Meta Hid Face-Recognition Code on 50M Phones, The UK's Device-Scanning Ultimatum & A Burner Phone Ban

⚠️ No SR and no livestream next week. We'll get some clips out and have other content lined up, so the feed won't go quiet, but the full SR and the Friday stream are back the week after.

On Our Radar 🎯

Meta Got Caught Hiding Face-Recognition Code on 50 Million Phones

Meta embedded an "unreleased" facial-recognition system, internally referenced as "nametag" into the dedicated Meta AI app, and shipped it to more than 50 million phones. This was built to convert faces captured by their Meta glasses into unique biometric signatures. Wired found that faces the system failed to match were cropped, indexed, and stored locally for later processing.

Wired broke the story, and the day Wired went public, the "nametag" references were still sitting in several code libraries. But by Friday's release, they were gone. So the timeline is:

1. Implement invasive tech.
2. Get caught.
3. Delete evidence.
4. Deny.

Meta's denying this...calling the feature "purely exploratory," with "no final decision" on what to do with it. The same spokesperson then said they couldn't answer questions about how it works because...and I quote..."the feature doesn't exist." They called the reporting "incredibly misleading and absolutely dishonest." But Meta declined to answer the ten questions Wired sent before publishing, so I don't think you get to ignore the questions and then be mad about the coverage.

It's pretty straightforward: if a feature is truly experimental, you do not push it to 50 million people's devices without telling them. Either they knew exactly what they were doing and are walking it back, or they're planning to roll this out and lying about it. Both fit how Meta operates.

What you can do: If someone in your life is eyeing those smart glasses or using Meta AI, talk to them about it. Not "you're bad for wanting them"...but this deserves an honest conversation about how much trust that hands a company that has earned none of it. There will be better options someday if this even becomes desirable technology.

Bits & Bytes 🤖

~ Story 1: Microsoft Repos Weaponized Again to Push Malware to AI Users
For the second time in weeks, malicious packages tied to a compromised Microsoft GitHub account ran self-replicating credential stealers when an AI agent opened them. It was contained in 105 seconds on June 5, but it's the same account from the mid-May compromise, which raises real questions about whether credentials were ever fully rotated.

My take: If you're early to new tech, using novel AI tooling, pulling fresh packages, living on the bleeding edge...you're carrying more attack surface than everyone else. This is going to keep happening and it's important to plan accordingly. If you touch any of these tools, dig into the sources to make sure you weren't impacted!

~ Story 2: The UK's Ultimatum to Scan Every Device (And Signal's Answer)
The UK wants tech companies to switch on nudity-detection on phones and tablets, and companies must comply in three months or face legislation forcing it onto every phone in the country. Signal published a single-page response expressing the various reasons why this is a horrible idea that you can read in the sources below.

My take: The problem is the UK keeps throwing surveillance at every problem and refusing to acknowledge the technical reality. Encryption is part of keeping kids safe...safe spaces, trusted contacts, with no one watching. Signal nailed their response: real child safety is funded education and social services, not invisible mandatory surveillance.

~ Story 3: Two States, Two Directions on Privacy

Good news: Massachusetts unanimously passed (146–0) a privacy bill banning the sale of precise location data without explicit consent, covering biometrics, geolocation, and markers like religion, immigration status, and sexual orientation.

Bad news: Texas's SB2420 forces Apple and Google to age-verify users at account creation, and it took effect June 4, with the update already going live on Apple devices.

My take: Regulation alone won't fix privacy, and I'm not pretending it will. But without baseline laws, people have nothing to fall back on when something goes wrong. Massachusetts raises the floor, Texas dropped the floor. Laws are not the final solution, but they have real, measurable impacts on digital rights, and it's important to contact your politicians in light of these stories!

~ Story 4: The FCC Wants to Kill Burner Phones

To fight robocalls, the FCC is floating a rule that would effectively ban burner phones and force U.S. consumers to hand even more data to telecoms (some of the least trustworthy companies in tech)

The proceeding is open for public comment until June 25.

My take: This is putting more power into the hands of people who are part of the problem. The actual lever is the data-broker industry that hands robocallers your number in the first place. Credit where due: the FCC at least asked about the privacy tradeoffs, which is a galaxy ahead of the UK's "these aren't concerns" posture. If you've got expertise, file a comment before June 25 using the sources below!

This Week on Techlore 📺

This week we had a couple new pieces of content, the first is with the head of Firefox on Techlore Talks where I got to ask everything about Firefox VPN—the new (free) VPN in their browser:

Firefox VPN Explained: 50GB Free, No Logging, and How it Compares to Mozilla VPN

Techlore Talks brings you in-depth conversations with the experts at the forefront of digital rights, privacy and security.

TechloreTori

I also put out a quick video over the weekend inspired by a Shark Tank pitch that infuriated me, which covers misleading privacy marketing used by many companies online. This is a great one to share with loved ones!

How to Tell if an App Is Actually Secure (Most Aren’t)

Most apps claiming to be “private and secure” are using language that sounds meaningful but commits to almost nothing. I broke this down after watching a Shark Tank segment on Qeepsake, a baby journal app that calls itself “absolutely private and secure” because it has an SSL certificate. That’s

TechloreHenry Fisher

⚠️ And Remember: No SR and no livestream next week!

Action Item ✅

Two open comment windows are worth calling out:

• The FCC's burner-phone proposal is accepting public comments through June 25
• And if you're in Texas, the SB2420 age-verification rollout is exactly the kind of local change worth contacting your representatives about.

☎️ Contact your reps!

Written by

Share

Copied