legal and financial consequences, including a class-action settlement related to Illinois biometric privacy law. The company’s history suggests that surveillance capabilities, once built and tested, tend to resurface when legal pressure subsides. The current deletion looks less like a principled decision and more like a tactical retreat.
Why Does This Feel Like Cambridge Analytica All Over Again?
The structural parallel to Cambridge Analytica is worth naming explicitly. In that scandal, Facebook allowed third parties to harvest psychological profiles of millions of users without meaningful consent, then used that behavioral data for micro-targeted political messaging. The mechanism was different—psychographic inference rather than facial recognition—but the architecture was identical: collect biometric or behavioral signals at scale, convert them into identifiable profiles, and create the infrastructure for targeting individuals based on who they are or who they might become. Meta’s facial recognition code followed the same playbook: capture faces, convert them to signatures, build a database, enable identification. The company had already built the surveillance machine; it just needed to decide when to turn it on.
• Multi-modal facial recognition systems can generate unique biometric signatures from single images
• Smart glasses create continuous visual data streams that traditional cameras cannot match
• Biometric databases enable real-time identification of strangers in public spaces
What makes this moment significant is not that Meta tried and failed. It’s that the company built facial recognition capabilities into a consumer app, deployed them to millions of devices, and only removed them after journalists and researchers exposed the code. This was not a theoretical risk or a future concern. The code existed. It was live. The only thing that stopped it from becoming a permanent surveillance tool was public attention.
What Happens When Your Glasses Watch Everyone?
For Ray-Ban smart glasses users specifically, the implications are immediate. These devices include cameras pointed at the world. If Meta embeds facial recognition into the glasses themselves or into the app that controls them, the company could identify people in real time as users point their glasses at strangers. The data collected—who you looked at, where you looked, when you looked—becomes a permanent record of your visual attention. That record can be analyzed, cross-referenced, and used to infer your relationships, interests, and movements.
The broader question is whether voluntary deletion of code, under public pressure, constitutes meaningful protection. Meta has not committed to never rebuilding this system. It has not explained what safeguards would prevent redeployment. It has not answered whether data collected during testing remains in company databases. The company has simply removed the visible code and waited for the news cycle to move on.
The connection to emotion-detecting smart glasses reveals the broader surveillance ecosystem Meta is building. Facial recognition is just one layer of biometric analysis that wearable devices can perform. When combined with emotion detection, gaze tracking, and behavioral inference, smart glasses become comprehensive surveillance tools that can profile not just who you are, but how you feel and what you might do next.
Is Public Pressure Enough to Stop Surveillance?
The EFF’s statement that “this whiplash behavior proves exactly why we cannot rely on the good will of Big Tech to protect our digital rights” cuts to the core issue. Meta’s deletion is not a victory for privacy; it is evidence that privacy protection, in the current regulatory environment, depends entirely on public exposure. The moment the spotlight moves, the company’s incentives shift. Without enforceable federal biometric privacy law—the kind that would allow individuals to sue companies for violations, not just regulators to issue fines—Meta has no structural reason to keep facial recognition permanently off the table.
• Meta’s facial recognition deletion removes visible code but leaves underlying data collection infrastructure intact
• Surveillance infrastructure expansion follows predictable patterns of deployment, exposure, and tactical retreat
• Companies rebuild surveillance capabilities during periods of reduced public attention
The company has already signaled that it is still watching this space. EFF researchers will continue monitoring the code. But the real test comes in the months ahead: whether Meta rebuilds this capability quietly, whether it attempts to deploy it in a different product, or whether sustained pressure forces a genuine change in the company’s surveillance ambitions.
This incident exposes the fundamental problem with surveillance capitalism: companies build invasive capabilities first, then determine whether to deploy them based on public reaction rather than ethical considerations. Meta’s facial recognition code was not a mistake or an oversight. It was a deliberate surveillance system, fully developed and ready for activation, that only disappeared when exposure made deployment politically costly.
For now, the code is gone. But the infrastructure to bring it back remains intact, and Meta’s silence on future plans suggests this deletion is temporary rather than permanent. The real question is not whether Meta will try again, but whether the next attempt will be discovered before it becomes a permanent feature of how we see and are seen in public spaces.
