Archive Link: https://archive.ph/IWMKe
Also: https://www.youtube.com/watch?v=vU1-uiUlHTo – This Flock Camera Leak is like Netflix For Stalkers
Was fortunate to talk to a security lead who built the data-driven policing network for a major American city that was an early adopter. ALPR vendors like Flock either heavily augment and/or anchor the tech setups.
What was notable to me is the following, and it’s why I think a career spent on either security researching, or going to law school and suing, these vendors into the ground over 20 years would be the ultimate act of civil service:
1. It’s not just Flock cams. It’s the data eng into these networks - 18 wheeler feed cams, flock cams, retail user nest cams, traffic cams, ISP data sales
2. All in one hub, all searchable by your local PD and also the local PD across state lines who doesn’t like your abortion/marijuana/gun/whatever laws, and relying on:
3. The PD to setup and maintain proper RBAC in a nationwide surveillance network that is 100%, for sure, no doubt about it (wait how did that Texas cop track the abortion into Indiana/Illinois…?), configured for least privilege.
4. Or if the PD doesn’t want flock in town, they reinstall cameras against the ruling (Illinois iirc?) or just say “we have the feeds for the DoT cameras in/out of town and the truckers through town so might as well have control over it, PD!”
Layer the above with the current trend in the US, and 2025 model Nissan uploading stop-by-stop geolocation and telematics to cloud (then, sold into flock? Does even knowing for sure if it does or doesn’t even matter?)
Very bad line of companies. Again all is from primary sources who helped implement it over the years. If you spend enough time at cybersecurity conferences you’ll meet people with these jobs.
As someone who has thought about, planned, and implemented a lot of RBAC... I would never trust the security of a system with RBAC at that level.
And to elaborate on that -- for RBAC to have properly defined roles for the right people and ensure that there's no unauthorized access to anything someone shouldn't have access to, you need to know exactly which user has which access. And I mean all of them. Full stop. I don't think I'm being hyperbolic here. Everyone's needs are so different and the risks associated to overprovisioning a role is too high.
When it's every LEO at the nation level that's way too many people -- it is pretty much impossible without dedicated people whose jobs it is to constantly audit that access. And I guarantee no institution or corporation would ever make a role for that position.
I'm not even going to lean into the trustworthiness and computer literacy of those users.
And that's just talking about auditing roles, never mind the constant bug fixes/additions/reductions to the implementation. It's a nightmare.
Funny enough, just this past week I was looking at how my company's roles are defined in admin for a thing I was working on. It's a complete mess and roles are definitely overprovisioned. The difference is it's a low-stakes admin app with only ~150 corporate employees who access it. But there was only like 8 roles!
Every time you add a different role, assign it to each different feature, and then give that role to a different user, it compounds.
I took your comment at face value but I hope to god that Flock at least as some sort of data/application partitioning that would make overprovisioning roles impossible. Was your Texas cop tracking an abortion a real example? Because that would be bad. So so bad.
Now you have scale with ai hardware becoming cheaper and software incentives aligning.
I always thought that show "person of interest" was a bit far fetched. how could one system have access to that much data? privacy concerns would surely stop it.
You'd think so, but everytime a crime is solved by flock or the like, people keep celebrating it and using it as a justification.
It reminds me of this meme: https://www.reddit.com/r/Cyberpunk/comments/sa0eh3/dont_crea...
There are few reasons people probably keep building on this topic: 1. Eventually someone will do this anyway. 2. Thus, it shall be mine - I for sure will handle data better than anyone else can, respecting all sorts of guardrails etc. 3. company ipos, founder leaves, things happen.
Along with all the cop shows I'm thinking it's almost intentional at this point to normalize things.
The very first cop show, Dragnet, was explicitly a PR move to rehab the image of the police in the public's imagination. Every cop show since has been propaganda. Even shows where the police are not necessarily the "good guys", like The Shield or even Chicago PD, normalizes police brutality and the flaunting of basic constitutional laws because those dastardly bad guys have to be stopped at all costs.
I enjoy some of these shows myself but it is sometimes crazy how blatant they are about it.
It’s the entire reason some shows and movies exist. The Pentagon, CIA and other agencies routinely and openly assist hundreds of films and TV shows with equipment, locations and expertise in exchange for script changes that protect U.S. military and intelligence reputations.
I will offer an alternative POV: if your big brilliant plan is, sue the elected institutions over administrative decisions, don’t go to law school. It would be a colossal waste of your time. You will lose, even if you “win.”
You are advocating that talented people go for Willits as a blueprint of “civil service,” which is a terrible idea. It’s the worst idea.
If you have a strong opinion about administrative decisions, get elected, or work for someone who wins elections.
Or make a better technology. Talented people should be working on Project Longfellow for everything. Not, and I can’t believe I have to say this, becoming lawyers.
And by the way, Flock is installed in cities run by Democrats and Republicans alike, which should inform you that, this guy is indicting civil servants, not advocating for their elevation to some valued priesthood protecting civil rights.
https://www.opensecrets.org/federal-lobbying/clients/lobbyis...
Do you mean these fine former civil servants simply making administrative decisions who are now Flock lobbyists, or do you mean current civil servants who are future Flock lobbyists?
You more likely are getting paid something to not understand things if you, in 2025, believe the "bipartisan consensus" with massive donor class overlap is credible to anyone without an emotional need to rationalize.
Flock or their defenders will lock in on the excuse that “oh these are misconfigured” or “yeah hacking is illegal, only cops should have this data”. The issue is neither of the above. The issue is the collection and collation of this footage in the first place! I don’t want hackers watching me all the time, sure, but I DEFINITELY don’t trust the state or megacorps to watch me all the time. Hackers concern me less, actually. I’m glad that Benn Jordan and others are giving this the airtime it needs, but they’re focusing the messaging on security vulnerabilities and not state surveillance. Thus Flock can go “ok we will do better about security” and the bureaucrats, average suburbanites, and law enforcement agencies will go “ok good they fixed the vulnerabilities I’m happy now”
Yes and the biggest problem with this kind of ALPRs are they bypass the due process. Most of the time police can just pull up data without any warrant and there has been instances where this was abused (I think some cops used this for stalking their exes [1]) and also the most worrying Flock seems to really okay with giving ICE unlimited access to this data [2] [3] (which I speculate for loose regulations).
[1]: https://lookout.co/georgia-police-chief-arrested-for-using-f... [2]: https://www.404media.co/emails-reveal-the-casual-surveillanc... [3]: https://www.404media.co/ice-taps-into-nationwide-ai-enabled-...
I'm sure the 40 percent of cops who are domestic abusers and the white supremacists militias recruited wholesale into ICE will use this power responsibly.
When you give access to any system that collects the personal information including location data for people in the US to the police, a percentage of the police will always use those systems for stalking their exes.
Don't forget we even saw that in the Snowden leaks.
Those were people with much higher scrutiny and background checking than your average cop. Those were people that themselves were more closely monitored. And yet... we want to give that to an average cop? People who have a higher than average rate of domestic abuse?
What is not only true for police but for every sufficiently big group of people.
Cops do have some unique tendencies but I think the real issue is the cops are able to leverage the power of the government in ways other large groups cannot.
The problem with police is a) that police have to deal with bad people and it is very hard to stay untainted when you constantly deal with bad people, and b) being a cop is no longer a desirable or rewarding job which not only causes applicant pool issues but also polarises the job and police force itself. Then the nature of polarisation is that it is self reinforcing. So if your job isn't rewarding financially or socially, the "perks" must come from somewhere and so it attracts people who seek to abuse power etc
I believe strongly that people have zero problem paying their knuckle dragging police fuckwad of the day $150k if they would actually do the job they signed up for. It’s the fact that 99% of them can’t handle it that pisses people off
> So if your job isn't rewarding financially
I don't know where you are, but some of the highest paid public employees in my state are police. In fact, median salaries for cops are higher than those of software engineers.
Add the fact that they get generous pensions + benefits, and can retire at 45 and draw from that pension until they die, they have it better than most of the people they police.
It's one of the only professions where you can make north of $250k+ a year doing overtime by sitting in your car playing Candy Crush all night.
I keep an unofficial record of instances where police and similar authorities have abused their access to these types of systems. The list is long. It's almost exclusively men stalking ex-partners or attractive women they don't know, but have seen in public.
What's frightening is it's not rare, it actually happens constantly, and this is just within the systems which have a high level of internal logging/user-tracking.
So now with Flock and data brokers we have authorities having access to information that was originally held behind a judge's signature. Often with little oversight, and frequently for unofficial, abusive purposes.
This reality also ties back to the discussion about providing the "good guys" encryption backdoors. The reality is that there are no "good guys", everyone exists in shades of grey, and I dare say there are people in forces whom are attracted to the power the role provides, rather than any desire for public service.
In conclusion it's a fundamental design flaw to rely on the operator being a "good guy", and that's before we get into the problem of leaks, bugs, and flaws in the security model, or in this case: complete open access to the public web - laughable, farcical, and horrifying.
And my guess is we only ever find out about some probably very small percentage of the abuses by police, at least in theory having rules and oversight of their use of these systems.
What are the chances that nobody at Flock has ever abused their access?
Cynical-me assumes that if you're the sort of person who'd take a job at a company like Flock, which I and evidently a lot of other people consider morally bankrupt, then you are at least as likely as a typical cop to think that stalking your exes or random attractive people you see - is just a perk of your job, not something that should come with jail time.
> What's frightening is it's not rare, it actually happens constantly, and this is just within the systems which have a high level of internal logging/user-tracking.
Would not be surprised if these types of abuse serve to obfuscate other abusive uses as well and are thus part of the system operating as it should. Flood the internal logging with all kinds of this "low-level" stuff, hiding the high-level warrantless tracking.
No idea why you're being downvoted, this is all true.
Same was found in Australia when they looked into police access of data [0] [1] [2]
[0] https://www.theguardian.com/australia-news/article/2024/jun/...
[1] https://www.abc.net.au/news/2022-12-15/victoria-police-leap-...
[2] https://www.ccc.qld.gov.au/sites/default/files/Docs/Public-H...
Maybe with these systems we should require them TO be open for anyone to query against. Maybe then people would care more about how they impact their privacy.
IIRC, this happened in Washington state: https://www.eff.org/deeplinks/2025/11/washington-court-rules...
And as a result, they got rid of the cameras. Funny how that works!
Flock’s objective is to hope people don’t care long enough to reach IPO. Will enough people care to dis enable this corporate dragnet surveillance apparatus? Remains to be seen. I don’t much care about the grift of dumping this pig onto the public markets (caveat emptor), but we should care about its continued use as a weapon against domestic citizens without effective governance and due process.
I’m glad Benn has gone into the YouTube space. He has demonstrated a great balanced view on how to sell your soul for advertisement money in YouTube land.
I’ve known of him a long time simply because of his extremely progressive views towards releasing his own music. In other words, I would not care about Benn Jordan but for the fact that he was releasing his own torrented music on WCD 15 years ago
Nothing will be done until one of the investors of the tech end up embarrassed from weaponization of the tech against themselves. These people have no clue how creepy some of their technologic betters can be. I once witnessed a coworker surveilling his own network to ensure his girlfriend wasn't cheating on him (this was a time before massive SSL adoption). The guy just got a role doing networking at my company and thankfully he wasn't there for very long after that.
> Nothing will be done until one of the investors of the tech end up embarrassed from weaponization of the tech against themselves.
I propose that it become mandatory for all senior managment, board members, and investors in Flock - to have these Condor camears and their ALPR cameras installed out the front of their houses, along their routes to work, along the route to nearby entertainment precincts, outside their children's school and their spouses workplace (or places they regularly visit if they don't work) - all of which must be unsecured and publicly available at all times.
(Yes I know, I'm dreaming. I reckon every Meta employee's children should be required to have un-parental-controlled access to Facebook/WhatsApp/Messenger/et al...)
flock is a YC startup
We have met the enemy and he is us -Pogo
Are we the baddies?
Yep
I am the "Y-combinator". Do you have any questions?
no questions asked go eat yourself now or at least your own dog food
As O’Brien passed the telescreen a thought seemed to strike him. He stopped, turned aside and pressed a switch on the wall. There was a sharp snap. The voice had stopped.
Julia uttered a tiny sound, a sort of squeak of surprise. Even in the midst of his panic, Winston was too much taken aback to be able to hold his tongue.
‘You can turn it off!’ he said.
‘Yes,’ said O’Brien, ‘we can turn it off. We have that privilege.’
How is this different from the CCP surveillance? I guess this is easier for third parties to access?
The PRC has nothing remotely corresponding to the Fourth Amendment, as far as I know.
I hate the CCP surveillance too. No state should have this close of an eye on its people. It’s anti-freedom.
I know right. It is like we all forgot that cops were literally sharing pictures of Kobe Bryant’s mutilated body in bars for a laugh. A lot of people in law enforcement are totally screwed up in the head.
Was it misconfigured? Or “misconfigured” so people in the know can bypass the minimal controls that are in place?
I think more importantly people need to recognize that cops are people, flawed and fallible as is the flock system in general. It should never be the whole solution and be used as evidence alone.
This totally misses the OCs point, which is that this data shouldn't be gathered at all, regardless of the competency (or lack there of) of the cops
I wonder what our founders would think about tools like Flock.
From what I understand these systems are legal because there is no expectation of privacy in public. Therefore any time you go in public you cannot expect NOT to be tracked, photographed, and entered into a database (which may now outlive us).
I think the argument comes from the 1st amendment.
Weaponizing the Bill of Rights (BoR) for the government against the people does not seem to align with my understanding of why the Bill of Rights was cemented into our constitution in the first place.
I wonder what Adams or Madison would make of it. I wonder if Benjamin Franklin would be appalled.
I wonder if they'd consider every license plate reading a violation of the 4th amendment.
> I wonder what our founders would think about tools like Flock.
I suspect they'd make a distinction between private individuals engaging in first amendment protected activity like public photography and corporations or the state doing the same in order to violate people's 4th amendment rights. We certainly don't have to allow for both cases.
They'd have not forced license plates to be displayed at all times to begin with, as they are a search of your papers without probable cause your vehicle is unregistered. Private ships in those days (probably the closest equivalent of something big and dangerous that could do tons of damage quickly on the public right of way) did not have required hull numbers or anything like that. Of course that doesn't totally solve the flock problem, but makes it a lot harder.
Ships then, and now, don’t really need numbers for identification. There are various unique numbers that they can and do use occasionally for specific purposes(IMO numbers and hull numbers). However, a ship’s name and home port were, and are, more than sufficient to identify a ship for legal purposes. You don’t need a registration number on a ship, and certainly wouldn’t have needed one then.
The authorities absolutely kept meticulous records of ships entry and exit from any harbour as well as what was on board, what was loaded and unloaded and frequently a list of all persons onboard.
Some flag states enforce uniqueness constraints on name and home port combinations. The US does not, but that really doesn’t matter much in the real world. There just aren’t that many conflicts.
More importantly, the founding fathers very much did not extend privacy rights to ships. Intentionally so. The very first congress passed a law in 1790 that exempted ships from the requirements of needing a warrant to be searched.
The ability to track and search ships without warrants has been an important capability of the federal government from day one.
Hell, the federal register of ships is published and always has been. I don’t know how they would have felt about private cars, but the founding fathers revealed preference is that shipping and ships are not private like your other “papers and effects” are.
Cars, wagons, carts, are not ships
The comparison to private ships doesn't quite land, IMO.
Ships - ships big enough to do material damage would be very small in # - ships big enough to do material damage would have a (somewhat?) professional crew - whatever damage they could do would always be limited to tiny areas - only where water & land meet, only where substantial public or private investment had been made in docks/etc - operators have strong financial incentive to avoid damaging ship or 3rd party property (public or private)
Cars - in some countries the ratio of cars to people is approaching 1 - a vanishingly small portion of vehicles have professional drivers - car operators expect to be able to operate at velocities fatal to others on nearly 100% of land in cities, excepting only land that already has a building on it, and sometimes not even that. - car operators rarely held liable for damage to public property, injury, or death and there's strong political pressure to socialize damage and avoid realistic risk premiums
I don't love flock but IMO the only realistic way to get rid of license plates would be mandatory speed governors that keep vehicles from going more than like 15mph. I would be fine with that, but I suspect most would not. If we expect to operate cars at velocities fatal to people outside our vehicles, then there will always be pressure to have a way of identifying bad actors who put others at risk.
> I don't love flock but IMO the only realistic way to get rid of license plates would be mandatory speed governors that keep vehicles from going more than like 15mph.
I don't understand this reasoning. License plates don't stop speeding from happening. Removing license plates wouldn't prevent enforcement of speed limits either. A cop can pull over and ticket someone without a license plate just as easily as they do now.
At best they're good for a small number of situations where they help identify a car used in a crime (say a hit and run) but even then plenty of crimes are committed using cars that can't be linked back to the driver (stolen for example) or where the plates have been removed/obscured.
I’m not arguing that license plates solve the problem of the danger of cars, simply that as long as cars are dangerous to people not inside the car, there will be political pressure to have some way, however imperfect, of identifying them and their owners/operators.
> Private ships
Often, the same people crying about Flock will decry private arms ownership through mental gymnastics.
These very same ships you speak of that could do "tons of damage" had actual cannonry - with no registration or restrictions on ownership or purchase, either.
You can still buy and bear a cannon with no background check or registration or any of the like, FWIW. Very easy to order on the internet and have shipped straight to your door[].
[] https://www.dixiegunworks.com/index/page/product/product_id/...
You can, but be aware that an exploding cannonball (widely available in 1776) is considered a destructive device, so each shell must have an NFA stamp. Solid shot is not considered a destructive device.
Does the shell have to be serialized? Or does one merely need a stamp that handwaves towards a particular, but generic looking shell?
Funny enough thats actually not true. Legally speaking. It's often claimed but it is an over simplification.> because there is no expectation of privacy in publicI think maybe the worst part is that the more we buy into this belief the more self fulfilling it becomes (see third link). But I don't expect anyone to believe me so here's several links. And I'd encourage people to push back against this misnomer. In the most obvious of cases I hope we all expect to have privacy in a public restroom. But remember that this extends beyond that. And remember that privacy is not binary. It's not a thing you have complete privacy or none (public restrooms again being an obvious example). So that level of privacy that we expect is ultimately decided by us. By acting as if it is binary only enables those who wish to take those rights from us. They want you to be nihilistic
https://www.eff.org/deeplinks/2024/09/you-really-do-have-som...
https://en.wikipedia.org/wiki/Reasonable_expectation_of_priv...
https://legalclarity.org/is-there-an-expectation-of-privacy-...
they prob be upset about the 13th 15th and 19th amendments too
Yea they would have had no issue with flock if it was for capturing escaped enslaved people
They aren't a monolithic group. There was a wide range of opinions on slavery and many other topics. Do a bit of research.
The only acceptable opinion today should be that slavery of all stripes, practiced both before the emancipation proclamation, as well as today in both prison settings and trafficking, is abhorrent.
The problem is that these laws were written before automated mass surveillance was feasible.
idk that the government had first amendment rights… like any private citizen can record, but 1a doesn’t immediately mean the government can do anything, right?
> From what I understand these systems are legal because there is no expectation of privacy in public.
Not quite. There's been precedent set that seems to imply flock and other mass surveillance drag net operations such as this do violate the forth.
Defendants trying to exclude ALPR evidence often invoke Carpenter v. U.S. (or U.S. v. Jones, but that’s questionable because the majority decision is based on the trespass interpretation of the 4th Amendment rather than the Katz test). Judges have not generally agreed with defendants that ALPR (either the license plate capture itself or the database lookup) resembles the CSLI in Carpenter or the GPS tracker in Jones. A high enough density of Flock cameras may make the Carpenter-like arguments more compelling, though.
>I wonder if Benjamin Franklin would be appalled.
Depends how fast we lost him to porn on the internet
I think you should try to decide for yourself what to make of the situation instead of wondering what some ancient dead old dudes would think.
It is possible to have your own thoughts and also wonder what other people think.
If that was the case then you should wonder what Descartes would think. What Derrida or Baudrillard would think. We both know it’s not about that though.
Wondering what the people who created the government think of the current government is massively different than wondering what either of two French philosophers who never participated in statecraft born 150 years later thinks.
It is perfectly normal to wonder what the architect of a system thinks of the current system, and entirely separate from wondering what a pair of unrelated Frenchman think of that system. Even if they are just “some ancient dead old dudes”.
Descartes at least was a mathematician and a philosopher with novel ideas. Derrida and Baudrillard were "postmodern" slop faucets.
Both perspectives could be informative.
What I don’t understand is how you can work at a company like Flock and look yourself in the mirror. Seriously. You must be aware of the inherent evil, of the privacy invasive nature of your product, of how it’s being actively abused. How do you rationalize this for yourself?
I don't want these cameras to exist but, if they're going to, might we be better off if they are openly accessible? At the very least, that would make the power they grant more diffuse and people would be more cognizant of their existence and capabilities.
Did you see the other post about this where the guys showed a Flock camera pointed at a playground, so any pedo can see when kids are there and not attended?
Or how it has become increasingly trivial to identify by face or license plate such that combining tools reaches "movie Interpol" levels, without any warrant or security credentials?
If Big Brother surveillance is unavoidable I don't think "everyone has access" is the solution. The best defense is actually the glut of data and the fact nobody is actively watching you picking your nose in the elevator. If everyone can utilize any camera and its history for any reason then expect fractal chaos and internet shaming.
> Did you see the other post about this where the guys showed a Flock camera pointed at a playground, so any pedo can see when kids are there and not attended?
If it's inappropriate for any pedo to see when kids are in a park then certainly it should inappropriate when those pedos just happen to be police officers or Flock employees. The nice thing about the "everyone has access" case is that it forces the public to decide what they think is acceptable instead of making it some abstract thing that their brains aren't able to process correctly.
People will happily stand under mounted surveillance cameras all day long, but the moment they actually see someone point a camera at them they consider that a hostile action. The surveillance camera is an abstract concept they don't understand. The stranger pointing a camera in their direction is something they do understand and it makes their true feelings on strangers recording them very clear.
We might need a little bit of "everyone has access" to convince people of the truth that "no one should have access" instead.
> so any pedo can see when kids are there and not attended?
Sure. It also lets parents watch. Or others see when parents are repeatedly leaving their kids unattended. Or lets you see some person that keeps showing up unattended and watching the kids.
> Or how it has become increasingly trivial to identify by face or license plate such that combining tools reaches "movie Interpol" levels, without any warrant or security credentials?
That already exists and it is run by private companies and sold to government agencies. That’s a huge power grab.
> The best defense is actually the glut of data and the fact nobody is actively watching you picking your nose in the elevator. If everyone can utilize any camera and its history for any reason then expect fractal chaos and internet shaming.
This argument holds whether it is public or not. It is worse if Flock or the government can do this asymmetrically than if anyone can do it IMO, they already have enough coercive tools.
"Or others see when parents are repeatedly leaving their kids unattended."
... which is the expected, default use-case for a playground ...
I didn't want to get into an argument over whether kids should be unattended at playgrounds or not - I don't know where the other poster is front and it seems to be based on age, density, region, etc. Where I grew up it would be weird to stay, in the city I am in it would be weird to leave them.
If you leave your kids unattended at a playground I don't see how the camera changes the risk factor in any meaningful way. Either a pedophile can expect there to be unattended children or not.
It’s anonymity of the viewers combined with mass open-access surveillance that enables an unheard of level of stalking capacity.
Most people don’t like the idea that strangers could easily stalk their child remotely.
It’s the easy of access to surveillance technology that is different. Has nothing to do with the park being safe or not.
Try to think like an evil person with no life and very specific and demonic aims if you’re still having trouble seeing why this would be an issue.
> Try to think like an evil person with no life and very specific and demonic aims if you’re still having trouble seeing why this would be an issue.
That person already has incredible power to stalk and ruin someone's life. Making Flock cameras public would change almost nothing for that person. It fascinates me how fast people jump to "imagine the worst person" when we talk about making data public.
We have the worst people, they're the ones who profit off of it being private, with no public accountability, who don't build secure systems. The theater of privacy is, IMO, worse than not having privacy.
There are sites that index thousands of public live streaming cameras, with search fields where you can just enter "park" and get live cams with kids playing, because people have specifically arranged for those cameras to exist.
I wonder if such a business model could exist where they were effectively "public" and thus, access was uniformly granted to anyone willing to pay. not sure if this would be net better for society, but an interesting thought.
I've thought the same regarding license plate readers (and saw considerable pushback on HN) — feeling like you suggest: if they have the technology anyway, why not open it up?
I imagined a "white list" though (or whatever the new term is—"permitted list"?) so that only certain license plates are posted/tracked.
> I don't want these cameras to exist but, if they're going to, might we be better off if they are openly accessible?
Cities will remove Flock cameras at the first council meeting that sits after council-members learn their families can be stalked.
Seems like a positive side effect. The Seattle area is delaying it after the open records request case.
Is it more symmetrical? I know in theory we all can continuously download and datamine these video feeds but can everyone really?
No, but the same argument could be made for things like open source software. We assume/hope that someone more aligned with our outcomes is actively looking.
Or, at the very least, that we can go back and look later.
I don't think they are similar. Public feeds would enable someone to document and sell people's whereabouts in real time. The fact that I could do the same or go back and look later is no defense.
This is a different argument than what I was responding to.
> I know in theory we all can continuously download and datamine these video feeds but can everyone really?
To which my response is "this is like OSS." What I mean by that is that, in theory, people audit and review code submitted to OSS software, in reality most people trust that there are other people who do it.
> Public feeds would enable someone to document and sell people's whereabouts in real time. The fact that I could do the same or go back and look later is no defense.
This is a different argument to me and one that I'm still torn about. I think that if the feeds exist and the government and private entities have access to them, the trade-offs may be better if everyone has access to them. In my mind this results in a few things:
1. Diffusion of power - You said public feeds would "enable someone to document and sell people's whereabouts in real time." Well, private feeds allow this too. I'd rather have everyone know about some misdeed than Flock or the local PD blackmail someone with it.
2. Second guessing deployment - I think if the people making the decisions know that the data will be publicly available, they're more likely to second guess deploying it in the first place.
3. Awareness - if you can just open an app on your phone and look at the feed from a camera then you become aware of the amount of surveillance you are subject to. I think being aware of it is better than not.
There's trade-offs to this. The cameras become less effective if everyone knows where they are. It doesn't help with the location selection bias - if they're only installed in areas of town where decision makers don't live and don't go, the power is asymmetric again. Plenty of other reasons it is bad. None of them worse than the original sin of installing them in the first place.
Open cameras make information that was previously local and difficult to collect global and easier to collect. Relatively, it reduces the privacy and power of people on the ground in your neighbourhood and increases the power of more distant actors. It doesn't seem very socially desirable as an outcome. It also increases the relative power of people with technical capacity and capital for storage and processing etc.
I do buy your argument that open access could help check the worst abuses. But, if widespread, it'd be so catastrophic for national security that I can't see how it would ever fly.
I think the theater of closed versions have the same problems, we just don’t acknowledge them as well.
If I were an enemy nation state, flock would definitely be a target.
They don't grant power, they enhance it. Not helpful for those without don't have any actual power.
Yes. This looks bad for Flock security.
Good thing nobody tried to pop a shell on the camera OS and move laterally through the network. That would be bad.
I'm sure it's all very secure though.
I just watched the Benn Jordan's video on this. Even if this is just configuration error on some of their cameras this is terrifying and I think they should be held accountable for this and their previous myriad of CVEs.
Here's the video for interested folk:
It's amazing that any vendor, let alone a CJIS vendor even allows unsecured deployments of their software in 2025.
benn jordan has been on an absolute tear recently. one of my favorite people nowadays
the main summary of 1984: "neighbors are encouraged, via telesecreens, to spy on one another to enforce conformity."
There thing to fear isn't some higher state; it's each other. We happily will surveil each other under the auspices of safety.
Hell, these days, our kids grow up with cameras pointing at them in their own rooms. What did we expect?
Until we are willing to accept more "risk" in exchange for more privacy, this will only get worse. (It's why I believe most tech/services that tout privacy are DoA, because nobody actually cares)
There's an interesting idea here that is tangentially related to "common carrier" regulations ...
Specifically:
If a flock (or similar) camera is deployed on public land/infra there should exist default permission for any alternate vendor to deploy a camera in the same location.
I wonder how that could be used and/or abused and, further, what the response from a company like flock would be ...
Not directly an answer to your question, but installed Shotspotter locations are generally "not shared with police" and installations are done in a way where the location is obfuscated away from the police/city through Shotspotter contractors. It's not actually true that the device locations aren't shared with the police, but shotspotter/police testimonies in shotspotter cases say so anyway.
I have absolutely zero faith in any of this.
Multiple cases have revealed that it seemed like police and Shotspotter worked hand-in-glove to tweak Shotspotter data and demographics to help shore up a case and make things appear more reliable than they were.
And multiple cases where, sufficiently pushed, DAs have dropped cases or dropped Shotspotter as evidence rather than have the narrative challenged too closely.
It's getting pretty crazy out there. What's your recourse for this? Avoid most populated areas?
Work with your municipality to pass laws banning cameras like this. I'm sure it isn't easy (and I'm not sure I have the stomach for working through that process in my city), but people have done it in some places.
I live in a town of 6,000 and we have 5 Flock cameras
It's a quality of people problem not a quantity of people problem.
deflock.me has a map. (I recently contributed a few flock cameras I spotted.)
I notice they generally watch busy roads and intersections, off and on ramps to highways, retail malls…
Smaller roads through neighborhoods were mostly unmolested.
I mean. There are solutions...
I'm not sure if it's better or worse to have it publicly accessible or only accessible to an elite group.
Yes, they should be secured so they can only be accessed by law enforcement.
But if your spouse/SO/sister/mother/girlfriend/whatever was assaulted while jogging in a park that had Flock cameras, and it allowed law enforcement to quickly identify, track, apprehend and charge the criminal, you'd absolutely be grateful for the technology. There's nothing worse than being told "we don't have any leads" when someone you care about has been attacked.
Maybe I’m crazy, but I don’t want laws to be written to the level of my emotional individual reaction to a singular crime. I want laws to reflect the ideals and values of society, and to work at scale when balancing individual freedom, societal safety, and protection from government abuse.
“It is better, so the Fourth Amendment teaches us, that the guilty sometimes go free than the citizens be subject to easy arrest.” - Former Supreme Court Justice William O. Douglas
They should also require a warrant at least, especially for any data sharing. With "they can only be accessed by law enforcement", we've already had plenty of police harassing their exes. If they couldn't convince a judge to let them use the camera, there's really no hope of the case going anywhere.
> There's nothing worse than being told "we don't have any leads" when someone you care about is attacked.
I'd argue worse is "we know exactly who did it and we're not going to do anything about it (but we would do something if you try to do something about it yourself)".
If your argument has to start with "now, imagine your sister was raped", then it's probably just a bad argument.
Appealing to emotions, tsk tsk, but going right for the jugular? Yikes.
Also, elephant in the room: if your sister was going to be raped or beaten, it would probably be by someone in her home, in her family. Like her cop husband.
Until your spouse/SO/sister/mother/girlfriend spurns a LEO, and then the LEO uses it to stalk and harass them. Talk to any LEO, they constantly misuse their data access to look up friends/family/neighbors to find dirt. Most of the time its relatively harmless gossip, but it can easily be used to harass people.
What about when ICE uses this data to abduct and deport your spouse and family members? Will you be grateful then?
I'll make up another one to pile on. Perhaps the police would have had a visible, deterrent presence if they weren't lazily relying on cameras, and that would have prevented the assault in the first place.
Anyhow, if you read the flock database, they're overwhelmingly not using them for the purposes of public safety or random crime.
"…they're overwhelmingly not using them for the purposes of public safety or random crime."
That would seem to be very relevant information.
Ah yes, the good ol' appeal to fear. "Think of the childr--err, I mean poor defenseless woman!"
No, I don't want these cameras. I don't care if they make law enforcement's job easier. They are an invasion of privacy and a part of the disgusting dragnet surveillance state.
They need to go.
A decade ago, I was attacked on a public sidewalk by three men, who roughed me up a bit and stole from me. The police were utterly unhelpful, and as far as I know, they never caught anyone. But ultimately, that didn't really matter. I was traumatized for a while, but eventually worked through it. Whether or not they were caught would not have changed any part of that process.
I get that, emotionally, we want some sort of justice when things like this happen, but I am not willing to put up with even more constant surveillance in order to feel a little bit better about a bad thing that happened to me. I would much rather criminals sometimes went free.
Yea I've never been a fan of the whole "makes law enforcement's job easier" arguments.
As though personal rights/liberties are trumped by a cop needing to do paperwork or leave his desk.
Plus, when you follow this to its natural/extreme conclusion, the absolute easiest thing for law enforcement would be to arrest you for no reason at all.
The rationalization for this policy of course could simply be that probable cause is "inconvenient."
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
This is true of course. You could also apply this logic to even the most extreme of fascist tendencies though.
There is freedom to and freedom from as they say in The Handmaid’s Tale.
What if your spouse/SO/whatever was wrongfully arrested because they were on a Flock camera and conveniently matched what the police were looking for? Or if they ran whatever dogshit AI algorithm over it looking for suspects?
We can make up situations all day where it can or can not be validated but the reality is that this is a defacto surveillance state. If every move you make can be monitored, you should assume that the state can and will abuse it to hurt innocent people in the name of politics or whatever.
Or if they were simply being harassed because their ex was a cop who decided to use the cameras to stalk them, where there's not even an excuse.
What's the point of making a statement like that? Is it like a Snapple cap thing, or do you expect people to actually give up on talking about the blatant government overreach?
And what a dumb way to frame it. "Think of the woman" is the same argument as "think of the children". Why not just say if you were attacked you'd want it to be on camera? Afraid it'll make you sound weak? Well, so does bootlicking.
Really great investigation, what's the URL of the "vibe coded" site with the access links?
Flock cameras would be so easy to disable by motivated people. Dress in nondescript clothing, mask, sunglasses, and just spraypaint over the lenses. This is completely asymmetric warfare because it is trivial how long it would take for you to do this. You could hit dozens of cameras across an area overnight. Meanwhile, flock or the city, whoever maintains this stuff, needs to identify the vandalized cameras, flag them for repair, pay a technician to go out and presumably repair the unit outright. You pay cents and they are paying potentially thousands in labor and hardware costs.
And this would absolutely work at scale too. Streetlights are already being vandalized for their copper and most cities cannot afford to hire more technicians to even keep up with streetlight repair. I believe I’ve seen the backlog for streetlight repair in LA is over 10x what the current street services crew is capable of repairing in a year of constant work and growing by the day.
Municipalities and these technology companies cannot keep up against a motivated crew and can’t afford to scale either. Totally asymmetric.
The initial disabling might be asymmetric but when/if you're caught you go to jail for years for something that cost the state maybe an hour tops to fix.
Therefore if only say one of a thousand gets caught, it still costs the people doing it more than the state on average (unless their life/time is worth basically nothing for years on end).
glock > flock
Is mass vandalism the final answer to this problem?
We really should be referring to them as “Flock (YC S17)”. Credit where credit is due.
Associated Benn Jordan video post: https://www.youtube.com/watch?v=vU1-uiUlHTo
Related:
https://news.ycombinator.com/item?id=46356182 Benn Jordan – This Flock Camera Leak Is Like Netflix for Stalkers [video] (youtube.com)
We merged that thread into this one.
(Edit: and put that video's link in the toptext above.)
People who complain about flock should have to list how many crimes are in their zip code to be taken serious.
People who demand others sacrifice their privacy to allow a private company to collect unlimited data on public spaces, to be used, sold, and profited off of as they see fit, with no oversight or constraints, should not be taken seriously.
Right, because cameras exposed to public Internet access without authentication cannot at all be used to aid in crime.
You must have very little imagination to not see the irony of your own comment.