Meta’s Face Recognition Technology Embedded in Popular App Raises Privacy Concerns
Meta has stealthily integrated face-recognition capabilities into an application that has been installed on millions of smartphones. Analysis by WIRED reveals that this feature, codenamed “NameTag,” is designed to identify individuals through the camera of its smart glasses. When activated, it alerts the wearer upon recognition, signaling a significant advancement in facial recognition technology amid ongoing discussions regarding its ethical implications.
This discovery indicates that Meta has been deploying face-recognition algorithms directly to users’ devices under the guise of an application that began rolling out updates earlier this year. Publicly, the company had stated it was still deliberating the implications of such technology. In April, Meta assured the public that any eventual implementation would be approached with careful consideration. Yet, evidence shows that foundational aspects of NameTag were incorporated into the software as early as January.
Although the feature is not yet active, it resides within a companion app for Meta’s smart glasses, which boasts over 50 million downloads. Functioning as an essential tool for features on Ray-Ban and Oakley models, NameTag is positioned to convert facial images captured by the glasses into biometric signatures, commonly referred to as faceprints. These will be compared against a user-managed database, currently structured to receive continuous updates from Meta. Recognized faces will generate alerts, while unrecognized images will be archived for potential future processing.
The emergence of NameTag reinvigorates facial recognition technology that Meta previously claimed to have phased out in 2021. At that time, the company announced an intention to delete over a billion faceprints following controversies tied to its photo-tagging practices. Subsequent to a class-action lawsuit in Illinois, in which Meta settled for $650 million, the company has faced ongoing scrutiny, culminating in a separate $1.4 billion settlement with Texas for allegedly obtaining biometric data without permission.
The introduction of this technology comes amidst a rising tide of opposition to consumer-grade facial recognition systems. Privacy advocates caution that such capabilities could potentially empower various malicious actors with access to sensitive identification technologies. Internal documents from Meta, as revealed in February by The New York Times, allegedly suggested plans to introduce this technology during a politically charged environment, potentially when critics would be distracted.
The AI models that underpin NameTag have already been migrated from Meta’s servers to user devices. WIRED’s investigation, corroborated by external experts, confirms that these models can detect, crop, and encode facial images into biometric data. Current iterations of the app hint at how NameTag might function, rebranding it as “Connections” and promoting it as a tool to “remember the people you met.” However, uncertainties linger regarding the criteria for facial inclusion in the recognition database, the process for creating user profiles, and the total number of individuals who could be identifiable.
While the feature remains dormant, cybersecurity experts have weighed in. Cooper Quintin, a security researcher with the Electronic Frontier Foundation, indicated that while the functionality is not presently accessible to users, it appears nearly operational. He expressed concerns about Meta’s potential to transform its user base into a distributed surveillance apparatus, raising significant alarms about privacy and data security.
In the context of the relevant MITRE ATT&CK framework, tactics potentially utilized in implementing this technology could include Initial Access, under which users are inadvertently drawn in through the app, and Persistence, as models integrate with user systems without immediate visibility. Concern remains as to how Meta’s advancements may reshape the landscape of facial recognition and the associated risks tied to privacy and user consent. Understanding these techniques not only highlights potential vulnerabilities but underscores the need for vigilant cybersecurity practices among businesses amidst evolving technological landscapes.