Students used Meta’s smart glasses to automatically dox strangers via Instagram streams

Share

An unsettling report from 404 Media has shed light on some ways that the Ray-Ban Meta smart glasses could be used to violate people’s privacy. Two Harvard students used facial recognition tech and a large language model to unearth a subject’s name, occupation and other details. Their setup (dubbed I-XRAY) can use that information to pull together other data about the person including their address, phone number, family member details and partial Social Security Numbers from a variety of sources on the web. All of this is said to happen automatically.

While this would be possible with a variety of cameras, AnhPhu Nguyen and Caine Ardayfio opted to use Meta’s smart glasses since “they look almost indistinguishable from regular glasses” and have a camera built in. A demo video shows the students using the glasses to swiftly find out information about people they meet in public. Nguyen and Ardayfio address people who appear to be strangers by name, discuss their work and bring up a place where they may have met in the past, based on information gleaned through the facial recognition setup.

In the video, it’s explained that the students stream video from the glasses to Instagram. The stream is monitored by a computer program. Once AI detects someone’s face, their I-XRAY system pulls more photos of that person from the web along with public information about them. The program then feeds those details back to a mobile app that Nguyen and Ardayfio built. It can take just a couple of minutes for this process to play out.

The students told 404 Media that they developed I-XRAY to make people aware of what’s possible with this technology and they won’t release the code that they used. Nguyen said that while some of the people they showed the tech to suggested they might use it to network or prank friends, others pointed out some serious safety concerns. “Some dude could just find some girl’s home address on the train and just follow them home,” Nguyen pointed out.

In a Google Doc that explains some of the tech behind their system, Nguyen and Ardayfio provide resources detailing how to remove your information from the services that they used for I-XRAY. Those concerned about their privacy may also want to consider using personal information removal services such as DeleteMe or Incogni.

This kind of technology isn’t inherently new — 404 Media points out that Meta and Google have had the ability to apply facial recognition to a camera feed for years, but didn’t release it publicly. But the ability to use it in off-the-shelf smart glasses that appear relatively innocuous (save for a light that is active when the camera is recording) may give cause for concern.

When asked for comment, Meta referred Engadget to this section of its terms of service regarding Facebook View, an accompanying app for the smart glasses:

Your responsibility for your use of Facebook View. You are responsible for complying with all applicable laws when using Facebook View, and for providing any notice or obtaining any consents, as required under video recording, audio recording, biometric data, or other privacy, data protection, or other applicable laws, from other individuals who use your Facebook View or interact with you while you are using Facebook View. You are also responsible for using Facebook View in a safe, lawful, and respectful manner. You may not tamper with the Glasses, or otherwise obscure or modify any of the features on the Glasses that signal to others that the Glasses are recording (including the external-facing LED light).

Facebook View is intended for purely personal or household use. You may only use Facebook View for personal non-commercial purposes subject to the Terms and any other terms made available by us relating to Facebook View. Except to the extent such restriction is prohibited under applicable law, you will not disassemble, decompile, reverse engineer, decrypt, or attempt to derive any code or extract software from Facebook View. Except to the extent expressly permitted by us, you will not prepare derivative works based upon, distribute, license, sell, rent, transfer, publicly display, publicly perform, transmit, stream, broadcast or otherwise exploit Facebook View or any software, content, or services made available on or through Facebook View.