Singularity.Kiwi

AI progress, with honesty.
A pair of smart glasses on a cafe table reflecting faces of passersby, muted colours, documentary photography, overhead shot
News 5 June 2026

Meta's Smart Glasses Ship a Complete Facial Recognition System — Dormant, Wired, and Waiting

The complete apparatus for real-time facial recognition on smart glasses is sitting on millions of devices. It detects faces, generates 2048-dimension biometric fingerprints, searches a local index, and pops a notification. Meta hasn't activated it. The question is: why build it if you won't use it?

MetaFacial RecognitionPrivacySmart GlassesSurveillance

Answer-First Lead

A security researcher has found that Meta’s Stella smart glasses companion app (v273.0.0.21) ships a complete on-device facial recognition pipeline: three AI models (~100MB total), a 2048-dimension biometric vector index database, a write path that stages unknown faces to disk, and a “Person Recognized” notification — all wired together and functional. The pipeline ran end-to-end on a test image. It’s not active for regular users. But the entire apparatus for real-time facial recognition on smart glasses is assembled and sitting on millions of devices.

🔍 THE BOTTOM LINE

Meta built a fully functional facial recognition system for smart glasses, shipped it to users, and chose not to turn it on. The question isn’t whether they’re doing it secretly — they’re not. The question is why you build, ship, and wire this much capability if you never intend to use it.

What Was Found

Security researcher buchodi reverse-engineered Stella v273.0.0.21 (the Android companion app for Meta’s smart glasses) and found:

Three on-device face recognition models delivered via Meta’s NMLML asset system:

ModelFileSizeFunction
SCRFDSCRFD.pte3.4 MBDetects faces in an image
KPSAlignerKPSAligner.pte117 KBCrops and aligns each detected face
SFaceSFace.pte96 MBConverts a face into a 2048-number biometric embedding

The SFace variant is scaled significantly larger than the public reference — 96MB versus ~40MB, with 2048-dimension output versus the public version’s 128-512 dimensions. This isn’t a leftover demo model. It’s a production-scale face embedder.

The Pipeline: How It Works

The researcher ran the full pipeline end-to-end and documented every step:

  1. Detect: SCRFD finds faces in an image
  2. Align: KPSAligner crops and aligns each face
  3. Embed: SFace converts each face into a 2048-float biometric fingerprint
  4. Search: A cosine-similarity query runs against a local vector index (objects.db using sqlite-vec)
  5. Match or stage: If the face matches, a notification fires: “Person recognized — Recognized [Name]”. If no match, the face crop (.jpg) and fingerprint (.emb) are written to NameTagsPending/ on disk

The database schema is a coherent recognition system:

  • person table: stores nodeid, name, uri, blob
  • face table: links faces to people via personUri
  • face_mediaPath_vec: a vector index (float[2048], cosine distance) for similarity search

The 2048-dimension embedding, the cosine metric, and the sqlite-vec extension are all mutually consistent. This isn’t stray dead code. It’s a purpose-built system where every component matches every other component.

The Notification: “Person Recognized”

The notification surface is fully wired in production code:

  • Dedicated Android notification channel: nametags_recognition
  • Title: always “Person recognized”
  • Body: always “Recognized ” + the matched name from the database
  • Tappable: deep-links to fb-viewapp://name_tags?face_id=<face_id>

One honest caveat: in v273, the destination screen the notification points to isn’t built into the navigation graph. Tapping it routes to Stella’s default tab. The notification fires, but the profile screen it’s meant to open doesn’t exist in this release.

The Unmatched Faces: NameTagsPending

Here’s the part that should make privacy advocates reach for the antacids.

When the pipeline sees a face it doesn’t recognise, it writes two files to NameTagsPending/:

  • A .jpg — the cropped, aligned face image
  • A .emb — the 2048-float SFace biometric fingerprint (8,192 bytes, L2-normalized)

These files persist across reboots. The directory is mode 0700 (owner-only). The embedding is verified as a canonical L2-normalized face fingerprint.

The researcher’s reading of NameTagsPending is worth quoting directly: “faces pending a name — biometrically encoded, awaiting a label.” A face image and its fingerprint, stored side by side in plaintext, is precisely the dataset you would assemble if you intended to retroactively identify faces once a label arrives.

What Meta Isn’t Doing (And Why That Matters)

To be absolutely clear about what this does not mean:

  • The user-facing UI does not appear on stock accounts
  • The “Connections” card (“Remember the people you met”) is hidden
  • No server-pushed identity data was observed on the test account
  • The profile screen the notification links to is missing from the build

Meta is not secretly identifying the people you look at. This is not a covert surveillance system currently operating.

But: building, shipping, and wiring this much apparatus down to a 2048-dimension facial fingerprinting system and a hardcoded “Person recognized” notification is an engineering investment. Capability that doesn’t ship by accident.

Whether and when it goes into production is Meta’s to answer. Over 70 civil liberties groups — including the ACLU and EFF — have called on Meta to halt.

The Technical Context: Why This Is Different

Face detection on devices is common. Phone cameras detect faces for autofocus and framing all the time. Shipping detection models is not, by itself, evidence of recognition.

What makes this different is the recognition stack:

  • A 2048-dimension biometric embedding model (not just detection)
  • A cosine-similarity vector index dimensioned exactly to match that model
  • A write path that stages unrecognised faces with their fingerprints to persistent storage
  • A notification surface with a hardcoded “Person recognized” template
  • A database schema linking faces to named person records
  • A sync namespace (RLDrive’s person_profiles) designed for server-side population

Every one of these components serves the purpose of identifying specific individuals by their face. None of them is necessary for face detection, autofocus, or any non-recognition use case.

💰 Investment Angle

The Technology — What Changed

A complete on-device facial recognition pipeline has been found shipped in Meta’s smart glasses companion app. The system is functional but dormant — gated off for regular users.

The Opportunity — Who Benefits

  • Meta’s hardware play: If Meta activates this, smart glasses become the most powerful consumer surveillance device ever shipped. The commercial applications are enormous: networking at events, personalised retail, targeted advertising based on who you’re looking at. This is the kind of capability that could justify Meta’s entire hardware investment.
  • Privacy and security companies: Every revelation like this drives demand for privacy tools, camera detection systems, and anti-surveillance technology. Companies building face-blurring tools, privacy-first camera hardware, and personal data protection are on the right side of this trend.
  • Regulatory compliance: The EU’s AI Act classifies real-time biometric identification as high-risk. If Meta activates this in any EU jurisdiction, the compliance and consulting market explodes.

The Risk — What Could Go Wrong

  • Regulatory devastation: Real-time facial recognition on consumer wearables is essentially banned under the EU AI Act and faces restrictions in multiple US states. Activating this could trigger fines measured in percentages of global revenue, product bans, and forced device recalls.
  • Consumer backlash: The “dormant but functional” revelation is arguably worse than active surveillance. It says: we built the tool, we shipped it to your device, we’re just waiting for the right moment. That erodes trust in ways a data breach doesn’t.
  • Meta’s ad model risk: If consumers believe Meta glasses are surveillance devices, the entire product category loses. Smart glasses adoption is already slow. A facial recognition scandal could kill the category for everyone, not just Meta.
  • Competitor collateral: Apple’s Vision Pro, Snap’s Spectacles, and every other AR glasses maker faces guilt by association. The smart glasses market is fragile enough without one player turning them into stalker tech.

What About New Zealand?

NZ’s Privacy Act 2020 includes biometric information as sensitive personal information, requiring explicit consent before collection. If Meta activated this feature for NZ users, the Privacy Commissioner would likely investigate immediately. But the harder question is the dormant pipeline: does shipping a facial recognition system that isn’t active count as “collection”? Under current NZ law, that’s grey area.

The 70+ civil liberties groups calling on Meta to halt include no NZ organisations specifically, but the implications are direct. NZ has no standalone AI regulation. The Privacy Act is our main line of defence, and it wasn’t written with wearable biometric pipelines in mind.

🔍 THE BOTTOM LINE (Revisited)

Meta built a facial recognition machine for your face. It’s on your phone right now if you use Stella. It can detect your friends, generate their biometric fingerprints, search a local index, and tell you who you’re looking at. It works. It’s not turned on.

The researcher who found this put it precisely: “Capability that doesn’t ship by accident.” Meta can explain why it’s there. But they’ll need to, because 70 civil liberties organisations, every privacy regulator in the EU, and anyone who’s ever worn a pair of smart glasses in public is going to ask.

❓ Frequently Asked Questions

Q: Is Meta currently identifying people through smart glasses? No. The researcher was explicit: on a stock account, the user-facing UI doesn’t appear, no server-pushed identity data was observed, and the pipeline is gated off for regular users. The system is functional but not active.

Q: What should I do if I use Meta smart glasses? Right now, nothing urgent — the feature isn’t active. But it’s worth watching Meta’s privacy policy updates. If the “Connections” feature appears in a future app update, that’s the signal that the pipeline is being activated. At that point, decide whether you want a wearable biometric recognition device on your face.

Q: What does this mean for NZ? NZ’s Privacy Act covers biometric information as sensitive data requiring consent. If Meta activates this feature for NZ users, it would likely require explicit consent under current law. But the dormant pipeline itself — shipped but inactive — sits in a regulatory grey zone that NZ law doesn’t clearly address.

Q: Why is this different from face detection on phones? Face detection (finding a face in an image) is common and used for autofocus, framing, and basic photo organisation. Face recognition (identifying who the face belongs to) requires biometric fingerprinting, a database of known faces, and a matching algorithm. This system does recognition, not just detection.

SOURCES

Sources: buchodi.com, WIRED, Hacker News

Related Articles