Understanding Privacy Risks in Augmented Reality (AR) Devices

During the 2025 Super Bowl, Meta recruited some big names to promote their new Ray-Ban Metas: Movie superstars Chris Pratt and Chris Hemsworth, plus reality TV icon Kris Jenner. Celebrities and influencers alike are promoting Augmented Reality (AR) devices like the Ray-Ban Metas , as these devices promise exciting features like live AI-enabled translation and video recording. Ray-Ban and Meta aren’t the only brands with AR devices on the market. You’ve also got: These devices make big promises, and their proponents seem to love them, but there are privacy risks to manage if you’re going to go the route of AR. Some of these risks are for the wearer, while others are for the people around them. The original Google Glass AR lenses were released in 2014 and notoriously flopped. Arguably, the biggest reason they failed was the lack of oversight related to security concerns. American consumers were skeptical of the product because they felt it couldn’t provide them with a reasonable promise of privacy . Are these new products more protective of user and bystander privacy? Or has the American marketplace simply shifted enough that people are less concerned about security and privacy than they were in 2014? Before embracing AR tech, it’s worth considering the potential risks associated with AR devices. If they’re worth using, they are worth using safely. Augmented Reality (AR) is different from Virtual Reality (VR) systems. When you put on a VR headset, you are entirely surrounded by the virtual environment created by that device. AR, on the other hand, superimposes digital imagery and text over the authentic view of the real world. This creates a composite of real and virtual imagery. VR requires an entire headset that blocks out your view of your real surroundings. AR simply requires a wearable pair of glasses that still allows you to see what’s around you. Modern AR devices have a lot of basic capabilities in common that make them useful across different applications. Most AR glasses and headsets can overlay digital objects directly onto your real-world environment, allowing you to place and manipulate 3D models that appear to exist in your physical space. These devices track your head movements and map your surroundings to keep virtual elements properly anchored as you move around. Most of the interaction that a user has with AR content occurs through fairly intuitive methods like hand gestures, voice commands, or touch controls built into the device. The integrated cameras serve multiple purposes, from scanning QR codes and recognizing images to capturing photos and videos that include AR elements. Most devices can also detect surfaces like floors, walls, and tables to place virtual objects realistically. Current AR devices commonly include these features: With so many features and options for use, it’s easy to see why these devices are gaining popularity. What about the risks? The biggest critics of AR tend to be professionals in cybersecurity and privacy-related industries. Experts in these fields are critical of augmented reality glasses because AR poses inherent risks that have not yet been mitigated by policies, laws, and guidelines. In an article by Kaspersky, the software company examines the cybersecurity vulnerabilities and privacy threats associated with AR and VR technologies. The piece explains that both VR and AR technologies collect extensive personal data, creating significant privacy risks that exceed those of traditional social media platforms. Here is an overview of the biggest concerns: The article identifies several major risks for augmented reality users, but privacy invasion tops the list, as AR systems continuously monitor user activities and surroundings. This means that your own privacy could be unintentionally compromised, or you may violate the privacy of others. Third-party developers create AR experiences for device users, which poses another concern. Unknowingly providing personal information to the device platform is one thing; handing it over to unvetted third parties is something else altogether. This information could be used for malicious purposes, including blackmail, security breaches, and identity theft. The content created by these third parties may also be a security concern, as apps could be used for sophisticated social engineering attacks . Digital overlays can be used to give users false information, too. Additional AR vulnerabilities include: Some critics even go so far as to raise warnings about the negative impact of AR on society. Advocates warn that people wearing AR glasses threaten the privacy of everyday citizens in serious ways. The Ray-Ban Metas, as well as other AR glasses, usually have an indicator light that shows when they are recording. A wearer who covers the indicator light to hide the fact that they are recording is really only sabotaging themselves. The device typically won’t record while something is blocking the indicator light. However, the average person who is interacting with the wearer likely has no idea what that light means or that the person is wearing a recording device. In some settings, it is difficult to observe that the light is on, even if someone is aware of it. Precedent clearly supports the right to record people in most public settings without requiring consent, but private spaces offer more protection. Individuals who don’t know that they’re being recorded in private could have their privacy violated without ever knowing, thanks to AR devices in daily use. In a time when AI-edited videos and deepfakes are getting more and more difficult for the average person to identify, people need to be more cognizant of when and where they are being recorded. The potential to do damage to a person’s reputation through a digital deepfake is only strengthened by covert recording in public via AR devices. Even if someone has a right to record you, who has a right to access that footage? All recorded data on the cloud has the potential for illegal access or access without proper authorization. A data breach of private video or audio footage from an AR device could put private or sensitive recordings in the wrong hands. Facial recognition and data mining are related concerns, as many AR glasses have facial scanning and recognition capabilities. These capabilities currently have limited scope and effectiveness, but a pair of Harvard students used AR in a way that concerns privacy advocates. AnhPhu Nguyen and Caine Ardayfio created a fascinating but disturbing demonstration of how easily accessible technology can enable mass surveillance. They modified a pair of $300 Ray-Ban Meta smart glasses by connecting them to existing facial recognition services and databases through custom programming. Their system, which they called I-XRAY, works by streaming video from the glasses’ built-in camera to Instagram, where a computer program monitors the feed and uses AI to detect faces in real-time. When the system identifies someone’s face, it searches the internet for matching photos using the PimEyes facial recognition service, then cross-references multiple data sources including online articles and voter registration databases. Within seconds, the app displays detailed personal information on their phone, including the person’s name, phone number, home address, and relatives’ names. The students demonstrated this technology by walking around Harvard’s campus and engaging strangers in conversation as if they were old acquaintances. They were armed with instantly-retrieved personal details about people who had no idea they were being identified and researched in real-time. Their project effectively combined off-the-shelf consumer products to create a powerful surveillance tool that anyone could potentially replicate. A lot of people are excited about AR because of its many applications, and their enthusiasm is understandable. Like AI, it’s something that is here, regardless of anyone’s concerns. Currently only existing laws, like COPPA, FERPA, and HIPAA, limit existing AR device users. We likely need to develop new laws in order to keep this technology in check. At first glance, it seems that whether AR devices are worth the risks comes down to individual choice and circumstances. Many users may decide that the benefits, such as enhanced navigation, real-time translations, hands-free communication, and innovative entertainment experiences, outweigh the privacy concerns. For professionals in fields like healthcare, engineering, or logistics, AR capabilities could provide significant advantages that justify accepting certain security vulnerabilities. However, making an informed decision requires understanding exactly what you’re signing up for. AR devices don’t just collect data about your digital behavior; they gather information about your physical movements, surroundings, conversations, and interactions with the real world. This creates an unprecedented level of surveillance that affects not just you, but everyone around you. It’s not as simple as informed, individual decision-making, either. The AR revolution is already underway, but we still have time to shape how it unfolds. The choices we make today about privacy, consent, and responsible use will determine whether augmented reality enhances our lives or creates a surveillance dystopia none of us asked for.