Ray-Ban Facebook Stories

Warning: *privacy not included with this product

Wearables Smart Glasses & AR Headsets

Ray-Ban Facebook Stories

Ray-Ban & Facebook
Wi-Fi Bluetooth

Review date: Nov. 9, 2022

|
Mozilla researched 10 hours
|

Mozilla says

|
People voted: Super creepy

Well, this sounds like a potential privacy nightmare. Ray-Ban teamed up with Facebook to sell glasses with two cameras and three microphones built-in that connect to the Facebook View app and, with a voice command, can record what you're seeing and hearing. Then those recordings can be share to "Facebook, Instagram, WhatsApp, Messenger, Twitter, TikTok, Snapchat and more." Yikes!!! These very creepy smart glasses come in 20 different variations of styles and colors. They also come in a range of lenses including clear, sun, transition and prescription. We're not at all sure the world needs people walking around in sunglasses that share what you see and hear with Facebook. Nope, don't think the world needs that at all.

What could happen if something goes wrong?

Meta (formerly Facebook) joined with popular sunglasses maker Ray-Ban to make these smart sunglasses. That means two companies, multiple privacy policies, and a good deal of headache in trying to figure out what privacy concerns exist for these smart sunglasses. Fun!

Here’s what we were able to figure out in this privacy policy rat's nest. First, as far as we can tell Ray-Ban’s privacy practices don't worry us nearly as much as Meta’s do. Ray-Ban’s privacy policy covers their websites and other apps and platforms, which we assume includes these glasses. They do say they work with third-party advertising companies for interest-based targeted advertising, which isn’t great to know they are tracking you around the internet.

Meta/Facebook and the Facebook View app these glasses use is the real privacy nightmare here. According to the privacy policies we found that govern the privacy practices of these glasses, there’s the Facebook View privacy policy and Meta/Facebook’s overall privacy policy. And boy howdy! Those things are bad.

Meta/Facebook has a very long history of betraying users' privacy and trust. They've faced record fines around the world for this and have been caught hiding data leaks from their users. In April 2021, it was reported the personal information of more than 500 million Facebook users was shared online in a massive data leak. Then there was the 2022 admission that over one million Facebook users’ login info may have been compromised due to malicious apps stealing data through the Facebook third-party login (hey, Meta/Facebook did announce this themselves, so, good for them). All this this coupled with with the Facebook whistleblower testimony in 2021 to the US Congress that outlined the harms Meta/Facebook causes and the dishonest way they approach dealing with these harms and Meta/Facebook appears to be one of most immoral companies we review in *Privacy Not Included.

This is the starting point for smart glasses you put on your face that include cameras and microphones and a way to share everything to social media through the Facebook View app. It is well established that Meta/Facebook collects and shares a huge amount of personal data on their users and doesn’t always secure that data properly. That alone makes these smart glasses a huge privacy concern.

To use the Facebook View app with these smart glasses, you’re required to have a Facebook account So, you’re gonna be sharing lots of your data with a company with a horrible track record at protecting and respecting the heaps of data these smart glasses can collect. And good luck figuring out which of the Meta/Facebook, Supplemental Facebook View app, Ray-Bay and their parent company Luxottica privacy policies apply to you when you use the Ray-Ban Stories smart glasses.. It’s pretty confusing trying to sort all that out. Which makes sense when you read that Meta/Facebook’s own engineers struggle to keep track of, control, and explain the use of all the data Meta/Facebook collects.

And Meta says their Facebook View app can collect a whole lot of data on you from these smart glasses. Things like photos, videos, metadata such as the dates and times you created or uploaded this content, information about the sensors used on these glasses, device IDs, and information such as the number of photos and videos captured, the time spent taking videos, the method you use to share photos and videos, and the average length of videos captured. And then there are those voice requests you can make through the smart glasses and the app. Meta describes those voice interactions as “things you say when using our voice services, including when voice services are mistakenly invoked, as well as any background sound that can be heard once voice services are enabled.” So, what you say, what you say that Meta mistakenly listens to, and even background conversations that can be heard when the voice services are used and all potentially recorded, processed, transcribed and even perhaps used to train AI or reviewed by human reviewers Yikes! Also, nope!

Beyond all of these very serious privacy concerns, there’s another, perhaps even bigger privacy concern that must be considered. Meta/Facebook and Mark Zuckerberg seem quite obsessed with owning the real estate on our faces for the augmented reality and virtual reality metaverse of the future. But what does it mean when a person puts cameras and microphones on their face and points them out at the world? How do you know if you’re being recorded by these glasses? Mea says there’s a little LED light that shows they are recording, but some privacy regulators worry that isn’t enough to protect people from unknown recording. And what if you don’t want to be recorded? Or surveilled? How do you opt out of being recorded? We don’t see a way and many others have the same concerns. Meta has built in some privacy protections, which, yay!, but the question is, are they enough? The answer seems to be no, because Meta has mostly put the onus on wearers of these glasses to be responsible with them.

As for what data is shared between Ray-Ban’s parent company Luxottica and Facebook, well, here’s what we can tell you. The Meta/Facebook privacy policy says, “Luxottica does not collect information directly from your use of the Glasses and the App.” However, any information you provide directly to Luxottica is theirs. And they say the two companies can exchange personal information such as name, email, Facebook account information with each other to help resolve customer service issues. Finally, Meta says, “we also exchange aggregated information and insights with Luxottica relating to marketing, usage, sales, and post-sale activities.” So, yes, some of your information is shared back and forth between the companies. Which isn’t great, but still, we think all the crazy amounts of voice, visual, location, and meta data Meta collects is by far the biggest privacy concern here.

What’s the worst that could happen with the smart glasses? Well, we’re afraid a lot. The question comes down to, does Meta have your best interests at heart when it collects all the data these smart glasses, and Facebook View app are capable of collecting? From Cambridge Analytica to where we are today with Mark Zuckerberg’s hopes for the metaverse, the answer to that question is a resounding NO. Couple that with the ethical questions surrounding surveillance and being recorded without consent and we're afraid these glasses comes with *Privacy Not Included.

One more note on Meta from a privacy researcher’s point of view. Trying to read through Ray-Ban's and Meta's crazy network of privacy policies, privacy FAQs, privacy statements, privacy notices, and supplemental privacy documentation for their vast empire is a nightmare. There’s so many documents that link to other documents that link back even more documents that understanding and making sense of Meta's actual privacy practices feels almost impossible. We wonder if this is by design, to confuse us all so we just give up? Or, if maybe even Meta's own employees possibly don’t know and understand the vast network of privacy policies and documentation they have living all over the place? Regardless, this privacy researcher would love to see Meta do better when it comes to making their privacy policies accessible to the consumers they impact.

Tips to protect yourself

  • Set up two-factor authentication
  • Set up login alerts
  • Minimize the amount of data shared with your Facebook account
  • Set up your Facebook account's privacy settings
  • Check Meta Portal privacy settings
  • Keep your location data private
  • Stop data collection by Meta's partners
  • Note that when sharing data with third-parties services, the third-party privacy policy applies.
  • You can disable the camera and built-in microphone on Portal with a single tap or with a sliding switch. A red light next to the lens indicates the camera and microphone are off
  • When starting a sign-up, do not agree to tracking of your data
  • Do not sign up with third-party accounts. Better just log in with email and strong password.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data."
  • mobile

Can it snoop on me? information

Camera

Device: Yes

App: No

Microphone

Device: Yes

App: No

Tracks location

Device: No

App: Yes

What can be used to sign up?

Facebook account is required

What data does the company collect?

How does the company use this data?

Meta receives data on its users from "third parties incl. advertisers and third-party data providers who have the rights to provide us with your information", whether users have Facebook account or not:
"Advertisers, app developers, and publishers can send us information through Meta Business Tools they use, including our social plug-ins (such as the Like button), Facebook Login, our APIs and SDKs, or the Meta pixel. These partners provide information about your activities off of our Products—including information about your device, websites you visit, purchases you make, the ads you see, and how you use their services—whether or not you have an account or are logged into our Products. For example, a game developer could use our API to tell us what games you play, or a business could tell us about a purchase you made in its store.We also receive information about your online and offline actions and purchases from third-party data providers who have the rights to provide us with your information."

Video calls content is not used for advertisement: "Facebook does not listen to, view or keep the contents of your Portal video calls. This means nothing you say on a Portal video call is accessed by Facebook or used for advertising."

Facebook says it does not sell any of your information to anyone, and never will. However, it shares data with numerous third parties such as partners who use their analytics services, advertisers, measurement partners, partners offering goods and services in Facebook products, vendors and service providers, researchers and academics, law enforcement, and legal requests.

Meta/Facebook is using data to help third parties provide and measure advertisement: "We use the information we have (including your activity off our Products, such as the websites you visit and ads you see) to help advertisers and other partners measure the effectiveness and distribution of their ads and services, and understand the types of people who use their services and how people interact with their websites, apps, and services. Learn how we share information with these partners. "

Facebook says that it does not use voice data for targeted ads. However, the metadata about your Portal usage – how often you make video calls or use in-call apps or features – can be used to target you with advertisements across the Facebook advertisement network..

In addition, Facebook collects personal data from its partners. These partners provide information about your activities off Facebook — including information about your device, websites you visit, purchases you make, the ads you see, and how you use their services—whether or not you have a Facebook account or are logged into Facebook.

Facebook shares information it collects on Portal with independent apps and services that integrate with Portal. This may include information about a user’s Portal device, such as device name, IP address, and zip code, as well as other information to help them provide the services requested by the user (for example, the text and subject of their voice commands to the app, service or integration through “Hey Portal”). The information collected by these independent apps, services, or integrations is subject to their own terms and policies.

How can you control your data?

It is unclear if all users regardless of location can get their data deleted.

Facebook mentions GDPR and CCPA right to delete data.

"We store data until it is no longer necessary to provide our services and Meta Products, or until your account is deleted - whichever comes first. This is a case-by-case determination that depends on things like the nature of the data, why it is collected and processed, and relevant legal or operational retention needs. For example, when you search for something on Facebook, you can access and delete that query from within your search history at any time, but the log of that search is deleted after 6 months. If you submit a copy of your government-issued ID for account verification purposes, we delete that copy 30 days after review, unless otherwise stated. Learn more about deletion of content you have shared and cookie data obtained through social plugins.

When you delete your account, we delete things you have posted, such as your photos and status updates, and you won't be able to recover that information later. Information that others have shared about you isn't part of your account and won't be deleted. If you don't want to delete your account but want to temporarily stop using the Products, you can deactivate your account instead. To delete your account at any time, please visit the Facebook Settings and Instagram Settings. "

Facebook Assistant activates when it hears “Hey Portal” and gives you a visual confirmation at the bottom of the screen. When your Portal hears the wake word, it will start to record your voice interaction and send it to Facebook servers in real-time to respond to your request. When you turn Portal’s microphone off, Portal won’t listen for the wake word, and voice control will be disabled.

What is the company’s known track record of protecting users’ data?

Bad

In September 2022, Meta was fined $405M for treatment of childrens' data on Instagram.

In October 2022, Meta Pixel was a cause of a data breach of sensitive healthcare data that hit 3 million patients at Advocate Aurora Health (AAH), a 26-hospital healthcare system in Wisconsin and Illinois.

In October 2022, Meta notified around 1 million users of potential compromise through malicious apps.

In August 2022, private and personal information of over 1.5 billion Facebook users were allegedly being sold on a popular hacking-related forum.

In March 2022, Meta received a $18.6M fine from the Data Protection Commision. The DPC found that Meta Platforms failed to have in place appropriate technical and organisational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data, in the context of the twelve personal data breaches. The decision followed an inquiry by the DPC into a series of twelve data breach notifications it received in the six month period between 7 June 2018 and 4 December 2018.

In October 2021, Facebook's WhatsApp was fined nearly $270 million by Irish authorities for not being transparent about how it uses data collected from people on the service.

In April 2021, it was reported that there was a personal data leak of about 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It included their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and, in some cases, email addresses.

In August 2019, Bloomberg reported that Facebook hired contractors to transcribe audio messages users sent through Messenger and Facebook confirmed the report.

Child Privacy Information

Facebook Child's Safety Centre provides an overview of Facebook Policies about children safety.

Can this product be used offline?

No

User-friendly privacy information?

No

There are multiple and confusing privacy policies for this product. It's also hard to tell which privacy policies apply to the product across Ray-Ban and Meta/Facebook.

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

People’s photos and videos are encrypted on the glasses using Android file-based encryption.

Strong password

Yes

Two-factor authentication is encouraged.

Security updates

Yes

Both app and glasses

Manages vulnerabilities

Yes

A bug bounty program is in place.

Privacy policy

Yes

Does the product use AI? information

Yes

When you set up your Ray-Ban Stories glasses, you have the option to turn on Facebook Assistant, a voice assistant that enables a hands-free way to capture photos and videos.

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Voice recognition is used by voice assistant. In addition, camera processing is run by machine learning models.

Is the company transparent about how the AI works?

Yes

Does the user have control over the AI features?

Yes

*privacy not included

Dive Deeper

  • Facebook Doesn’t Know What It Does With Your Data, Or Where It Goes: Leaked Document
    Motherboard: Tech by Vice
  • Meta’s VR Headset Harvests Personal Data Right Off Your Face
    Wired
  • Why you shouldn’t buy Facebook Ray-Ban smart glasses
    Access Now
  • Meta warns 1 million Facebook users their login info may have been compromised
    The Washington Post
  • Designed for privacy, controlled by you.
    Facebook
  • Ray-Ban Stories let you wear Facebook on your face. But why would you want to?
    The Conversation
  • Meta Faces Another Lawsuit Over Health Data Privacy Practices
    HealthITSecurity
  • Listen: Next in Tech | Episode 38: Datacenter and Infrastructure Markets in China
    S&P Global
  • Facebook warned over 'very small' indicator LED on smart glasses, as EU DPAs flag privacy concerns
    TechCrunch
  • Why Facebook is using Ray-Ban to stake a claim on our faces
    MIT Technology Review
  • Guide to Ray-Ban Stories: Bystander Privacy in a World of Wearable Cameras
    Connect Safely
  • Ray-Ban Stories, aka Facebook Glasses, are a privacy nightmare
    Input Magazine
  • Facebook Is Making Camera Glasses, Ha Ha Oh No
    BuzzFeed News

Comments

Got a comment? Let us hear it.