Meta says a light on the glasses always turns on when recording to let people nearby know. But the light can be easily covered or disconnected, and modified glasses are already being sold for secret recording. The safety feature Meta advertises does not actually prevent covert surveillance. Meta says they only collect the minimum data needed for the glasses to work. But they switched on AI features by default, store your voice recordings with no way to opt out, and their app demands access to your text messages, call history, contacts, and background location — none of which have anything to do with a pair of glasses.
What they claim: Meta claims to have "baked privacy directly into the product design from the start" with a capture LED "hardwired to the camera" that notifies people nearby when recording.
What we found: OECD AI Incident Monitor (2025-10-24) documents that the LED recording indicator can be physically disabled or covered, enabling fully covert recording. Modified glasses have been sold and used for secret filming. A man in San Francisco used modified glasses to covertly record women at the University of San Francisco. The EFF analysis (2026-03) confirms the LED can be physically disabled. The "hardwired" safety feature provides no meaningful protection against deliberate misuse.
What they claim: Ray-Ban Meta smart glasses are marketed as camera-equipped sunglasses for capturing photos and videos. The hardware contains dual 12MP cameras, five microphones, and Wi-Fi/Bluetooth.
What we found: The companion app (com.facebook.stella) requests permissions far beyond camera glasses functionality: READ_SMS, SEND_SMS, RECEIVE_SMS, RECEIVE_MMS (full SMS/MMS access), READ_CALL_LOG (call history), READ_CONTACTS (address book), READ_PHONE_STATE (device/SIM identifiers), GET_ACCOUNTS (all accounts on device), ACCESS_BACKGROUND_LOCATION (continuous tracking even when app closed), ACTIVITY_RECOGNITION (physical activity monitoring), and health data permissions (READ_HEART_RATE, READ_STEPS, READ_EXERCISE). Smart glasses do not need to read your text messages, monitor your heart rate, or track your location in the background.
What they claim: Meta's responsible use guidelines state users should "respect people's preferences if they ask you to stop recording" and that the LED indicator notifies bystanders.
What we found: Harvard I-XRAY research (2024-10-04) demonstrated that the glasses combined with facial recognition (PimEyes) and LLMs can identify strangers in real time — revealing names, home addresses, and phone numbers just by looking at someone on public transport. The glasses' always-on cameras and Instagram livestream capability make them uniquely suited for passive surveillance. Bystanders cannot meaningfully "ask you to stop recording" when they cannot tell the glasses are smart glasses, the LED is tiny and easily missed, and live streaming means the data has already left the device.
What they claim: Meta markets Ray-Ban smart glasses as a stylish way to capture and share moments.
What we found: In 2026, a leaked internal Meta memo revealed plans for "Name Tag" — facial recognition that would identify strangers in real time through the glasses' camera. 70+ advocacy organisations oppose it. The ACLU sent a letter to Zuckerberg. At RSA Conference 2026, a security researcher demonstrated real-time stranger identification using Meta glasses and commercially available facial recognition — proving the technology works today even without Meta enabling it natively. Separately, a federal lawsuit alleges Meta routes smart glasses footage to human workers in Kenya rather than AI for processing, with workers reporting exposure to graphic and intimate content filmed by glasses wearers.
What they claim: Meta's privacy-first design claims include hardware protections and user control over data sharing, with privacy settings accessible through the companion app.
What we found: The companion app requests ACCESS_BACKGROUND_LOCATION, allowing continuous location tracking even when the app is not in use. Combined with ACTIVITY_RECOGNITION (physical activity monitoring), health data permissions (READ_HEART_RATE, READ_STEPS, READ_CALORIES_BURNED), and the AD_ID permission (advertising identifier), the app builds a comprehensive behavioral profile that goes far beyond what any camera glasses require. The single Facebook Flipper analytics tracker embedded in the app enables real-time debugging and data collection.
What they claim: The glasses connect to Meta's cloud infrastructure via endpoints including graph.facebook.com, rupload.facebook.com, edge-mqtt.facebook.com, and scontent.xx.fbcdn.net.
What we found: These endpoints are Meta's core advertising and social media infrastructure — the same servers that power Facebook and Instagram ad targeting. graph.facebook.com is the Facebook Graph API (social graph and ad data). rupload.facebook.com handles media uploads to Facebook's CDN. edge-mqtt.facebook.com is Meta's real-time messaging protocol. EPIC's FTC petition (2025) warned that combining always-on cameras with Meta's "vast advertising data infrastructure" creates an unprecedented mass surveillance tool. The glasses do not connect to a separate, privacy-focused infrastructure — they feed directly into Meta's advertising ecosystem.
What they claim: Ray-Ban Meta smart glasses are sold as a consumer electronics product — camera sunglasses for casual photo and video capture.
What we found: The companion app requests READ_SMS, SEND_SMS, RECEIVE_SMS, and RECEIVE_MMS — full access to read, send, and receive text messages. It also requests READ_CALL_LOG and READ_CONTACTS. The glasses hardware contains five microphones and always-on connectivity. Combined with continuous background location tracking (ACCESS_BACKGROUND_LOCATION), the device has the technical capability of a comprehensive personal surveillance system: cameras, microphones, GPS, access to all communications, and always-on cloud connectivity via Meta's infrastructure.
What they claim: Meta's responsible use page states the glasses include "privacy-first design" with the LED indicator as the primary bystander notification mechanism.
What we found: Multiple regulatory bodies have questioned this claim: (1) Irish DPC questioned whether the LED provides adequate GDPR notice to bystanders. (2) EPIC petitioned the FTC to block facial recognition integration, arguing bystanders have no meaningful consent mechanism. (3) UK ICO opened a formal investigation into data protection practices. (4) Italy's Garante questioned the LED's effectiveness since 2021. A tiny LED on the frame of glasses that look identical to regular Ray-Bans does not constitute meaningful notice under any privacy framework — GDPR, CCPA, or common law.
What they claim: The glasses use Wi-Fi 6E (including 6 GHz band) and Bluetooth 5.2, connecting to eight known Meta endpoints.
What we found: The combination of Wi-Fi 6E, Bluetooth 5.2, five microphones, dual 12MP cameras, and persistent MQTT connections (edge-mqtt.facebook.com) means the glasses maintain continuous real-time data channels to Meta's infrastructure. The MQTT protocol is specifically designed for persistent, low-latency messaging — ideal for streaming sensor data. Meta's policy does not disclose the extent of always-on connectivity or the volume of background data transmission when the glasses are powered on but not actively in use.
What they claim: Meta's privacy policy claims to practice data minimization, collecting only "essential data" needed to ensure glasses work as expected, with users choosing to share "additional data."
What we found: Meta updated its privacy policy in April 2025 (PetaPixel, 2025-05-01) to enable AI features by default on all glasses. Voice recordings are now stored by Meta with no opt-out option. Photos and videos taken while AI features are active are automatically processed by Meta AI. The companion app (com.facebook.stella) requests 58 Android permissions including READ_SMS, SEND_SMS, READ_CALL_LOG, READ_CONTACTS, ACCESS_BACKGROUND_LOCATION — none of which are "essential" for smart glasses to function.
What they claim: Meta states that footage is processed securely and that privacy protections are in place for user data, including anonymization of reviewed content.
What we found: UK ICO investigation (2026-03-05) triggered by Swedish newspaper investigation revealing that footage from the glasses — including bathroom visits, undressing, sexual activity, and visible bank cards — was reviewed by human contractors at a facility in Nairobi, Kenya. Anonymization did not always work, leaving faces visible in reviewed footage. This led to a US class action lawsuit (Bartone & Canu v. Meta) alleging privacy violations and false advertising.
What they claim: Meta positions Muse Spark as a helpful AI assistant for Ray-Ban glasses, powering features like food logging, object recognition, and conversational queries
What we found: Meta's Washington/Nevada Consumer Health Data Privacy Policy explicitly states Meta may collect and use consumer health data for "providing marketing communications." Muse Spark accepts open-ended health queries through Ray-Ban glasses. Unlike OpenAI and Anthropic, Meta has issued no explicit nationwide carve-out preventing health conversation data from being used in AI training or ad targeting. Muse Spark requires a Meta account, linking AI interactions to your Facebook/Instagram social graph. One privacy expert noted: "If I'm providing health information, and that is attached to my social graph... all of a sudden I'm getting supplement ads."
What they claim: Meta's companion app was renamed from Meta View to Meta AI in 2025, positioned as an "upgrade" with "new features to make your experience more fun, useful, and personal."
What we found: The rename from Meta View (a neutral media viewing app) to Meta AI signals deeper integration with Meta's AI training pipeline. The app's 58 permissions include health data access (READ_HEART_RATE, READ_STEPS, READ_EXERCISE, READ_HEALTH_DATA_IN_BACKGROUND) that were not present in earlier versions. The NOYB cease-and-desist letter (2025-05) alleges unlawful use of EU personal data for AI training. Meta's policy explicitly allows using collected data for "product improvement" which includes AI model training — meaning your photos, videos, voice recordings, and health data may be used to train Meta's AI models.
What they claim: Meta presents Muse Spark as a standalone AI upgrade bringing "faster voice" and "smarter" interactions to Ray-Ban glasses
What we found: In shopping mode, Muse Spark references "content from the company's social media apps when answering questions related to shopping, trending topics, and locations" — meaning Facebook and Instagram activity directly informs what the AI surfaces in conversations. This is direct social-profile-to-AI integration. Muse Spark is closed-source — a deliberate break from Meta's open-source Llama heritage — meaning independent researchers cannot verify what data the model accesses or retains. Meta's projected $243B global ad revenue in 2026 (overtaking Google for the first time) makes the AI simultaneously a privacy threat surface and monetisation layer.
What they claim: Meta claims data collection is limited to what is needed for the product to function, with "essential" and "additional" data categories giving users control.
What we found: The companion app includes the AD_ID permission (Google Advertising Identifier) and the BILLING permission, combined with the Facebook Flipper analytics tracker. These permissions exist solely for advertising and monetization, not for glasses functionality. Meta can combine glasses data with Facebook/Instagram profiles via the shared graph.facebook.com infrastructure, enabling cross-platform behavioral profiling for ad targeting. The "essential" vs "additional" categorization is misleading when the app itself is an advertising data collection tool.
What they claim: Meta promotes Ray-Ban smart glasses as a stylish, private wearable
What we found: Swedish newspapers revealed that footage from Meta smart glasses — including users undressing, using toilets, having sex, and handling bank cards — was reviewed by contractors in Nairobi, Kenya. Meta claimed face blurring was in place but sources disputed it worked. 7 million pairs sold in 2025. A class action was filed March 2026. The UK ICO launched a formal investigation. Meta had enabled AI features by default and began storing voice recordings for up to a year with no opt-out.