Have AI Glasses Made Anonymity Impossible?

The boundary between public anonymity and digital exposure has never been thinner. In late 2024 and early 2025, two high-profile demonstrations, one by Harvard students and another by Dutch journalist Alexander Klöpping, showed how off-the-shelf AI and consumer smart glasses can instantly identify strangers and surface their personal information in real-time.

Harvard students AnhPhu Nguyen and Caine Ardayfio developed a system called I-XRAY using Meta’s Ray-Ban smart glasses, facial recognition tools like PimEyes, and large language models. Their glasses streamed live video to a computer, which extracted faces and matched them to online images, then cross-referenced public databases to reveal names, addresses, phone numbers, and even relatives- all without the subjects’ knowledge or consent. The process was automated and could deliver results within minutes, using only technology and services already available to the public. Their goal was to highlight the privacy risks, not to commercialize the tool, and they have not released the code.

Similarly, Dutch journalist Alexander Klöpping demonstrated real-time facial recognition glasses on the streets of Amsterdam. His video shows him using AI-powered glasses to scan faces, identify people, and confirm their identities with the individuals themselves. The system’s interface resembled that of PimEyes, and the people he approached appeared surprised by how quickly their identities were revealed. While the authenticity of the video cannot be fully verified, the demonstration sparked widespread debate about the technology’s implications.

Here’s a comprehensive look at both projects, how they work, and what they mean for our collective privacy.

How Does It Work?

• Smart Glasses with Cameras: Devices like Ray-Ban Meta glasses feature discreet, high-resolution cameras capable of live-streaming or recording video.

• Facial Recognition Software: The video feed is processed by AI, which detects faces in the frame and uses services like PimEyes to match them with images scraped from the web.

• Data Aggregation: Once a match is found, AI tools and public databases can quickly assemble dossier names, workplaces, addresses, social media profiles, and relatives delivered to the wearer in seconds.

• No Consent Needed: All this is done without the knowledge or consent of those being scanned, raising profound privacy concerns.

While Meta’s official features do not support direct facial identification, these demonstrations prove that the underlying hardware and publicly available AI tools already make real-time identity recognition possible for anyone with technical skills. The privacy indicator light on Meta’s glasses is often too subtle to notice, making covert data collection easy.

Experts warn that as these devices become more widespread, the line between online and offline identity will blur, and the ability to exist anonymously in public could disappear. The technology’s rapid evolution has outpaced regulation, leaving most people vulnerable to being unknowingly scanned, identified, and profiled simply by walking down the street.

The Harvard I-XRAY Project: Turning Smart Glasses into a Privacy Nightmare

Who: AnhPhu Nguyen and Caine Ardayfio, Harvard College students.

What They Built: I-XRAY, a system that combines Meta’s Ray-Ban smart glasses, facial recognition engines (like PimEyes), large language models (LLMs), and public databases to identify people and uncover personal details, names, addresses, phone numbers, and even relatives-just by looking at them.

Manner of Execution:

• The wearer streams live video from the smart glasses to a computer.

• The system detects faces in the video and then uses facial recognition search engines (primarily PimEyes) to find matching images online.

• Once a match is found, LLMs and data brokers (like FastPeopleSearch) are used to compile personal information, which is then delivered to the wearer’s phone, often in under two minutes.

• The process is fully automated, leveraging recent advances in generative AI to connect names, images, and public records.

Demonstrations: The students tested I-XRAY on Harvard’s campus and in public places like train stations. In viral videos, they greeted strangers by name and referenced personal details, often to the shock (and sometimes horror) of those identified.

Purpose and Ethics: Nguyen and Ardayfio built I-XRAY not to exploit, but to raise awareness about the risks of modern surveillance. They refused to release the source code, citing its potential for abuse, and instead published guides on how people can remove their data from public databases.

Key Takeaways:

• The technology is “astonishingly simple” and can be replicated by anyone with basic technical skills.

• The project highlights how easily consumer devices can be weaponized for automated doxxing and privacy invasion.

• Legal experts and privacy advocates warn that current regulations lag far behind these technological capabilities.

Dutch Journalist Alexander Klöpping: Real-Time Facial Recognition in the Wild

Who: Alexander Klöpping, Dutch journalist and tech commentator.

What He Did: Klöpping donned AI-enabled glasses and walked around Amsterdam’s Zuidas business district, engaging with strangers. The glasses, paired with a facial recognition system resembling PimEyes-scanned faces, identified people in real-time and surfaced their names and employers.

Manner of Execution:

• Klöpping’s glasses captured short video snippets during casual conversations.

• The system processed these clips, matched faces using facial recognition, and displayed personal information in a separate interface, visible in the video demonstration.

• He confirmed the accuracy of the information by asking people directly, often to their surprise.

Impact and Controversy:

• The video went viral, sparking debate about the authenticity of the demonstration. While many believe the tech is real and feasible, some point out that the exact level of sophistication may not yet be commercially available.

• Klöpping’s goal was to “scare the living daylights out of people” and highlight the dangers of combining facial recognition with wearable tech.

• The demonstration underscored that anyone, not just governments or corporations, now has access to powerful surveillance tools.

Why Is This So Alarming?

Erosion of Anonymity in Public

AI-powered smart glasses fundamentally undermine the ability to remain anonymous in public spaces. With discreet cameras and real-time facial recognition, anyone wearing these glasses can instantly identify and profile strangers, making it nearly impossible to simply “blend in” or move through the world without being scanned, tagged, and tracked. This blurs the line between our online and offline lives, as our physical presence becomes as searchable and exposed as our digital footprint.

Non-Consensual Data Collection

A core privacy principle is meaningful, informed consent, yet these technologies bypass consent entirely. Under the EU’s GDPR and similar privacy laws, processing biometric data like facial images requires explicit consent, which is practically impossible to obtain from random passersby in public. Legal experts argue that consumer smart glasses with facial recognition are fundamentally incompatible with these data protection frameworks, especially when used outside controlled environments.

Legal and Regulatory Gaps

While the EU AI Act introduces strict limitations, including a general ban on real-time remote biometric identification in public spaces except for narrow law enforcement exceptions, enforcement is inconsistent, and private individuals or companies often fall through regulatory cracks. In the US, there is no comprehensive federal law regulating facial recognition in public, leaving most people unprotected except in a few states with biometric privacy laws like Illinois. This legal vacuum enables widespread, unregulated use and potential abuse.

Risks of Misuse and Harm

The technology can be weaponized for stalking, harassment, identity theft, or doxxing, especially targeting vulnerable groups such as women and minorities. For example, a tool like PimEyes can reveal names, addresses, and even family connections in seconds, exposing individuals to manipulation, fraud, or physical danger. Facial recognition systems also have a poor track record with accuracy for people with darker skin, increasing the risk of misidentification and wrongful targeting.

Data Security and Irreversible Breaches

Unlike passwords, faces cannot be changed. Data breaches involving facial recognition data are particularly dangerous, as compromised biometric information can enable lifelong identity theft or harassment. The storage and sharing of this sensitive data are sometimes even used to train AI models with additional risks of unauthorized access and misuse.

Insufficient Safeguards and Transparency

Built-in privacy features, such as recording indicator LEDs, are often too subtle to notice or can be easily bypassed, leaving bystanders unaware they are being recorded or scanned. There is no reliable way for the public to know when or how their data is being captured, processed, or stored, undermining trust and transparency in public interactions.

Chilling Effects on Society

The pervasive threat of being identified, profiled, or tracked in real-time can have a chilling effect on free expression and assembly. People may avoid protests, sensitive locations, or even routine public activities out of fear of surveillance or exposure, disproportionately impacting marginalized and at-risk communities.

AI-powered smart glasses represent a profound shift in the privacy landscape. They enable covert, automated surveillance and identification in everyday life, bypassing consent and outpacing current legal protections. The risks range from stalking and misidentification to chilling effects on public life, immediate and severe, demanding urgent attention from regulators, technology companies, and society at large.

Anyone with basic skills and off-the-shelf tech can now identify strangers in public and access their personal data in seconds.

What Can Be Done?

Public Awareness and Empowerment

Both the Harvard and Dutch journalist studies were designed to spark public debate and empower individuals to take action. Raising awareness about the risks of AI-powered facial recognition is crucial: people need to understand how their images and data are collected, processed, and potentially misused. Campaigns like “Reclaim Your Face” in Europe mobilize communities to demand bans on biometric mass surveillance and educate citizens on how to remove their images from data broker sites and facial recognition search engines. Resources and digital tools can help individuals check where facial recognition is deployed in their communities and provide practical steps for opting out of data collection when possible.

Policy, Regulation, and Enforcement

There is an urgent need for robust legal frameworks and technical safeguards to address the convergence of AI, facial recognition, and wearable technologies. The EU AI Act marks a significant step by banning real-time remote biometric identification in public spaces for most uses, with only narrow exceptions for serious law enforcement needs and with judicial or administrative authorization. The Act also prohibits indiscriminate scraping of facial images from the internet to build recognition databases and requires AI providers to demonstrate compliance with strict codes of practice and risk assessments. However, enforcement and oversight must be strengthened, and similar comprehensive legislation is needed in other jurisdictions, particularly in the US, where federal regulation is lacking. Civil society organizations and advocacy groups play a vital role in pushing for clear boundaries on biometric surveillance and holding both governments and corporations accountable.

We’re not just online anymore. We are the data.

Ethical and Privacy-Centric Design

Developers and companies must embed privacy by design and by default into all stages of wearable and AI system development. This includes:

• Conducting data protection and privacy impact assessments before deploying new technologies.

• Implementing privacy-enhancing features such as anonymization, pseudonymization, and user-centric privacy controls by default.

• Ensuring transparency about how data is collected, processed, and stored gives users granular control over their information.

• Adopting ethical codes of conduct for facial recognition technology, prioritizing accuracy, impartiality, and the minimization of bias and misidentification.

• Regularly updating security measures to address vulnerabilities and prevent unauthorized access or misuse of sensitive biometric data.

Ongoing Oversight and Adaptation

Given the rapid evolution of AI and wearable tech, continuous oversight and adaptation of both technical and legal safeguards are essential. Regulatory bodies and independent data protection authorities should regularly review and update guidelines, monitor compliance, and respond swiftly to new risks as the technology and its applications evolve. Engaging a broad range of stakeholders, civil society, technologists, ethicists, and affected communities in the policy-making process will help ensure that regulations remain relevant and effective.

Protecting privacy in the age of AI-powered smart glasses requires a multi-layered approach: empowering the public, enacting and enforcing strong legal safeguards, embedding ethics and privacy into technology design, and maintaining vigilant oversight as new risks emerge. Only through coordinated action can we preserve fundamental rights and autonomy in public spaces.

Neven Dujmovic, April 2025

References:

• Study examines the need to balance innovation and privacy in facial recognition, https://www.biometricupdate.com/202502/study-examines-the-need-to-balance-innovation-and-privacy-in-facial-recognition

• Are We Ready For This? Dutch Journalist Demonstrates ‘Real-Time AI Facial Recognition’, https://thebrewnews.com/thebrew-news/dutch-journalist-demonstrates-real-time-ai-facial-recognition/

• Students created a way to access personal info via AI and smart glasses, https://www.morningbrew.com/stories/students-access-personal-info-via-smart-glasses

• Are face-scanning smart glasses a problem or prophecy?, https://www.context.news/ai/are-face-scanning-smart-glasses-a-problem-or-prophecy

• Reclaim Your Face, https://reclaimyourface.eu/

#ArtificialIntelligence #AI #Innovation #Privacy #Ethics #AIEthics #SmartGlasses #AISmartGlasses #FacialRecognition #GDPR #EUAIAct #DataProtection #PrivacyByDesign #Identification #Biometric #PrivacyLaws