Meta Portal

Warning: *Privacy Not Included with this product

Meta Portal

Wi-Fi Bluetooth

Review date: Nov. 9, 2022


Mozilla says

People voted: Super creepy

Let's be honest, Meta (formerly Facebook) has a pretty terrible track record when it comes to protecting their users' privacy (remember that record $5 billion dollar fine for privacy failures?). Now they're asking people to drop a couple hundred dollars to put a device with an AI-powered smart camera capable of tracking your every move and an Alexa-powered, always listening microphone in your home. What could go wrong? Given Meta/Facebook's terrible track record on privacy, we're worried a lot.

What could happen if something goes wrong?

Meta (you know, the company that used to be Facebook), has a very long history of betraying users' privacy and trust. They've faced record fines around the world for this and have been caught hiding data leaks from their users. In April 2021, it was reported the personal information of more than 500 million Facebook users was shared online in a massive data leak. Then there was the 2022 admission that over one million Facebook users’ login info may have been compromised due to malicious apps stealing data through the Facebook third-party login (hey, Meta/Facebook did announce this themselves, so, good for them). And the report that Meta/Facebook’s own engineers say they don’t have control and understanding of how their systems use all that data they collect on your. All this this coupled with with the Facebook whistleblower testimony in 2021 to the US Congress that outlined the harms Meta/Facebook causes and the dishonest way they approach dealing with these harms and Meta/Facebook appears to be one of most immoral companies we review in *Privacy Not Included.

This is the starting point for a device you bring into your home with an AI-powered smart camera and microphone that sends data back to Meta/Facebook regularly. To use the device, consumers are required to have a Facebook or Whatsapp account (a Workplace plan can also be used but those are paid business plans), another flag for us as Meta/Facebook collects and shares a large amount of user data and doesn’t always secure that data properly.

Which is why we are happy to see that Meta/Facebook plans to no longer produce the consumer version of their Meta/Facebook Portal devices (this includes the Meta Portal, Meta Portal Go, Meta Portal Plus, and Meta Portal TV). These products never felt like a good idea for consumers to bring into their homes, so we’re more than happy to see them go. They are still for sale on Meta’s website at the time of this review though, so buyer beware! Because, the question comes down to, does Meta/Facebook have your best interests at heart when it collects all the data this device is capable of collecting? From Cambridge Analytica to where we are today, the answer to that question is a resounding NO. We're afraid these devices come with *Privacy Not Included.

One more note on Meta from a privacy researcher’s point of view. Trying to read through Meta's crazy network of privacy policies, privacy FAQs, privacy statements, privacy notices, and supplemental privacy documentation for their vast empire is a nightmare. There are so many documents that link to other documents that link back even more documents that understanding and making sense of Meta's actual privacy practices feels almost impossible. We wonder if this is by design, to confuse us all so we just give up? Or, if maybe even Meta'’s own employees possibly don’t know and understand the vast network of privacy policies and documentation they have living all over the place? Regardless, this privacy researcher would love to see Meta do better when it comes to making their privacy policies accessible to the consumers they impact.

Tips to protect yourself

  • Check Meta Portal privacy settings.
  • Keep your location data private
  • Note that when sharing data with third-parties services, the third-party privacy policy applies.
  • You can disable the camera and built-in microphone on Portal with a single tap or with a sliding switch. A red light next to the lens indicates the camera and microphone are off.
  • When starting a sign-up, do not agree to tracking of your data.
  • Do not sign up with third-party accounts. Better just log in with email and strong password.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • mobile

Can it snoop on me? information


Device: Yes

App: Yes


Device: Yes

App: Yes

Tracks location

Device: Yes

App: Yes

What can be used to sign up?

Facebook or WhatsApp account is required

What data does the company collect?

How does the company use this data?

Meta receives data on its users from "third parties incl. advertisers and third-party data providers who have the rights to provide us with your information", whether users have Facebook account or not:
"Advertisers, app developers, and publishers can send us information through Meta Business Tools they use, including our social plug-ins (such as the Like button), Facebook Login, our APIs and SDKs, or the Meta pixel. These partners provide information about your activities off of our Products—including information about your device, websites you visit, purchases you make, the ads you see, and how you use their services—whether or not you have an account or are logged into our Products. For example, a game developer could use our API to tell us what games you play, or a business could tell us about a purchase you made in its store.We also receive information about your online and offline actions and purchases from third-party data providers who have the rights to provide us with your information."

Video call content is not used for advertisement: "Facebook does not listen to, view or keep the contents of your Portal video calls. This means nothing you say on a Portal video call is accessed by Facebook or used for advertising."

Lots of other data collected when using the Portal can be used for Facebook advertisement though: "Portal is integrated with some of your Messenger and Facebook experiences. When you use Portal, we process the same kinds of information as when you use Facebook products on your other devices. Some of this information, including the fact that you logged into your account or how often you use a feature or app, may be used to inform the ads you see across Facebook."

While Facebook is not sharing ads on Portal, third-party apps are. "We don’t show Facebook ads on Portal. However, you may see ads from some third-party apps on Portal (e.g., music partners) in the same way you’ll see ads from these services on other devices."

Facebook says it does not sell any of your information to anyone, and never will. However, it shares data with numerous third parties such as partners who use their analytics services, advertisers, measurement partners, partners offering goods and services in Facebook products, vendors and service providers, researchers and academics, law enforcement, and legal requests.

Facebook is using data to help third parties provide and measure advertisement: "We use the information we have (including your activity off our Products, such as the websites you visit and ads you see) to help advertisers and other partners measure the effectiveness and distribution of their ads and services, and understand the types of people who use their services and how people interact with their websites, apps, and services. Learn how we share information with these partners. "

Facebook says that it does not use voice data for targeted ads. However, the metadata about your Portal usage – how often you make video calls or use in-call apps or features – can be used to target you with advertisements across the Facebook advertisement network..

In addition, Facebook collects personal data from its partners. These partners provide information about your activities off Facebook — including information about your device, websites you visit, purchases you make, the ads you see, and how you use their services—whether or not you have a Facebook account or are logged into Facebook.

Facebook shares information it collects on Portal with independent apps and services that integrate with Portal. This may include information about a user’s Portal device, such as device name, IP address, and zip code, as well as other information to help them provide the services requested by the user (for example, the text and subject of their voice commands to the app, service or integration through “Hey Portal”). The information collected by these independent apps, services, or integrations is subject to their own terms and policies.

How can you control your data?

It is unclear if all users regardless of location can get their data deleted. Facebook mentions GDPR and CCPA right to delete data.

"We store data until it is no longer necessary to provide our services and Meta Products, or until your account is deleted - whichever comes first. This is a case-by-case determination that depends on things like the nature of the data, why it is collected and processed, and relevant legal or operational retention needs. For example, when you search for something on Facebook, you can access and delete that query from within your search history at any time, but the log of that search is deleted after 6 months. If you submit a copy of your government-issued ID for account verification purposes, we delete that copy 30 days after review, unless otherwise stated. Learn more about deletion of content you have shared and cookie data obtained through social plugins.

When you delete your account, we delete things you have posted, such as your photos and status updates, and you won't be able to recover that information later. Information that others have shared about you isn't part of your account and won't be deleted. If you don't want to delete your account but want to temporarily stop using the Products, you can deactivate your account instead. To delete your account at any time, please visit the Facebook Settings and Instagram Settings. "

Facebook Assistant activates when it hears “Hey Portal” and gives you a visual confirmation at the bottom of the screen. When your Portal hears the wake word, it will start to record your voice interaction and send it to Facebook servers in real-time to respond to your request. When you turn Portal’s microphone off, Portal won’t listen for the wake word, and voice control will be disabled.

What is the company’s known track record of protecting users’ data?


In September 2022, Meta was fined $405M for treatment of childrens' data on Instagram.

In October 2022, Meta Pixel was a cause of a data breach of sensitive healthcare data that hit 3 million patients at Advocate Aurora Health (AAH), a 26-hospital healthcare system in Wisconsin and Illinois.

In October 2022, Meta notified around 1 million users of potential compromise through malicious apps.

In August 2022, private and personal information of over 1.5 billion Facebook users were allegedly being sold on a popular hacking-related forum.

In March 2022, Meta received a $18.6M fine from the Data Protection Commision. The DPC found that Meta Platforms failed to have in place appropriate technical and organisational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data, in the context of the twelve personal data breaches. The decision followed an inquiry by the DPC into a series of twelve data breach notifications it received in the six month period between 7 June 2018 and 4 December 2018.

In October 2021, Facebook's WhatsApp was fined nearly $270 million by Irish authorities for not being transparent about how it uses data collected from people on the service.

In April 2021, it was reported that there was a personal data leak of about 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It included their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and, in some cases, email addresses.

In August 2019, Bloomberg reported that Facebook hired contractors to transcribe audio messages users sent through Messenger and Facebook confirmed the report.

Child Privacy Information

Facebook Child's Safety Centre provides an overview of Facebook Policies about children's safety.

Can this product be used offline?


User-friendly privacy information?


Meta/Facebook has a confusing number of privacy policies and privacy pages and data policy pages that are difficult to navigate and understand.

Links to privacy information

Does this product meet our Minimum Security Standards? information




Portal video calls are encrypted. All Portal WhatsApp calls are end-to-end encrypted and all Portal Facebook Messenger calls are encrypted in-transit. Facebook says that it does not listen to, view or keep the contents of any video or audio calls on your Portal.

Strong password


The Portal requires you to log in with a Facebook account and strong password. You may also set a passcode for the device.

Security updates


Automatic updates are enabled by default.

Manages vulnerabilities


Facebook has a bug bounty program.

Privacy policy


Does the product use AI? information


Facebook runs an AI portal.

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

The Portal has an AI-powered "SmartCamera" feature that tracks you as you move in the video frame during a call. It is done by performing the computer vision (CV) modeling on-device. Portal’s camera does not use facial recognition and does not identify who you are — it uses AI technology to frame a scene. To do this, it determines whether something in the room is or isn’t a person.

Portal also has AI-powered augmented reality features in Messenger and WhatsApp video calling, and in the Photobooth and Storytime apps.

Portal also offers AI-powered voice assistant features. This includes an on-device wake word detection and automatic speech recognition models when a “Hey Portal” wake word is detected.

Is the company transparent about how the AI works?


For added security, Smart Camera uses AI technology that runs locally on Portal, not on Meta servers. Portal's camera does not use facial recognition and does not identify who you are.

Does the user have control over the AI features?


*Privacy Not Included

Dive Deeper

  • Meta Is Killing Off Consumer Versions of the Portal Video-Calling and Streaming Device
    Variety Link opens in a new tab
  • Facebook Doesn’t Know What It Does With Your Data, Or Where It Goes: Leaked Document
    Motherboard: Tech by Vice Link opens in a new tab
  • Meta warns 1 million Facebook users their login info may have been compromised
    The Washington Post Link opens in a new tab
  • Meta Faces Another Lawsuit Over Health Data Privacy Practices
    HealthITSecurity Link opens in a new tab
  • VR Tracking Facial Expressions May Be the Next Privacy Nightmare—Here's Why
    Lifewire Link opens in a new tab
  • Facebook privacy settings to change now
    The Washington Post Link opens in a new tab
  • 533 million Facebook users’ phone numbers, personal information exposed online, report says
    The Washington Post Link opens in a new tab
  • 533 million Facebook users' phone numbers and personal data have been leaked online
    Business Insider Link opens in a new tab
  • Under the hood: Portal's Smart Camera
    Eric Hwang, Peter Vajda, Matt Uyttendaele, Rahul Nallamothu Link opens in a new tab
  • Facebook data privacy scandal: A cheat sheet
    TechRepublic Link opens in a new tab
  • Facebook's new whistleblower is renewing scrutiny of the social media giant
    NPR Link opens in a new tab
  • Facebook won’t even tell you if your data was compromised in the massive breach
    BGR Link opens in a new tab
  • Facebook paid billions extra to the FTC to spare Zuckerberg in data suit, shareholders allege
    Politico Link opens in a new tab
  • Facebook documents show how toxic Instagram is for teens, Wall Street Journal reports
    CNBC Link opens in a new tab
  • Everything We Know About Facebook's Massive Security Breach
    Louise Matsakis and Issie Lapowsky Link opens in a new tab
  • Facebook's new Portal smart displays: Who's listening and what's happening to your data?
    CNET Link opens in a new tab
  • Facebook’s Portal Device Has A Tracking Camera And Knows When You’re Home
    BuzzFeed News Link opens in a new tab
  • Even the Muppets can’t make Facebook Portal seem less creepy
    Fast Company Link opens in a new tab


Got a comment? Let us hear it.