Warning: *Privacy Not Included with this product
Ray-Ban Facebook Stories
Well, this sounds like a potential privacy nightmare. Ray-Ban teamed up with Facebook to sell glasses with two cameras and three microphones built-in that connect to the Facebook View app and, with a voice command, can record what you're seeing and hearing. Then those recordings can be share to "Facebook, Instagram, WhatsApp, Messenger, Twitter, TikTok, Snapchat and more." Yikes!!! These very creepy smart glasses come in 20 different variations of styles and colors. They also come in a range of lenses including clear, sun, transition and prescription. We're not at all sure the world needs people walking around in sunglasses that share what you see and hear with Facebook. Nope, don't think the world needs that at all.
What could happen if something goes wrong?
Meta (formerly Facebook) joined with popular sunglasses maker Ray-Ban to make these smart sunglasses. That means two companies, multiple privacy policies, and a good deal of headache in trying to figure out what privacy concerns exist for these smart sunglasses. Fun!
Here’s what we were able to figure out in this privacy policy rat's nest. First, as far as we can tell Ray-Ban’s privacy practices don't worry us nearly as much as Meta’s do. Ray-Ban’s privacy policy covers their websites and other apps and platforms, which we assume includes these glasses. They do say they work with third-party advertising companies for interest-based targeted advertising, which isn’t great to know they are tracking you around the internet.
Meta/Facebook and the Facebook View app these glasses use is the real privacy nightmare here. According to the privacy policies we found that govern the privacy practices of these glasses, there’s the Facebook View privacy policy and Meta/Facebook’s overall privacy policy. And boy howdy! Those things are bad.
Meta/Facebook has a very long history of betraying users' privacy and trust. They've faced record fines around the world for this and have been caught hiding data leaks from their users. In April 2021, it was reported the personal information of more than 500 million Facebook users was shared online in a massive data leak. Then there was the 2022 admission that over one million Facebook users’ login info may have been compromised due to malicious apps stealing data through the Facebook third-party login (hey, Meta/Facebook did announce this themselves, so, good for them). All this this coupled with with the Facebook whistleblower testimony in 2021 to the US Congress that outlined the harms Meta/Facebook causes and the dishonest way they approach dealing with these harms and Meta/Facebook appears to be one of most immoral companies we review in *Privacy Not Included.
This is the starting point for smart glasses you put on your face that include cameras and microphones and a way to share everything to social media through the Facebook View app. It is well established that Meta/Facebook collects and shares a huge amount of personal data on their users and doesn’t always secure that data properly. That alone makes these smart glasses a huge privacy concern.
To use the Facebook View app with these smart glasses, you’re required to have a Facebook account So, you’re gonna be sharing lots of your data with a company with a horrible track record at protecting and respecting the heaps of data these smart glasses can collect. And good luck figuring out which of the Meta/Facebook, Supplemental Facebook View app, Ray-Bay and their parent company Luxottica privacy policies apply to you when you use the Ray-Ban Stories smart glasses.. It’s pretty confusing trying to sort all that out. Which makes sense when you read that Meta/Facebook’s own engineers struggle to keep track of, control, and explain the use of all the data Meta/Facebook collects.
And Meta says their Facebook View app can collect a whole lot of data on you from these smart glasses. Things like photos, videos, metadata such as the dates and times you created or uploaded this content, information about the sensors used on these glasses, device IDs, and information such as the number of photos and videos captured, the time spent taking videos, the method you use to share photos and videos, and the average length of videos captured. And then there are those voice requests you can make through the smart glasses and the app. Meta describes those voice interactions as “things you say when using our voice services, including when voice services are mistakenly invoked, as well as any background sound that can be heard once voice services are enabled.” So, what you say, what you say that Meta mistakenly listens to, and even background conversations that can be heard when the voice services are used and all potentially recorded, processed, transcribed and even perhaps used to train AI or reviewed by human reviewers Yikes! Also, nope!
Beyond all of these very serious privacy concerns, there’s another, perhaps even bigger privacy concern that must be considered. Meta/Facebook and Mark Zuckerberg seem quite obsessed with owning the real estate on our faces for the augmented reality and virtual reality metaverse of the future. But what does it mean when a person puts cameras and microphones on their face and points them out at the world? How do you know if you’re being recorded by these glasses? Mea says there’s a little LED light that shows they are recording, but some privacy regulators worry that isn’t enough to protect people from unknown recording. And what if you don’t want to be recorded? Or surveilled? How do you opt out of being recorded? We don’t see a way and many others have the same concerns. Meta has built in some privacy protections, which, yay!, but the question is, are they enough? The answer seems to be no, because Meta has mostly put the onus on wearers of these glasses to be responsible with them.
As for what data is shared between Ray-Ban’s parent company Luxottica and Facebook, well, here’s what we can tell you. The Meta/Facebook privacy policy says, “Luxottica does not collect information directly from your use of the Glasses and the App.” However, any information you provide directly to Luxottica is theirs. And they say the two companies can exchange personal information such as name, email, Facebook account information with each other to help resolve customer service issues. Finally, Meta says, “we also exchange aggregated information and insights with Luxottica relating to marketing, usage, sales, and post-sale activities.” So, yes, some of your information is shared back and forth between the companies. Which isn’t great, but still, we think all the crazy amounts of voice, visual, location, and meta data Meta collects is by far the biggest privacy concern here.
What’s the worst that could happen with the smart glasses? Well, we’re afraid a lot. The question comes down to, does Meta have your best interests at heart when it collects all the data these smart glasses, and Facebook View app are capable of collecting? From Cambridge Analytica to where we are today with Mark Zuckerberg’s hopes for the metaverse, the answer to that question is a resounding NO. Couple that with the ethical questions surrounding surveillance and being recorded without consent and we're afraid these glasses comes with *Privacy Not Included.
One more note on Meta from a privacy researcher’s point of view. Trying to read through Ray-Ban's and Meta's crazy network of privacy policies, privacy FAQs, privacy statements, privacy notices, and supplemental privacy documentation for their vast empire is a nightmare. There’s so many documents that link to other documents that link back even more documents that understanding and making sense of Meta's actual privacy practices feels almost impossible. We wonder if this is by design, to confuse us all so we just give up? Or, if maybe even Meta's own employees possibly don’t know and understand the vast network of privacy policies and documentation they have living all over the place? Regardless, this privacy researcher would love to see Meta do better when it comes to making their privacy policies accessible to the consumers they impact.
Tips to protect yourself
- Set up two-factor authentication
- Set up login alerts
- Minimize the amount of data shared with your Facebook account
- Set up your Facebook account's privacy settings
- Check Meta Portal privacy settings
- Keep your location data private
- Stop data collection by Meta's partners
- Note that when sharing data with third-parties services, the third-party privacy policy applies.
- You can disable the camera and built-in microphone on Portal with a single tap or with a sliding switch. A red light next to the lens indicates the camera and microphone are off
- When starting a sign-up, do not agree to tracking of your data
- Do not sign up with third-party accounts. Better just log in with email and strong password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data."
Can it snoop on me?
Camera
Device: Yes
App: No
Microphone
Device: Yes
App: No
Tracks location
Device: No
App: Yes
What can be used to sign up?
No
Phone
No
Third-party account
Yes
Facebook account is required
What data does the company collect?
Personal
Name, email address, password. When the cameras and microphones are activated on the Glasses, they collect photo and video recordings.
Body related
Voice clips are recorded and can be sent back to Facebook when you say "Hey Facebook."
Social
Contacts (optional, when you share content)
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
In September 2022, Meta was fined $405M for treatment of childrens' data on Instagram.
In October 2022, Meta Pixel was a cause of a data breach of sensitive healthcare data that hit 3 million patients at Advocate Aurora Health (AAH), a 26-hospital healthcare system in Wisconsin and Illinois.
In October 2022, Meta notified around 1 million users of potential compromise through malicious apps.
In August 2022, private and personal information of over 1.5 billion Facebook users were allegedly being sold on a popular hacking-related forum.
In March 2022, Meta received a $18.6M fine from the Data Protection Commision. The DPC found that Meta Platforms failed to have in place appropriate technical and organisational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data, in the context of the twelve personal data breaches. The decision followed an inquiry by the DPC into a series of twelve data breach notifications it received in the six month period between 7 June 2018 and 4 December 2018.
In October 2021, Facebook's WhatsApp was fined nearly $270 million by Irish authorities for not being transparent about how it uses data collected from people on the service.
In April 2021, it was reported that there was a personal data leak of about 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It included their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and, in some cases, email addresses.
In August 2019, Bloomberg reported that Facebook hired contractors to transcribe audio messages users sent through Messenger and Facebook confirmed the report.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
There are multiple and confusing privacy policies for this product. It's also hard to tell which privacy policies apply to the product across Ray-Ban and Meta/Facebook.
Links to privacy information
Does this product meet our Minimum Security Standards?
Encryption
People’s photos and videos are encrypted on the glasses using Android file-based encryption.
Strong password
Two-factor authentication is encouraged.
Security updates
Both app and glasses
Manages vulnerabilities
A bug bounty program is in place.
Privacy policy
When you set up your Ray-Ban Stories glasses, you have the option to turn on Facebook Assistant, a voice assistant that enables a hands-free way to capture photos and videos.
Is this AI untrustworthy?
What kind of decisions does the AI make about you or for you?
Is the company transparent about how the AI works?
Does the user have control over the AI features?
Dive Deeper
-
Facebook Doesn’t Know What It Does With Your Data, Or Where It Goes: Leaked DocumentMotherboard: Tech by Vice
-
Meta’s VR Headset Harvests Personal Data Right Off Your FaceWired
-
Why you shouldn’t buy Facebook Ray-Ban smart glassesAccess Now
-
Meta warns 1 million Facebook users their login info may have been compromisedThe Washington Post
-
Designed for privacy, controlled by you.Facebook
-
Ray-Ban Stories let you wear Facebook on your face. But why would you want to?The Conversation
-
Meta Faces Another Lawsuit Over Health Data Privacy PracticesHealthITSecurity
-
Listen: Next in Tech | Episode 38: Datacenter and Infrastructure Markets in ChinaS&P Global
-
Facebook warned over 'very small' indicator LED on smart glasses, as EU DPAs flag privacy concernsTechCrunch
-
Why Facebook is using Ray-Ban to stake a claim on our facesMIT Technology Review
-
Guide to Ray-Ban Stories: Bystander Privacy in a World of Wearable CamerasConnect Safely
-
Ray-Ban Stories, aka Facebook Glasses, are a privacy nightmareInput Magazine
-
Facebook Is Making Camera Glasses, Ha Ha Oh NoBuzzFeed News
Comments
Got a comment? Let us hear it.