You’re sitting at a train station. Someone walks up, calls you by your name, and asks how your parents, John and Susan, are doing back at your childhood home in Ohio. You’ve never met this person. They aren't a stalker from your past or a long-lost relative. They’re just wearing a pair of sunglasses.
This isn’t a scene from a low-budget sci-fi flick. It actually happened.
What Really Happened with the I-XRAY Project
Back in late 2024, two Harvard students, AnhPhu Nguyen and Caine Ardayfio, basically turned a pair of off-the-shelf Meta Ray-Ban smart glasses into a portable doxing machine. They called the project I-XRAY. Honestly, the most terrifying part wasn't some high-tech "hacking" of the hardware. It was how they just glued together tools that already exist and are available to anyone with a credit card and an internet connection.
They didn't break into Meta’s servers. They didn't rewrite the glasses’ firmware.
Instead, they live-streamed the video feed from the glasses to Instagram. A computer program then monitored that stream. When it saw a face, it took a screenshot and fed it into PimEyes, a terrifyingly accurate reverse-image search engine. Within seconds, the system found other photos of that person online. Then, it handed those results to a Large Language Model (LLM)—think ChatGPT on steroids—to scour public databases like FastPeopleSearch.
The result? In about 60 seconds, the students had a name, a home address, phone numbers, and even the names of relatives popping up on their phones.
The Harvard Students Meta Glasses Controversy
People got scared. Rightfully so. When Nguyen posted a video of the tech in action on X (formerly Twitter), it racked up millions of views almost overnight. You can see him in the video walking up to strangers in the Boston area, pretending he knows them from some foundation or shared interest.
The strangers smile. They shake his hand. They feel safe because he knows "details" about them. That’s the "social engineering" side of this that most people overlook. It’s not just about data; it’s about how that data can be used to manufacture trust instantly.
"Are we ready for a world where our data is exposed at a glance?" Nguyen asked.
Meta’s response was predictable. They basically said, "Hey, don't blame the glasses." They pointed out that this could be done with any camera—a phone, a hidden button cam, or a GoPro. But let’s be real. There’s a huge difference between someone pointing a smartphone at your face and someone wearing Ray-Bans that look like every other pair of glasses on the street.
The Ray-Ban Meta Smart Glasses are specifically designed to be inconspicuous. While they have a small LED light that glows when recording, it’s tiny. In bright sunlight or a crowded subway, you’re never going to notice it.
👉 See also: Triangle Geometry: Why the Three-Sided Polygon is Actually the Strongest Shape in the World
How the Tech Stack Worked
It’s worth breaking down exactly how they did this because it shows why our current privacy laws are kind of a joke.
- Hardware: Meta Ray-Ban Smart Glasses ($300).
- Streaming: Instagram Live (used as the data pipe).
- Facial Recognition: PimEyes (scans the open web for matches).
- Data Aggregation: LLMs + FastPeopleSearch (finds the "meat" like addresses and SSN fragments).
Nguyen and Ardayfio weren't trying to become supervillains. They’re actually engineering students who do this for "project-based learning." They’ve done dozens of projects, but this one struck a nerve because it proved that the "privacy" we think we have in public is an illusion.
Why You Can't Just "Opt Out" Easily
After the backlash, the students didn't release the code. They said it was "too dangerous." Instead, they pivoted to helping people protect themselves. They released a guide on how to scrub your data from the very sites they used.
But here’s the kicker: it’s a game of whack-a-mole. You can ask PimEyes to stop indexing your face. You can go to FastPeopleSearch and request a takedown. But there are dozens of other sites doing the same thing. In some states, like Illinois, there are biometric privacy laws (BIPA) that make this kind of data scraping illegal without consent. But in most of the U.S.? It’s the Wild West.
The Future of "In Real Life" Social Networks
Interestingly, by April 2025, the duo was working on something new. They started talking about a wearable necklace with a camera. The idea was to create a "voluntary" social network where the tech scans faces to connect people who want to be found.
It’s a weird flip. They went from showing us how scary surveillance is to trying to use that same tech to "fix" loneliness. It’s a classic Silicon Valley move—solve a problem created by tech with more tech.
Whether you think they’re geniuses or just reckless, the Harvard students meta glasses project changed the conversation. It moved facial recognition from something "the government does" to something "the guy next to you at Starbucks can do."
How to Protect Yourself Today
If this makes you want to wear a mask everywhere, you’re not alone. But there are practical steps you can take right now to limit your exposure.
📖 Related: How to Download from SoundCloud WAV Files Without Losing Audio Quality
- Opt out of PimEyes: Go to their "Opt-out" page. You’ll have to upload a photo of yourself (ironic, I know) so their AI can find and hide your results.
- Use Data Removal Services: Tools like DeleteMe or Incogni automatically send takedown requests to data brokers like FastPeopleSearch and Whitepages. It’s not a 100% fix, but it raises the "cost" for someone trying to dox you.
- Check Your Social Privacy: Stop setting everything to "Public." If PimEyes can see your LinkedIn or old Facebook profile pictures, the I-XRAY system can find you.
- Look for the Light: When you’re in public, get into the habit of checking for that tiny white LED on the corner of people’s glasses. If it’s on, they’re recording.
The reality is that the "glass" has been broken. The tech is out there, the APIs are open, and the databases are full. The only thing keeping your home address off a stranger’s sunglasses is a bit of digital housekeeping and a whole lot of hope that the person sitting across from you isn't an engineering student with a point to prove.