Meta’s hidden face recognition code and a growing AI surveillance problem
AI is rapidly reshaping how we communicate, work, and move through the world—but it’s also supercharging surveillance. Over the past week, a series of stories highlighted how big tech companies and governments are quietly expanding their ability to watch, profile, and control users, often under the banner of safety or innovation.
Meta quietly ships hidden face recognition code
Meta embedded an unreleased facial recognition system inside its Meta AI app, which was pushed to more than 50 million phones. Buried in the code was a feature designed to turn faces captured by Meta’s smart glasses into unique biometric signatures—"faceprints"—and compare them against a database stored on the user’s device.
Investigations found that when the system failed to recognize a face, it would crop, index, and store that face locally for future processing. Code references to a feature called "name tag" remained in public app builds even after the story went public, though Meta later removed them in an update.
Meta’s response: ‘exploratory’ features that ‘don’t exist’
Meta’s official line is that the facial recognition feature was “purely exploratory” and that no final decision had been made about launching it. That’s a hard claim to square with the reality that the code shipped in public versions of an app installed on tens of millions of devices.
When pressed on how the system would work, a Meta representative reportedly said they couldn’t answer because “the feature doesn’t exist.” Meta’s CTO went further, calling the reporting “incredibly misleading and absolutely dishonest,” even though the company had declined to answer key questions before publication, including:
• Whether a database of face profiles had already been created
• How long photos and biometric data are retained
• Whether any of that data is ever sent back to Meta’s servers
The result is a familiar pattern: ship invasive capabilities first, then downplay or deny when they’re discovered.
Smart glasses, AI, and real-world profiling
Meta’s Ray-Ban smart glasses are marketed as a cool AI gadget, but they’re also an ideal surveillance device. They look like normal glasses, record video discreetly, and can run AI models that analyze what they see. Users have described feeling like “a creep” wearing them, and online they’ve already picked up nicknames like “pervert glasses.”
Even if Meta never officially launches full facial recognition, the hardware is already out there. Developers are experimenting with third-party code to add face recognition and other profiling features on top of Meta’s platform. That means strangers could walk down the street and silently build dossiers on the people around them—powered by AI running on off-the-shelf consumer hardware.
For anyone considering these glasses, the trade-off is stark: you’re handing an already controversial company even more intimate behavioral and biometric data, while also normalizing a new layer of ambient surveillance in public spaces.
Microsoft and the rise of AI-focused supply-chain attacks
AI isn’t just being used to surveil people—it’s also becoming a prime target for attackers. For the second time in weeks, Microsoft’s open-source packages were compromised and laced with credential-stealing malware designed to be triggered by AI agents.
In the latest incident, 73 packages were pushed to Microsoft’s GitHub repositories. When opened or executed by an AI agent, they ran a self-replicating stealer now known as the "miasma" worm. Its goals were serious:
• Steal passwords and secrets from password managers
• Extract developer keys and tokens
• Spread laterally through cloud infrastructure to other developer machines
The same Microsoft GitHub account had been compromised in an earlier May attack involving Python SDK packages on PyPI, raising questions about whether credentials were properly rotated or whether a developer machine remained infected. Other reports suggest the campaign also hit 32 Red Hat NPM packages before pivoting to Microsoft resources.
While Microsoft says the June 5 incident was contained within 105 seconds, the pattern is clear: AI tooling, SDKs, and agent workflows are now high-value targets. If you’re building with AI packages, agents, or SDKs, treat your dependency chain as critical infrastructure—monitor updates, pin versions where possible, and follow security advisories closely.
The UK’s push to scan every device
In the UK, the government is increasingly turning to surveillance as a one-size-fits-all solution to online harms. The latest proposal: require tech companies to activate nudity detection algorithms or similar scanning tools on smartphones and tablets to stop users from taking or sharing images of genitalia unless they’re verified adults.
On paper, protecting children from exploitation is a goal almost everyone agrees on. In practice, the proposal runs into major technical and privacy problems:
• To reliably block underage users, devices would need robust age verification tied to real-world identity.
• That implies building identity-linked profiles for nearly every device owner in the country.
• On-device scanning of all photos and messages risks undermining encryption and creating a powerful surveillance infrastructure that can be repurposed later.
The government has framed this as an ultimatum: if companies don’t comply within three months, it will push legislation to force scanning protections onto all phones sold in the UK.
Signal’s warning about invisible surveillance infrastructure
Encrypted messenger Signal responded with a blunt public statement arguing that the proposal won’t keep children safe and will instead normalize mass surveillance. Signal points out that real child safety looks like:
• Well-funded education and support services
• Strong social protections
• Meaningful guardrails on the same AI platforms the government is currently courting
By contrast, the UK’s plan would create “invisible surveillance infrastructure switched on by default,” with little regard for how it could be abused or how it erodes private, secure spaces online. Signal’s position is that encryption itself is part of child protection, not a threat to it.
US privacy laws: a win in Massachusetts, a setback in Texas
In the US, state-level privacy laws continue to evolve in very different directions.
Massachusetts bans sale of precise location data
Massachusetts passed a strong privacy rights bill with a unanimous 146–0 vote. The law bans the sale of precise location data and restricts sharing or selling sensitive information without explicit consent, including:
• Biometrics
• Precise geolocation
• Data related to religion, immigration status, or sexual orientation
Laws like this won’t dismantle the data broker ecosystem overnight, but they raise the baseline. Companies now face legal risk if they trade in highly sensitive data without clear consent, and individuals gain rights they can invoke when something goes wrong.
Texas pushes mandatory age verification via Apple and Google
Texas, meanwhile, has taken a different path. Under SB 2420, Apple and Google must verify users’ ages when they create accounts, effectively turning platform accounts into age gates for app marketplaces. Apple reportedly tried to convince the governor to veto the bill, but it was signed into law and has now taken effect.
The courts still need to decide whether Texas can impose these requirements on app stores and whether the law is constitutional. In the meantime, it moves more identity verification power into the hands of platform giants, with unclear long-term privacy consequences.
The FCC’s plan that could kill burner phones
At the federal level, the US Federal Communications Commission (FCC) is exploring new rules to combat robocalls and other phone-based abuse. One of the ideas on the table: require telecoms to collect more personally identifiable information from customers, effectively making anonymous or low-friction “burner” phones much harder to obtain.
Telecoms already hold highly sensitive data—phone numbers, call logs, SMS metadata, often Social Security numbers, and in many cases web and DNS traffic. They also have a long history of data breaches and weak privacy practices. Forcing everyone to hand over even more data to these companies risks expanding a surveillance chokepoint without addressing the root causes of robocalls.
A more effective approach would likely target the data broker industry that sells huge lists of phone numbers and personal details, which robocallers can easily buy. Instead, the FCC is considering measures that could make life harder for ordinary users who rely on prepaid or low-identity SIMs for safety, privacy, or activism.
The one encouraging sign: the FCC is explicitly asking for public input on both effectiveness and privacy risks, including how to mitigate harm. That’s a much more open posture than some other governments have taken, and it gives security and privacy experts a chance to influence the outcome.
Recent data breaches and AI-adjacent incidents
Several notable breaches and security incidents also surfaced, many of them touching AI, cloud, or identity systems:
• A dental insurer, DentaQuest, was hit by a breach linked to the ShinyHunters group.
• The UN World Food Programme reported a breach of a self-registration app used in Gaza, affecting around 600,000 households and exposing sensitive humanitarian data.
• ServiceNow disclosed an incident exposing some customer data, a concern given its role in enterprise workflows and automation.
• SoFi confirmed a third-party breach at its Hong Kong subsidiary.
One of the most closely watched cases involved password manager Dashlane. Attackers brute-forced an API endpoint for device registration, triggering automated defenses but still managing to access 20 users’ encrypted vaults before being stopped. Unlike the infamous LastPass breach, Dashlane encrypts all vault fields and uses modern key-stretching (Argon2), so the risk depends heavily on how strong each user’s master password is. Those 20 users have been notified and should assume every credential in their vault needs to be rotated.
Oxford University also disclosed a breach via a third-party careers platform, and the French government reported a hijacking of accounts on a government messaging service—both reminders that critical systems often depend on external vendors with their own security posture.
More Meta trouble: AI chatbot abuse and Instagram account theft
Meta’s AI problems don’t stop at hidden face recognition. As covered in a deeper look at how hackers jailbroke Meta’s AI chatbot, a poorly designed AI support flow on Instagram allowed attackers to hijack over 20,000 accounts.
By manipulating the AI assistant, attackers could trick it into helping them bypass security checks and gain control of victims’ profiles. It’s a textbook example of what happens when companies bolt AI assistants onto critical account systems without robust guardrails, red-teaming, or human oversight.
Zero-days, supply-chain attacks, and new ‘lockdown’ modes
On the technical front, the week brought a wave of new vulnerabilities and mitigations, many of them intersecting with AI or developer tooling:
• Google patched yet another Chrome zero-day exploited in the wild, affecting all Chromium-based browsers.
• A vulnerability in the Everest Forms Pro WordPress plugin allowed site takeovers for unpatched installs.
• WhatsApp reported new spyware attacks linked to NSO Group and introduced a stricter account protection mode for high-risk users, similar in spirit to Apple’s Lockdown Mode.
• Microsoft patched two high-severity zero-days disclosed by the researcher known as "Nightmare Eclipse."
• A Unifi OS bug allowed unauthenticated attackers to gain root access on affected devices.
• Gogs, a self-hosted Git service, fixed a critical zero-day that enabled remote code execution.
Supply-chain attacks also continued to surge:
• The "Ironworm" campaign infected 36 NPM packages with info-stealing malware.
• Another campaign compromised 19 Python packages on PyPI, including libraries like Dynamo, Spadio, and others.
• The Windows version of Hola Browser was found to be serving a crypto miner after a supply-chain compromise.
In response to growing concerns about prompt injection and data exfiltration, OpenAI announced its own "lockdown mode" for ChatGPT. The feature is aimed at organizations handling sensitive data and restricts capabilities like live web browsing, image retrieval, and certain agent behaviors to reduce the risk of untrusted content hijacking AI workflows.
Apple’s AI-powered password changes and new tracking threats
At WWDC, Apple revealed a wave of AI features, including an agentic capability that can detect weak passwords stored in Apple Passwords and automatically change them to stronger ones on supported sites. If it works reliably and transparently, this could substantially improve password hygiene for mainstream users—but it also raises questions about how much control users have over automated changes and how these flows interact with third-party services.
On the surveillance side, a company called Signal Trace (not related to the Signal messenger) is working to combine license plate readers with Bluetooth and other wireless signals to track phones, AirPods, and smartwatches alongside vehicles. That kind of sensor fusion makes it easier to link physical devices, identities, and movement patterns into a single, highly detailed profile.
Open-source and privacy-friendly tools to watch
Amid all the bad news, there were also promising updates from the open-source and privacy-respecting ecosystem—many of them directly relevant to AI users and developers.
Tails, Firefox, and VPN improvements
The Tails project, which provides an amnesic, privacy-focused operating system that routes all traffic through Tor, released version 7.8.1 with important security fixes. If you rely on Tails for sensitive work, updating promptly is essential.
Firefox merged support for Vulkan video decoding, which should improve performance and compatibility on Linux systems, especially for users with NVIDIA GPUs. Mozilla also temporarily removed the 50 GB cap on its free Firefox VPN offering, making it unlimited through August 31st—a useful option for beginners who want a basic privacy layer without committing to a paid VPN.
Nextcloud, Proton Drive, and privacy-first storage
Nextcloud Hub 26 arrived as part of the project’s 10-year anniversary, bringing UI refinements and a major office suite upgrade. Users can now choose between Collabora and EuroOffice as the backend for Nextcloud Office, giving self-hosters more flexibility for collaborative document editing.
For those who prefer hosted services, Proton announced big improvements to Proton Drive: up to 3x faster performance across platforms, 2x faster downloads, and a new Proton Drive CLI for Linux. While it’s not yet a full GUI client, the CLI already enables scripting and automation for backups and sync workflows, and Proton says a full Linux app is in development.
FUTO Keyboard, Brave Origin, and public code in Europe
On mobile, FUTO Keyboard—an open-source Android keyboard focused on privacy—rolled out more accurate swipe typing, Unicode 17 emoji support, and other refinements. It’s a strong alternative for users who want to avoid data-hungry proprietary keyboards.
Brave launched Brave Origin, a paid, bloat-free version of its browser aimed at users who want a cleaner experience without optional extras. For a deeper breakdown of Brave’s positioning in the AI and privacy landscape, you can compare it with other emerging AI-centric devices and platforms, such as those discussed in this analysis of a potential OpenAI-powered phone.
In Europe, the Free Software Foundation Europe (FSFE) welcomed the European Commission’s explicit recognition of the "Public Money, Public Code" principle—the idea that software funded by taxpayers should be released as free and open source. While the Commission still lacks concrete milestones and funding commitments, this is a significant symbolic win for the open-source community and could eventually lead to more transparent, auditable public-sector software.
Loop: showing what iOS apps really know about you
One of the most interesting new tools is Loop (LOUPE), an open-source iOS and iPadOS app from security researcher Mysk. Loop scans your device and shows what other apps can infer about you even without explicit permissions.
It visualizes:
• Installed apps (e.g., messaging, finance, health) that reveal your interests and habits
• Recent locations and movement patterns
• System-level signals that any app can passively observe
All analysis happens locally on your device, and the app is open source, making it a powerful educational tool for showing friends and family how much data a "simple" app can access by default. For anyone trying to explain why native apps are often more invasive than websites, Loop is a compelling demo.
What this all means for AI and privacy
Across all these stories, a few themes stand out:
• AI is being deeply integrated into hardware (smart glasses, phones), platforms (Meta, Apple, Microsoft), and infrastructure (telecoms, government systems).
• The same AI capabilities that make tools more powerful also make surveillance, profiling, and attacks more scalable.
• Governments are increasingly leaning on scanning, age verification, and identity linkage as default answers to complex social problems.
• Open-source projects and privacy-focused tools are racing to give users alternatives—but they need support, funding, and strong legal frameworks to thrive.
For now, the best defense is awareness and deliberate choice: understand what your devices and apps can do, favor tools that minimize data collection, and pay attention to how AI features are wired into your everyday platforms. The line between "assistant" and "surveillance system" is getting thinner—and the decisions we make now will determine which side of that line becomes the norm.
Comments
No comments yet. Be the first to share your thoughts!