Decompiled Stella v273.0.0.21 and found three face models (detector, aligner, embedder), a local SQLite schema for face identities, and a cosine-similarity vector index dimensioned to the embeddings. Argues this is the entire textbook face-recognition pipeline shipped to every device — the only thing missing is a flag flip, which makes Meta's official 'glasses do not perform facial recognition' line technically true but materially misleading.
Speaks from personal experience with prosopagnosia (face blindness) and argues an offline, local-only face database would be transformative for people who can't recognize faces unaided. Frames the core tension as 'accessibility shouldn't require giving up privacy' — the technology exists, the question is whether it can ship in a form that doesn't also enable mass surveillance.
Points to the conference-organizer scenario — a bounded lookup against speakers and attendees who have explicitly opted in. Argues the technology isn't inherently abusive; the abuse comes from open-world identification of strangers, and a constrained, consented database is a different product entirely.
Inverts the framing: instead of asking what recognition can do for the wearer, asks what protects bystanders. Argues the market gap is a device that warns you when someone nearby is actively running a face-recognition pipeline, treating ambient identification as a threat to be detected rather than a feature to be enabled.
A researcher decompiled version 273.0.0.21 of Stella (`com.facebook.stella`), the Android companion for Meta's Ray-Ban and Oakley smart glasses, and surfaced something Meta has consistently declined to confirm in public: the entire computational and storage stack for on-device facial recognition is already shipped in the app — three face models, a local SQLite database with a schema for face identities, and a cosine-similarity vector index dimensioned to match the model embeddings.
The components map cleanly to a textbook face-recognition pipeline. There's a detector (locates faces in a frame), an aligner (normalizes pose), and an embedder (turns a face crop into a fixed-length vector). The local database stores `(identity_id, embedding_vector, metadata)` rows. A query runs the camera frame through the same embedder, computes cosine similarity against stored vectors, and returns the nearest match above a threshold. None of this requires a server round-trip.
Meta's official position, repeated since the Ray-Ban Stories launch in 2021, is that the glasses do not perform facial recognition. The Stella binary doesn't contradict that — strictly speaking, an unused code path is not a feature. But the gap between "we don't do this" and "we have shipped, on every device, the machinery to do this the moment a flag flips" is the entire story.
The HN thread surfaced the three reactions that matter. The accessibility case is real: RobotToaster, who has prosopagnosia, points out that an offline face-recognition database would be genuinely life-changing for people with face blindness — and that "accessibility shouldn't require giving up privacy." The conference-organizer case from simonw is the obvious productive use: a closed-set lookup against speakers and attendees you've already consented to. And aanet captures the inverse demand — a wearable that *warns* you when someone nearby is running a recognition pipeline against your face.
All three use cases are technically served by exactly the architecture Meta shipped. None of them are served by the product Meta is selling. That's the tell. On-device inference, local vector store, no network dependency — this is what privacy advocates have been asking for since Google Glass in 2012. It's also, not coincidentally, what regulators want: data minimization, purpose limitation, no biometric template ever leaving the device. Meta built the privacy-preserving version. They just didn't ship the UI.
The legal exposure is the part the comment from bensyverson gets right with one link. Illinois's Biometric Information Privacy Act (BIPA) creates a private right of action with statutory damages of $1,000 per negligent violation and $5,000 per intentional one. The Rosenbach v. Six Flags decision (2019) established that no actual harm is required — collection without written consent is the violation. Texas CUBI and Washington's HB 1493 are weaker (no private right of action) but still material. The EU AI Act classifies remote biometric identification in publicly accessible spaces as a prohibited practice for law enforcement and a high-risk system in commercial contexts; Article 5 takes effect February 2025 and full high-risk obligations land August 2026.
Here's the part developers should internalize: under BIPA and the AI Act, the trigger for compliance obligations is the collection and storage of biometric identifiers, not whether you act on them. If the Stella database ever writes a row keyed to a real person without that person's written, informed consent — even if no UI ever surfaces the match — Meta has crossed the line. The architecture the researcher found makes this a per-device, per-encounter risk, multiplied by however many Ray-Ban Metas are in the field (Meta hasn't disclosed unit counts, but EssilorLuxottica's earnings calls have referenced "strong double-digit growth" through 2025).
The community comment from redbell points at the broader pattern. Meta's smart-glasses program has already absorbed reporting about Ray-Ban Metas being used to record people without consent in private settings. Adding latent face-recognition capability to those same devices is the kind of decision that gets cited in a complaint, not a press release.
If you ship a mobile or wearable product with any computer vision component, three concrete implications:
First, the "on-device = safe" defense is over. Regulators and plaintiffs' lawyers now understand that on-device inference can still produce biometric templates that are legally identifiers under BIPA, CCPA, and GDPR Article 9. If you have an embedding vector tied to a person, you have biometric data. The fact that it never hits your server doesn't change the classification. Audit your own apps: do you have a `FaceEmbedding`, `VoiceEmbedding`, or `GaitVector` table anywhere, including in SQLite on the device? If yes, you need a consent flow and a deletion mechanism today.
Second, presence of code is the new threat model. Security researchers, regulators, and competitors are now decompiling shipping apps and reading the schemas. "We don't enable this feature" is no longer a defensible position if the feature is present, instrumented, and one server-side flag away. Treat unused ML pipelines in production binaries the same way you'd treat an unused admin endpoint — strip it from the build, don't dark-ship it.
Third, the accessibility gap is a real product opportunity. RobotToaster's comment is not an edge case. Roughly 2% of the population has some form of developmental prosopagnosia. An offline, user-controlled face-recognition app — where the user enrolls their own friends and family with explicit consent — is a legitimate accessibility tool that nobody currently ships well. The full stack to build it is sitting in Stella's APK; the missing piece is a vendor willing to make it the *product* rather than the dark feature.
The interesting question isn't whether Meta turns the feature on — they almost certainly will, eventually, with a celebratory "Meet your friends faster" announcement and an opt-in toggle buried three menus deep. The question is what the BIPA bar does first. Plaintiffs' firms have spent the last six years building a playbook against Clearview, Google Photos, and Facebook's old tag-suggestions feature. A shipping binary with a fully wired face-pipeline is the easiest discovery target they've had in years. Expect the first complaint to cite the Stella decompilation directly, and expect every other wearable maker — Apple, Snap, Samsung — to be quietly reviewing their own dark-shipped CV code this week.
When Google Glass first released back in 2012 I was running a conference technology startup, and since we had a database full of speaker and attendee profile photos the obvious thing we could build with Glass would be a "your glasses help you spot the people you are planning to meet in a crowde
I'd like to wear an EXACT OPPOSITE of this...Namely, if someone is using Facebook's AI-powered glasses in my vicinity, I want to get a notification (of some sort) so that I can avoid those persons
IMHO, Meta is the prime example for privacy intrusion in tech history and with this new smart glasses device, they've leveled their game too far by recording people in their home, sometimes even naked, without their consent. This was already discussed here about a month ago: Meta in row after w
That makes them illegal in Europe afaik.
Top 10 dev stories every morning at 8am UTC. AI-curated. Retro terminal HTML email.
I wish something like this existed that was completely offline. I'm face blind (prosopagnosia) so being able to feed an offline database photos of friends so it can recognise them would be great.Accessibility shouldn't require giving up privacy.