Ray-Ban Meta glasses ship with a white LED that activates whenever the camera records. That indicator was, as IPVM described it last week, the core privacy safeguard the product offered the public: a visible signal that recording was happening. Without it, the glasses look identical whether the camera is on or off. The wearer knows. Nobody else does.

European regulators had doubts about this arrangement years ago. Ireland's Data Protection Commission and Italy's Garante flagged the LED's adequacy in 2021, pushing Meta to add a blinking indicator pattern for EU-market versions, according to IPVM. That regulatory concession turned out to be equally fragile: the blinking version is defeated by the same physical modification as the standard light. A different appearance, the same vulnerability.

Demonstrations of how to defeat the indicator appeared on TikTok and YouTube well before a paid market existed, IPVM reported. Influencers circulated videos showing how to record without anyone nearby noticing. The commercial service didn't create the bypass culture; it turned it into a marketplace listing with a price tag.

The process is straightforward. A modder drills out the front LED and fills the cavity so the glasses show no visible change. The camera continues to function normally. IPVM notes no technical skill is required on the customer's part.

Journalist Joanna Stern found listings in 30 states, met one of these providers in person, had the modification done on her own pair, and confirmed the glasses could then record without anyone nearby noticing, The Verge reported this week. More than two dozen independent listings were identified in New York and New Jersey alone, with some providers reporting eight to nine inquiries per day, Android Authority found. That volume puts the service past the hobbyist threshold and into functioning gray-market territory.

Meta's response has been reactive. The company publicly stated in October 2024 that tamper-detection technology was built into the glasses. Firmware v12.0, released in January 2025, formalized that claim with a patch designed to detect mid-session LED blockage and halt recording automatically, according to IPVM. "We aggressively target anyone advertising tampering tools, have removed thousands of violating ads and marketplace listings for these services, and pursue legal action when appropriate," a Meta spokesperson told Android Authority this week.

The patch has not held. IPVM tested the bypass on firmware v25.0, released May 20 and incorporating the v12.0 fix, and recording continued uninterrupted on both first- and second-generation Ray-Ban Meta glasses, IPVM reported. The tamper-detection logic, per IPVM's analysis, appears designed to catch someone covering or blocking the LED from the outside, not someone who has physically removed it. Covering and removing are different problems. Only one has a software solution.

Meta's enforcement posture takedowns, legal threats, firmware patches operates downstream of the modification itself. The listings keep reappearing. The bypass keeps working on current hardware.

Privacy doctrine has long rested on a basic assumption: that recording someone is a visible, deliberate act. Smart glasses already strained that assumption. Modified glasses, Dickinson Wright's HR Blog noted earlier this week, break it in a way that existing legal frameworks weren't built to handle.

The legal exposure varies sharply by location. Nevada has been read to require all-party consent for telephone calls; Oregon requires all-party consent for in-person oral communications but permits one-party consent for electronic ones, according to Dickinson Wright. The same pair of modified glasses, used the same way, can be lawful in one state and expose the wearer to criminal liability in another. That geographic variation matters because the modification services operate nationally, across at least 30 states, while consent law remains a state-by-state patchwork.

Healthcare settings carry a separate layer of institutional risk. HIPAA's Privacy and Security Rules cover protected health information in visual and oral form, not just written records, Dickinson Wright noted. For a covered entity, an inadvertent capture and onward transmission of patient information can constitute an impermissible disclosure, with liability running to the organization rather than only to the individual wearer. Section 504 of the Rehabilitation Act extends parallel obligations to virtually every hospital participating in Medicare or Medicaid, according to the same analysis. A staff member wearing modified glasses in a clinical setting doesn't have to intend harm for the institution to face liability.

Labor law adds another dimension. In GC Memorandum 25-07, issued last year, the NLRB's Acting General Counsel took the position that secretly recording collective bargaining sessions is a per se violation of the duty to bargain in good faith under the NLRA, Dickinson Wright reported. A $100 modification could trigger that exposure without anyone in the room knowing it happened. For a sense of the financial scale when Meta's hardware intersects with privacy law: the company paid $650 million to settle biometric data claims in Illinois and $1.4 billion to resolve similar claims in Texas, per Dickinson Wright, though those cases concerned facial recognition data rather than recording indicators specifically.

The practical signal for workplaces, clinics, and anyone else in range: the indicator light on someone else's glasses is no longer reliable evidence they aren't recording. Existing no-recording policies were written when recording was assumed to be visible. Those policies may need to be revisited to address devices where the indicator cannot be taken at face value, and to establish how an organization would detect, respond to, and document a violation it couldn't see.

Firmware patches have had 16 months to solve a physical problem. The bypass is still working on current hardware. Because the modification involves removing the indicator entirely, software-level detection faces a structural limit: you cannot detect the absence of a component that was designed to report its own status. A hardware redesign that makes the recording indicator physically inseparable from the recording function would address that, but whether Meta has such a redesign in development is not publicly known.

The stakes may grow if facial recognition enters the picture. Meta has been publicly reported to be developing that capability for the Ray-Ban line. The EFF argued earlier this year that adding facial recognition to glasses that can already be modified to record without any visible indication would eliminate meaningful privacy for anyone who passes a wearer on the street, per EFF's analysis from March. If the indicator can be defeated for $100, that argument gets harder to dismiss, not easier to ignore.

What IPVM's testing and this week's reporting collectively show is that the recording indicator was always one drill bit away from being worthless. The question for Meta, for regulators, and for the broader smart glasses category is whether a product whose core privacy safeguard can be commercially removed for less than the cost of a dinner out can maintain the trust that keeps it in the consumer market rather than the surveillance conversation. Sixteen months of failed patches haven't produced an answer.