A pair of second-generation Ray-Ban Meta smart glasses are seen on display during Meta Connect … [+]
Two students at Harvard University have connected Meta’s Ray-Ban smart glasses to a facial recognition system that instantly identifies strangers in public, finds their personal information, and can be used to approach them and earn their trust. They call it I-XRAY and have demonstrated its disturbing power to pick up phone numbers, addresses and even social security numbers in live tests.
“We stream the video from the glasses directly to Instagram, and we have a computer program that monitors the stream,” AnhPhy Nguyen says in a demo video on X. “We use AI to detect when we’re looking at someone’s face, then we scour the internet to find more many photos of that person. Finally, we use data sources such as online articles and voter registration databases to find their name, phone number, home address, and names of relatives.”
Nguyen and fellow Harvard student Caine Ardayfio then relay that information to an app on their phones.
“Using our glasses, we were able to identify dozens of people, including Harvard students, without them ever knowing,” says Ardayfio.
The system is perfect for scammers because it reveals information about people that strangers wouldn’t have the usual means of knowing, such as their jobs and volunteer affiliations, which students then use to engage in conversational topics.
In the wrong hands, this can easily lead to dangerous or compromising situations: imagine a sexual predator gaining the trust of a target by pretending to know him and claiming to have met him at a past event. Most of us have fairly vague memories of events from years ago, so if someone claims to have met us, knows our name and a few facts about us, we’re likely to believe them and engage with them, offered at least some confidence.
That’s exactly what two Harvard students did with a woman associated with the Cambridge Community Foundation, saying they met there. The woman buys it, gets engaged and shakes Ardayfio’s hand. They also approach a man who works for minority rights in India and gain his trust and tell a girl they meet on campus her current home address. For another woman, they guess her parents’ names and get them right.
The technology required is fairly trivial and readily available:
- Meta Ray-Ban 2 smart glasses
- Pimeyes facial recognition search engine
- Open Data Mining Models LLM
- FastPeopleSearch for home address searches
- Cloaked.com for social security number searches
Of course, since this was only a demonstration of the system’s capability, nothing further happened. But the potential for abuse is obvious.
“Are we ready for a world where our data is exposed at a glance?” Nguyen asks.
Clearly, the answer is no: we usually have an expectation of anonymity in public places and crowds that is no longer guaranteed. If two students can hack together such a powerful doxxing technology in their spare time, what can national governments or even large corporations do?
“Initially started as a side project, I-XRAY quickly raised important privacy concerns,” say the two students. “This tool was not built for abuse and we are not releasing it.”
Privacy in public may be dead, but students have some suggestions to restore at least some of it:
- Remove yourself from facial recognition databases like Pimeyes and Facecheck ID
- Remove yourself from people search engines like FastPeopleSearch, CheckThem and others
- Add two-factor authentication to any financial or other highly private accounts
Realistically, it could protect you from two Harvard students who hacked together a solution. But it probably won’t do much against large organizations or nations that have a strong interest in knowing too much about each of us in public.