Flock Exposed Its AI-Powered Cameras to the Internet. We Tracked Ourselves
404media.co774 points by chaps a day ago
774 points by chaps a day ago
Archive Link: https://archive.ph/IWMKe
Also: https://www.youtube.com/watch?v=vU1-uiUlHTo – This Flock Camera Leak is like Netflix For Stalkers
Was fortunate to talk to a security lead who built the data-driven policing network for a major American city that was an early adopter. ALPR vendors like Flock either heavily augment and/or anchor the tech setups. What was notable to me is the following, and it’s why I think a career spent on either security researching, or going to law school and suing, these vendors into the ground over 20 years would be the ultimate act of civil service: 1. It’s not just Flock cams. It’s the data eng into these networks - 18 wheeler feed cams, flock cams, retail user nest cams, traffic cams, ISP data sales 2. All in one hub, all searchable by your local PD and also the local PD across state lines who doesn’t like your abortion/marijuana/gun/whatever laws, and relying on: 3. The PD to setup and maintain proper RBAC in a nationwide surveillance network that is 100%, for sure, no doubt about it (wait how did that Texas cop track the abortion into Indiana/Illinois…?), configured for least privilege. 4. Or if the PD doesn’t want flock in town, they reinstall cameras against the ruling (Illinois iirc?) or just say “we have the feeds for the DoT cameras in/out of town and the truckers through town so might as well have control over it, PD!” Layer the above with the current trend in the US, and 2025 model Nissan uploading stop-by-stop geolocation and telematics to cloud (then, sold into flock? Does even knowing for sure if it does or doesn’t even matter?) Very bad line of companies. Again all is from primary sources who helped implement it over the years. If you spend enough time at cybersecurity conferences you’ll meet people with these jobs. As someone who has thought about, planned, and implemented a lot of RBAC... I would never trust the security of a system with RBAC at that level. And to elaborate on that -- for RBAC to have properly defined roles for the right people and ensure that there's no unauthorized access to anything someone shouldn't have access to, you need to know exactly which user has which access. And I mean all of them. Full stop. I don't think I'm being hyperbolic here. Everyone's needs are so different and the risks associated to overprovisioning a role is too high. When it's every LEO at the nation level that's way too many people -- it is pretty much impossible without dedicated people whose jobs it is to constantly audit that access. And I guarantee no institution or corporation would ever make a role for that position. I'm not even going to lean into the trustworthiness and computer literacy of those users. And that's just talking about auditing roles, never mind the constant bug fixes/additions/reductions to the implementation. It's a nightmare. Funny enough, just this past week I was looking at how my company's roles are defined in admin for a thing I was working on. It's a complete mess and roles are definitely overprovisioned. The difference is it's a low-stakes admin app with only ~150 corporate employees who access it. But there was only like 8 roles! Every time you add a different role, assign it to each different feature, and then give that role to a different user, it compounds. I took your comment at face value but I hope to god that Flock at least as some sort of data/application partitioning that would make overprovisioning roles impossible. Was your Texas cop tracking an abortion a real example? Because that would be bad. So so bad. >Was your Texas cop tracking an abortion a real example? Because that would be bad. So so bad. https://www.eff.org/deeplinks/2025/05/she-got-abortion-so-te... It always starts with "we just give developers in project access to things in project and it all be nice and secure, we will also have separate role for deploy so only Senior Competent People can do it. Then the Senior Competent Person goes on vacation and some junior needs to run a deploy so they get the role. The the other project need a dev from different project to help them. Then some random person need something that has no role for it so they "temporarily" gets some role unrelated to his job. Then project changes a manager but the old one is still there for the transition And nobody ever makes a ticket to rescind that access And everything is a mess ...and "the fix" that companies usually resort to is "use it or lose it" policies (e.g. you lose your role/permission after 30 days of non-use). So if you only do deployments for any given thing like twice a year, you end up having to submit a permissions request every single time. No big deal, right? Until something breaks in production and now you have to wait for multiple approvals before you can even begin to troubleshoot. "I guess it'll have to stay down until tomorrow." The way systems like this usually get implemented is there's an approval chain: First, your boss must approve the request and then the owner of the resource. Except that's only the most basic case. For production systems, you'll often have a much more complicated approval chain where your boss is just one of many individuals that need to approve such requests. The end result is a (compounding) inefficiency that slows down everything. Then there's AI: Management wants to automate as much as possible—which is a fine thing and entirely doable!—except you have this system where making changes requires approvals at many steps. So you actually can't "automate all the things" because the policy prevents it. To add to that, the roles also need to be identified. When some obscure thing breaks you either need to go on a quest to understand which are all the roles involved in fixing it, or send a much vaguer "let me do X and Y" request to the approval chain and have them figure it out on their end. And as the approval agents aren't the ones fixing the issue, it's a back and forth of "can you do X?" "no, I'm locked at Y" "ok. then how about now ?" Overprovisioning at least some key people is a fatality. This is the part that doesn’t get enough attention. The real risk isn’t any single vendor, it’s the aggregation layer. Once ALPR, retail cams, traffic cams, ISP data, and vehicle telematics all land in one searchable system, the idea that this will be perfectly RBAC’d and jurisdictionally contained is fantasy. At that point it’s not policing tech, it’s a nationwide surveillance substrate held together by policy promises. I’ve been in security for a while and I increasingly think understanding what the future looks like under this threat model is about the only security research that really matters fully above the rest (many topics also very important in their own ways). The state change is just so significant and so under discussed because you learn about it via making an effort in a cybersec career, hitting conferences very years, eventually lucking out with who you met for a beer, and so on. So how do policy leaders trying to understand this stand a chance at understanding it? How do local PD chiefs understand what they’re bringing in, who I really do believe deserve the benefit of the doubt wrt positive intentions? There is really no counter-voice to an incredibly capable nationwide surveillance network that’s been around for at least 10-15 years. The EFF doesn’t really count because the EFF complains about these things, SEN Wyden writes a memo, and that seems to be the accepted scope of the work.. Just like man… the bill of rights… it’s a thing! Insane technology. The problem goes even deeper than messy RBAC in a database. This story showed that the system's brains are pushed to the edge, and if you gain access to the device, you don't even need the central police database. You get a local, highly intelligent agent working autonomously. This breaks the traditional threat model where we worry about "someone leaking the database"; here, the camera itself becomes an active reconnaissance tool. It turns out that instead of hacking a complex, (hopefully) secured cloud, you just need to find a smart eye like this with default settings, and you already have a personal spy at an intersection, bypassing any police access protocols Now you have scale with ai hardware becoming cheaper and software incentives aligning. I always thought that show "person of interest" was a bit far fetched. how could one system have access to that much data? privacy concerns would surely stop it. You'd think so, but everytime a crime is solved by flock or the like, people keep celebrating it and using it as a justification. It reminds me of this meme:
https://www.reddit.com/r/Cyberpunk/comments/sa0eh3/dont_crea... There are few reasons people probably keep building on this topic:
1. Eventually someone will do this anyway.
2. Thus, it shall be mine - I for sure will handle data better than anyone else can, respecting all sorts of guardrails etc.
3. company ipos, founder leaves, things happen. Along with all the cop shows I'm thinking it's almost intentional at this point to normalize things. The very first cop show, Dragnet, was explicitly a PR move to rehab the image of the police in the public's imagination. Every cop show since has been propaganda. Even shows where the police are not necessarily the "good guys", like The Shield or even Chicago PD, normalizes police brutality and the flaunting of basic constitutional laws because those dastardly bad guys have to be stopped at all costs. I enjoy some of these shows myself but it is sometimes crazy how blatant they are about it. The Wire was very good at showing the police as the villains, but it also instilled a lot of pessimism into the audience because said villains got away with damn near everything. Jimmy and Ellis probably sent more people to the hospital or the morgue than anyone else in the show (either directly or indirectly), but neither one got more than a few days of unpaid leave and a reassignment as a consequence. It also undercuts itself by having Ellis become probably the most respectable person in the cast and having all of the cast tell Jimmy he's not to blame for multiple shootings, destroying both families he's built, and even framing multiple innocent people with life sentences. So even the ones that try to buck the trend end up following it. It’s the entire reason some shows and movies exist. The Pentagon, CIA and other agencies routinely and openly assist hundreds of films and TV shows with equipment, locations and expertise in exchange for script changes that protect U.S. military and intelligence reputations. It's definitely. Notice how after the 1994 Crime Bill was put into effect you had a large wave of shows and movies that increasingly depicted police as tools of the state rather than as protectors of the public. The fact that police-centered media exploded in ever larger shockwaves after that, the Atlanta Centennial Olympic Park Bombing, 9/11, and the deaths of Trayvon Martin and George Floyd was no coincidence. Law & Order, NYPD Blue, NCIS, Chicago PD, and Blue Bloods each correspond to each of those periods. The shows and movies are designed to make the abusive and destructive actions of the police look gallant. The police themselves actually advocate on many of them in order to sensationalize depictions or manipulate points of view so that they can then take them and use them as emotional appeals when the public criticizes policing. The name "Law & Order" is a blatant example of this, as it's a phrase used by Richard Nixon during his campaign in 1968, and was widely repeated when he created justifications for starting the War On Drugs in 1970. This same phrase was later used by Reagan and H.W. Bush when they planted their positions of wanting to wield state violence against countercultures that arose. The '90s was full of change as Gen-X started to become adults and formed their own powerful countercultures, and the title of the show was an emotional appeal to conservative older people who hated that change and wanted the state to shape society instead of the other way around. Law and Order is interesting as the early episodes were way more nuanced and gritty. It evolved into something different over the years. They went from exposition of “tv reality” to making a weird case that both cops and prosecutors must cut corners and push the envelope. The weird part is they gloss over the futility. But as you said, the old people get the message that we need to do more. I will offer an alternative POV: if your big brilliant plan is, sue the elected institutions over administrative decisions, don’t go to law school. It would be a colossal waste of your time. You will lose, even if you “win.” You are advocating that talented people go for Willits as a blueprint of “civil service,” which is a terrible idea. It’s the worst idea. If you have a strong opinion about administrative decisions, get elected, or work for someone who wins elections. Or make a better technology.
Talented people should be working on Project Longfellow for everything. Not, and I can’t believe I have to say this, becoming lawyers. And by the way, Flock is installed in cities run by Democrats and Republicans alike, which should inform you that, this guy is indicting civil servants, not advocating for their elevation to some valued priesthood protecting civil rights. https://www.opensecrets.org/federal-lobbying/clients/lobbyis... Do you mean these fine former civil servants simply making administrative decisions who are now Flock lobbyists, or do you mean current civil servants who are future Flock lobbyists? You more likely are getting paid something to not understand things if you, in 2025, believe the "bipartisan consensus" with massive donor class overlap is credible to anyone without an emotional need to rationalize. Flock or their defenders will lock in on the excuse that “oh these are misconfigured” or “yeah hacking is illegal, only cops should have this data”. The issue is neither of the above. The issue is the collection and collation of this footage in the first place! I don’t want hackers watching me all the time, sure, but I DEFINITELY don’t trust the state or megacorps to watch me all the time. Hackers concern me less, actually. I’m glad that Benn Jordan and others are giving this the airtime it needs, but they’re focusing the messaging on security vulnerabilities and not state surveillance. Thus Flock can go “ok we will do better about security” and the bureaucrats, average suburbanites, and law enforcement agencies will go “ok good they fixed the vulnerabilities I’m happy now” Yes and the biggest problem with this kind of ALPRs are they bypass the due process. Most of the time police can just pull up data without any warrant and there has been instances where this was abused (I think some cops used this for stalking their exes [1]) and also the most worrying Flock seems to really okay with giving ICE unlimited access to this data [2] [3] (which I speculate for loose regulations). [1]: https://lookout.co/georgia-police-chief-arrested-for-using-f...
[2]: https://www.404media.co/emails-reveal-the-casual-surveillanc...
[3]: https://www.404media.co/ice-taps-into-nationwide-ai-enabled-... I'm sure the 40 percent of cops who are domestic abusers and the white supremacists militias recruited wholesale into ICE will use this power responsibly. You can go onto the ICE subreddit and see a ton of posts that ask if their previous domestic abuse/gross misconduct/ejection from police academy/etc will effect their ICE application. These aren't people who should hold any kind of intel. It's an actual danger to the population to give these people this much power. When you give access to any system that collects the personal information including location data for people in the US to the police, a percentage of the police will always use those systems for stalking their exes. Don't forget we even saw that in the Snowden leaks. Those were people with much higher scrutiny and background checking than your average cop. Those were people that themselves were more closely monitored. And yet... we want to give that to an average cop? People who have a higher than average rate of domestic abuse? What is not only true for police but for every sufficiently big group of people. Cops do have some unique tendencies but I think the real issue is the cops are able to leverage the power of the government in ways other large groups cannot. The problem with police is a) that police have to deal with bad people and it is very hard to stay untainted when you constantly deal with bad people, and b) being a cop is no longer a desirable or rewarding job which not only causes applicant pool issues but also polarises the job and police force itself. Then the nature of polarisation is that it is self reinforcing. So if your job isn't rewarding financially or socially, the "perks" must come from somewhere and so it attracts people who seek to abuse power etc > So if your job isn't rewarding financially I don't know where you are, but some of the highest paid public employees in my state are police. In fact, median salaries for cops are higher than those of software engineers. Add the fact that they get generous pensions + benefits, and can retire at 45 and draw from that pension until they die, they have it better than most of the people they police. It's one of the only professions where you can make north of $250k+ a year doing overtime by sitting in your car playing Candy Crush all night. I believe strongly that people have zero problem paying their knuckle dragging police fuckwad of the day $150k if they would actually do the job they signed up for. It’s the fact that 99% of them can’t handle it that pisses people off I don’t agree that police isn’t attractive or rewarding, the salaries have gone up and requirements reduced (college degree requirements in places for example) Come with a pension and active lifestyle with a club(FoP) and a union in some positions, its ostensibly public service and you get to much more than peek behind the curtain. Personally, I feel both ways about cops writ large. I feel like we could do a lot better really easily(mandatory body cam recordings please? Our guys literally just take them off.), and on the other hand I get it, they’re doing important work often enough. I keep an unofficial record of instances where police and similar authorities have abused their access to these types of systems. The list is long. It's almost exclusively men stalking ex-partners or attractive women they don't know, but have seen in public. What's frightening is it's not rare, it actually happens constantly, and this is just within the systems which have a high level of internal logging/user-tracking. So now with Flock and data brokers we have authorities having access to information that was originally held behind a judge's signature. Often with little oversight, and frequently for unofficial, abusive purposes. This reality also ties back to the discussion about providing the "good guys" encryption backdoors. The reality is that there are no "good guys", everyone exists in shades of grey, and I dare say there are people in forces whom are attracted to the power the role provides, rather than any desire for public service. In conclusion it's a fundamental design flaw to rely on the operator being a "good guy", and that's before we get into the problem of leaks, bugs, and flaws in the security model, or in this case: complete open access to the public web - laughable, farcical, and horrifying. And my guess is we only ever find out about some probably very small percentage of the abuses by police, at least in theory having rules and oversight of their use of these systems. What are the chances that nobody at Flock has ever abused their access? Cynical-me assumes that if you're the sort of person who'd take a job at a company like Flock, which I and evidently a lot of other people consider morally bankrupt, then you are at least as likely as a typical cop to think that stalking your exes or random attractive people you see - is just a perk of your job, not something that should come with jail time. No idea why you're being downvoted, this is all true. Same was found in Australia when they looked into police access of data [0] [1] [2] [0] https://www.theguardian.com/australia-news/article/2024/jun/... [1] https://www.abc.net.au/news/2022-12-15/victoria-police-leap-... [2] https://www.ccc.qld.gov.au/sites/default/files/Docs/Public-H... > What's frightening is it's not rare, it actually happens constantly, and this is just within the systems which have a high level of internal logging/user-tracking. Would not be surprised if these types of abuse serve to obfuscate other abusive uses as well and are thus part of the system operating as it should. Flood the internal logging with all kinds of this "low-level" stuff, hiding the high-level warrantless tracking. Maybe with these systems we should require them TO be open for anyone to query against. Maybe then people would care more about how they impact their privacy. IIRC, this happened in Washington state: https://www.eff.org/deeplinks/2025/11/washington-court-rules... And as a result, they got rid of the cameras. Funny how that works! Flock’s objective is to hope people don’t care long enough to reach IPO. Will enough people care to dis enable this corporate dragnet surveillance apparatus? Remains to be seen. I don’t much care about the grift of dumping this pig onto the public markets (caveat emptor), but we should care about its continued use as a weapon against domestic citizens without effective governance and due process. Nothing will be done until one of the investors of the tech end up embarrassed from weaponization of the tech against themselves. These people have no clue how creepy some of their technologic betters can be. I once witnessed a coworker surveilling his own network to ensure his girlfriend wasn't cheating on him (this was a time before massive SSL adoption). The guy just got a role doing networking at my company and thankfully he wasn't there for very long after that. > Nothing will be done until one of the investors of the tech end up embarrassed from weaponization of the tech against themselves. I propose that it become mandatory for all senior managment, board members, and investors in Flock - to have these Condor camears and their ALPR cameras installed out the front of their houses, along their routes to work, along the route to nearby entertainment precincts, outside their children's school and their spouses workplace (or places they regularly visit if they don't work) - all of which must be unsecured and publicly available at all times. (Yes I know, I'm dreaming. I reckon every Meta employee's children should be required to have un-parental-controlled access to Facebook/WhatsApp/Messenger/et al...) flock is a YC startup We have met the enemy and he is us -Pogo As O’Brien passed the telescreen a thought seemed to strike him. He stopped, turned aside and pressed a switch on the wall. There was a sharp snap. The voice had stopped. Julia uttered a tiny sound, a sort of squeak of surprise. Even in the midst of his panic, Winston was too much taken aback to be able to hold his tongue. ‘You can turn it off!’ he said. ‘Yes,’ said O’Brien, ‘we can turn it off. We have that privilege.’ I’m glad Benn has gone into the YouTube space. He has demonstrated a great balanced view on how to sell your soul for advertisement money in YouTube land. I’ve known of him a long time simply because of his extremely progressive views towards releasing his own music. In other words, I would not care about Benn Jordan but for the fact that he was releasing his own torrented music on WCD 15 years ago How is this different from the CCP surveillance? I guess this is easier for third parties to access? It isn't any different, it is the exact same thing with a different PR spin. I hate the CCP surveillance too. No state should have this close of an eye on its people. It’s anti-freedom. The PRC has nothing remotely corresponding to the Fourth Amendment, as far as I know. Fair point but there's a crucial nuance: state surveillance used to be limited by human resources. You couldn't assign an agent to every citizen - there aren't enough people. Flock with their AI tracking has effectively removed this scalability constraint. This vulnerability just highlighted how powerful a tool they've built. If these were just dumb cameras, the state would have to hire an army of operators. As it stands, the technology allows for total surveillance with essentially zero marginal cost. And when they fix the security, that terrifying potential for infinite scale isn't going anywhere; it just goes back under the client's control I think more importantly people need to recognize that cops are people, flawed and fallible as is the flock system in general. It should never be the whole solution and be used as evidence alone. This totally misses the OCs point, which is that this data shouldn't be gathered at all, regardless of the competency (or lack there of) of the cops It wasn't my intent to argue otherwise... I was only trying to add to the conversation. The CEO of Flock, Garrett Langley, called Deflock a terrorist group. It's unhinged. https://www.youtube.com/watch?v=l-kZGrDz7PU I live in an Atlanta neighborhood where one of the founders lived. A prototype for Flock Camera was designed by three Georgia Tech grads because someone kept breaking into their car (not uncommon in our neighborhood tbh). The trick is that the camera was pointed towards a middle school. Which means they were constantly recording kids without adult consent. Now, years later, Atlanta is the most surveilled city in North America and one of the most in the world. Flock cameras are everywhere. There are 124 cameras for every 1,000 people. Just last week, a ex-urb police chef was arrested for using the Flock network to stalk and harass citizens. I know a lot of people who work at Flock. I’m shocked that they do though. I don’t know when it stops. You shouldn't be shocked. People gladly line up to work for organizations who willfully erode their civil rights all the time. Just look at all the people here who work for Google, FB, Palantir etc. It stops when we gather outside these CEO's houses and burn them to the ground. >There are 124 cameras for every 1,000 people How does that make any kind of economic sense? Morals aside, that’s a ridiculous amount of devices, data collected and transmitted, and so on. The police has never made economic sense. If you look up your local PD's budget, you will be shocked. There's only so much military-grade vehicles you can spend that on, I guess. Cameras will do. Honestly, not really. If you actually want to have decent coverage to observe crimes and track criminals, that's a ballpark reasonable figure. And it's not really that expensive, and the idea is that it ultimately saves money in terms of the crime it prevents and fewer police and detectives needed. I'm not defending it, but in terms of economic sense it's quite well justified. Opposition to it is moral/ideological around privacy/freedom, not economic. The series Person of Interest is reality just minus the good AI and Batman side of the story The cameras don't make economic sense unless the goal is to enrich contractors or generate money on speed/red light tickets. The bottleneck in solving crime is going after the criminals. There's already not enough resources to go after the crimes that are open and shut. It's wild how stalking isn't considered by these people from day one. Hire anyone whos worked in healthcare privacy or compliance and they will tell you without a doubt ex-girlfriends, bitter rivals and celebrities are the #1 item people abuse their access for. > constantly recording kids without adult consent Why do they need consent in a public place? Children vandalize, steal, etc. as well - should they just be immune from detection because they are below some arbitrary age? Do banks just shut off all surveillance when a child walks past their front door? He has said his goal is for a "world with no crime. Thanks to Flock." and his goal is not aspirational, visionary, but quite literal. He sees false negatives as more problematic than false positives. He has admitted being inspired by Minority Report (to me it's always very telling when someone takes a cautionary tale like this and finds it "inspirational"). It is right to be amazingly concerned. Sci-Fi Author: In my book I invented the Torment Nexus as a cautionary tale Tech Company: At long last, we have created the Torment Nexus from classic sci-fi novel Don't Create The Torment Nexus Show HN: Torment nexus. Built in Rust (YC W25). Oof, that felt too real. I'm half torn making that a reality before someone else does. That's often the thing about these torment nexuses, they're somehow profitable. Expect more of this. The masks are coming off. “Are the fires of Hell a-glowing?
Is the grisly reaper mowing?
Yes! The danger must be growing
For the rowers keep on rowing
And they're certainly not showing
Any signs that they are slowing!” - Willie Wonka [flagged] How are they conspiring to destroy it? Are you saying that coordinating attempts to change policy counts as destroying the previous policy, or are you drawing a line from identifying and locating the cameras to (possibly other) people actively vandalizing them? If they were doing that, that would be a criminal conspiracy, not terrorism. Authoritarians often like to call ordinary criminals, political opponents, and dissenters terrorists to delegitimize them and justify harsher behavior against them. I assume that's what Garrett Langley was trying to do when he called them a "terroristic organization". Luckily for DeFlock they're not doing anything "terroristic" or even criminal. As another commenter said, it's a criminal conspiracy or something to that effect. If terrorism is supposed to be the use of violence against non-combatants to attain a political or ideological goal... then would de-Flock be anti-terrorism? Removing Flock cameras makes me feel less terrorized. I wonder what our founders would think about tools like Flock. From what I understand these systems are legal because there is no expectation of privacy in public. Therefore any time you go in public you cannot expect NOT to be tracked, photographed, and entered into a database (which may now outlive us). I think the argument comes from the 1st amendment. Weaponizing the Bill of Rights (BoR) for the government against the people does not seem to align with my understanding of why the Bill of Rights was cemented into our constitution in the first place. I wonder what Adams or Madison would make of it. I wonder if Benjamin Franklin would be appalled. I wonder if they'd consider every license plate reading a violation of the 4th amendment. > I wonder what our founders would think about tools like Flock. I suspect they'd make a distinction between private individuals engaging in first amendment protected activity like public photography and corporations or the state doing the same in order to violate people's 4th amendment rights. We certainly don't have to allow for both cases. They'd have not forced license plates to be displayed at all times to begin with, as they are a search of your papers without probable cause your vehicle is unregistered. Private ships in those days (probably the closest equivalent of something big and dangerous that could do tons of damage quickly on the public right of way) did not have required hull numbers or anything like that. Of course that doesn't totally solve the flock problem, but makes it a lot harder. Ships then, and now, don’t really need numbers for identification. There are various unique numbers that they can and do use occasionally for specific purposes(IMO numbers and hull numbers). However, a ship’s name and home port were, and are, more than sufficient to identify a ship for legal purposes. You don’t need a registration number on a ship, and certainly wouldn’t have needed one then. The authorities absolutely kept meticulous records of ships entry and exit from any harbour as well as what was on board, what was loaded and unloaded and frequently a list of all persons onboard. Some flag states enforce uniqueness constraints on name and home port combinations. The US does not, but that really doesn’t matter much in the real world. There just aren’t that many conflicts. More importantly, the founding fathers very much did not extend privacy rights to ships. Intentionally so. The very first congress passed a law in 1790 that exempted ships from the requirements of needing a warrant to be searched. The ability to track and search ships without warrants has been an important capability of the federal government from day one. Hell, the federal register of ships is published and always has been. I don’t know how they would have felt about private cars, but the founding fathers revealed preference is that shipping and ships are not private like your other “papers and effects” are. Thanks for this level of detail. History is complex, which is why I tend to be skeptical of bare “what would the founders have thought about this” complaints. The comparison to private ships doesn't quite land, IMO. Ships
- ships big enough to do material damage would be very small in #
- ships big enough to do material damage would have a (somewhat?) professional crew
- whatever damage they could do would always be limited to tiny areas - only where water & land meet, only where substantial public or private investment had been made in docks/etc
- operators have strong financial incentive to avoid damaging ship or 3rd party property (public or private) Cars
- in some countries the ratio of cars to people is approaching 1
- a vanishingly small portion of vehicles have professional drivers
- car operators expect to be able to operate at velocities fatal to others on nearly 100% of land in cities, excepting only land that already has a building on it, and sometimes not even that.
- car operators rarely held liable for damage to public property, injury, or death and there's strong political pressure to socialize damage and avoid realistic risk premiums I don't love flock but IMO the only realistic way to get rid of license plates would be mandatory speed governors that keep vehicles from going more than like 15mph. I would be fine with that, but I suspect most would not. If we expect to operate cars at velocities fatal to people outside our vehicles, then there will always be pressure to have a way of identifying bad actors who put others at risk. > I don't love flock but IMO the only realistic way to get rid of license plates would be mandatory speed governors that keep vehicles from going more than like 15mph. I don't understand this reasoning. License plates don't stop speeding from happening. Removing license plates wouldn't prevent enforcement of speed limits either. A cop can pull over and ticket someone without a license plate just as easily as they do now. At best they're good for a small number of situations where they help identify a car used in a crime (say a hit and run) but even then plenty of crimes are committed using cars that can't be linked back to the driver (stolen for example) or where the plates have been removed/obscured. I’m not arguing that license plates solve the problem of the danger of cars, simply that as long as cars are dangerous to people not inside the car, there will be political pressure to have some way, however imperfect, of identifying them and their owners/operators. Even the least sophisticated criminals know that you should buy a stolen Kia or Hyundai for ~$100 and use that to commit your crime. I suspect most of the crime these Flock cameras are catching is red-light runners and maybe hit and runs if it happens to be caught on camera. A hit and runner hit me in front of such camera and totalled my truck. Police refused to investigate, they're not interested in using camera for such reasons nor is there much incentive that's in it for the police to do so. > Private ships Often, the same people crying about Flock will decry private arms ownership through mental gymnastics. These very same ships you speak of that could do "tons of damage" had actual cannonry - with no registration or restrictions on ownership or purchase, either. You can still buy and bear a cannon with no background check or registration or any of the like, FWIW. Very easy to order on the internet and have shipped straight to your door[]. [] https://www.dixiegunworks.com/index/page/product/product_id/... You can, but be aware that an exploding cannonball (widely available in 1776) is considered a destructive device, so each shell must have an NFA stamp. Solid shot is not considered a destructive device. Does the shell have to be serialized? Or does one merely need a stamp that handwaves towards a particular, but generic looking shell? I think maybe the worst part is that the more we buy into this belief the more self fulfilling it becomes (see third link). But I don't expect anyone to believe me so here's several links. And I'd encourage people to push back against this misnomer. In the most obvious of cases I hope we all expect to have privacy in a public restroom. But remember that this extends beyond that. And remember that privacy is not binary. It's not a thing you have complete privacy or none (public restrooms again being an obvious example). So that level of privacy that we expect is ultimately decided by us. By acting as if it is binary only enables those who wish to take those rights from us. They want you to be nihilistic https://www.eff.org/deeplinks/2024/09/you-really-do-have-som... https://en.wikipedia.org/wiki/Reasonable_expectation_of_priv... https://legalclarity.org/is-there-an-expectation-of-privacy-... I'd bet many of the founders would've been amazed at the technology and insist on wide scale adoption. It could've further cemented the power of slaveholders over their slaves. It could've helped to track the movements of native groups. It could've helped to root out loyalists still dangerous to American independence. they prob be upset about the 13th 15th and 19th amendments too Yea they would have had no issue with flock if it was for capturing escaped enslaved people They aren't a monolithic group. There was a wide range of opinions on slavery and many other topics. Do a bit of research. The only acceptable opinion today should be that slavery of all stripes, practiced both before the emancipation proclamation, as well as today in both prison settings and trafficking, is abhorrent. Your founding fathers would become feasible perpetual energy sources as they roll in their graves seeing what your country has turned into. Not that you guys are alone - a lot of countries would benefit from such energy sources too. > From what I understand these systems are legal because there is no expectation of privacy in public. Not quite. There's been precedent set that seems to imply flock and other mass surveillance drag net operations such as this do violate the forth. Defendants trying to exclude ALPR evidence often invoke Carpenter v. U.S. (or U.S. v. Jones, but that’s questionable because the majority decision is based on the trespass interpretation of the 4th Amendment rather than the Katz test). Judges have not generally agreed with defendants that ALPR (either the license plate capture itself or the database lookup) resembles the CSLI in Carpenter or the GPS tracker in Jones. A high enough density of Flock cameras may make the Carpenter-like arguments more compelling, though. Yeah, I don't think capturing your license plate at a light falls afoul of Carpenter, but aggregating timestamped records of your license plate all over town to build a complete picture of your movements probably does. They would probably be enraged that we pay 50% income tax and use a central bank to fund all this bs more than anything. I think you should try to decide for yourself what to make of the situation instead of wondering what some ancient dead old dudes would think. It is possible to have your own thoughts and also wonder what other people think. If that was the case then you should wonder what Descartes would think. What Derrida or Baudrillard would think. We both know it’s not about that though. Wondering what the people who created the government think of the current government is massively different than wondering what either of two French philosophers who never participated in statecraft born 150 years later thinks. It is perfectly normal to wonder what the architect of a system thinks of the current system, and entirely separate from wondering what a pair of unrelated Frenchman think of that system. Even if they are just “some ancient dead old dudes”. These guys made a constitution that says all men are free, except for slaves and women because they’re obviously not men. This led to a civil war just a couple decades later. I think it’s pretty clear that they didn’t really know what they were doing. In fact, that’s why they gave you the tools to change the laws of the country. Descartes at least was a mathematician and a philosopher with novel ideas. Derrida and Baudrillard were "postmodern" slop faucets. Both perspectives could be informative. [flagged] Congratulations on not participating in the legal or political systems of the US, I guess? Or even visiting the US, to say nothing of living here I’ve done both those things! Your obsession with what some half dead geezers from 300 years ago is a huge part of what makes the country a horrible place to live and a horrible influence on the world This was posted to HN a week ago but didn't get enough attention due to the weird title. It's a map of all city council meetings in the US whose agenda mentions Flock alpr.watch - https://news.ycombinator.com/item?id=46290916 - Dec 2025 (444 comments) That post was literally the #1 story on HN for the entire day: https://news.ycombinator.com/front?day=2025-12-16. It was on the frontpage for 25 hours. That's about as much attention as any thread gets - well above the 99th percentile. you're right I misremembered. I still feel the enigmatic title of the post made it hard to realize its importance. Maybe I'm just biased because it took me way too long to find it even with the algolia front-end Yeah, finding it after-the-fact with search is not a trivial undertaking. I do feel somewhat proud that an article with that title did so well on HN. In Brazil there is a similar problem, but it's not as widely discussed. Here, police investigations revealed that a website sold access for less than $4 to the nation-wide surveillance system, which included live feed of public safety cameras and person search by tax identifier. It was also shown that criminal organizations used it to locate their targets. Access was through the open internet, with leaked credentials, the federal government's system requires no VPN for access. Source (Portuguese): https://mpmt.mp.br/portalcao/news/1217/164630/pf-expoe-invas... That definitely wouldn't happen in the states. Corruption only happens in poor countries. For more context here Flock Safety is a YC-backed company [1][2] I wonder if that's why this post, with more upvotes than a number of the other ones on the front page, has seemingly vanished from it. No, it's the other way around. This post is ranked higher on the frontpage than it would be if it weren't YC-related. (In fact, it probably wouldn't be on the frontpage at all in that case.) A core principle is that we moderate less, not more, when YC or a YC-funded startup is part of the story. Many past explanations: https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu... I believe you when you say that nobody at YC put their thumb on the scale for this story in particular. However, YC very much has control over the algorithm used to rank stories on the Hacker News front page, and this algorithm very commonly downranks threads which are detected as being "controversial." If the algorithm "working as intended" consistently downranks stories that cast a bad light on YCombinator, the sorts of people y'all mingle with, or the tech industry in general...is that any better than putting your thumb on the scale? This is kind of why I feel obligated to use https://news.ycombinator.com/active - after all, it's a very good indication of what Hacker News' algorithm and certain cohorts of its readership wants to hide from the casual viewer. And given the sorts of stories it tends to hide, it doesn't reflect well on this site or its users. > If the algorithm "working as intended" consistently downranks stories that cast a bad light on YCombinator, the sorts of people y'all mingle with, or the tech industry in general...is that any better than putting your thumb on the scale? That's the exact opposite of what Dan stated, what this thread (and your link) demonstrate, and my own lived experience here. This thread required manual intervention to override the algorithm - intervention that it did not always have and not all stories benefit from. My argument is that the algorithm, as well as the various gameified engagement mechanisms on this site, are badly conceived and gives too much censure and veto power to ordinary users. Everything you've said here is answerable by anyone who is willing to read some of the posts I just linked to. Here's the link again: https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu.... HN is designed to downweight sensational-indignant stories, internet dramas, and riler-uppers, for the obvious reason that if we didn't, then they would dominate HN's frontpage like they dominate the rest of the internet. Anyone who spends time here (or has read https://news.ycombinator.com/newsguidelines.html) knows that this is not what the site is for. The vast majority of HN readers like HN for just this reason. It is not some arbitrary switch that we could just flip, if only we would stop being censoriously sinister It's essential to the operation of the site. At the same time, we downweight such threads less when the sensational-indignant story, drama, or riler-upper happens to be about YC or a YC-related startup. Note that word less. It means we "put our thumb on the scale" in the opposite direction you're implying: to make those stories rank higher than they otherwise would. How you get from that all the way back to the notion that we moderate HN specifically to suppress negative stories about YC strikes me as escape-artist-level logic, and citing a web page that we ourselves publish as the best (only?) supposed evidence for this is surely a bit ironic. > If the algorithm "working as intended" consistently downranks stories that cast a bad light on YCombinator We manually intervene to reduce or remove the penalties that downrank YC-related stories. Thus, stories like this one get more front page exposure and discussion than they would if they were not YC-related. And anyone can audit this via /active, HNRankings and any other tools they may want to build by pulling data from the API. > the sorts of people y'all mingle with, or the tech industry in general That phrase reflects an assumption that YC is synonymous with the tech industry and that everyone at YC and in the tech industry “mingles” and agrees with one another. That’s far from true. Even among the YC partners there are differences in opinion about these things, and there have been huge public disputes in recent years between prominent YC-aligned figures and other major tech industry identities. It’s natural that people come to HN to discuss and scrutinize the activities of the tech industry, given that we’re a major public discussion forum focused on the tech industry. We accept that and make allowances for it. It doesn’t mean we need to apply the same lower-moderation philosophy to every tech industry controversy that we do when YC is a part of the story. dang won't like me sharing this repo (sorry!) but hn-undocumented has a relevant section on this: https://github.com/minimaxir/hacker-news-undocumented?tab=re... > Currently, there is no evidence that non-job submissions about a YC startup receive preferential treatment on the front page, or kill submissions critical of a YC startup. In fact, the moderators have stated that they explicitly avoid killing controversial YC posts when possible. And also: > Additionally, founders of YC companies see each other's usernames show up in orange, which — although not an explicit benefit — does allow fellow YC founders to immediately identify one another in discussions. When I made this comment, it was nowhere to be found on my front or second page, I had to navigate back through my browser history to find it. Yes, that makes sense and I didn't mean to give the wrong impression! These things take time for us to correct. The number of comments is way higher than the number of upvotes, which usually gets submissions heavily downranked. Comments were moved from this higher upvoted thread https://news.ycombinator.com/item?id=46356182 to this lower upvoted one. And let me share this reply by Garry Tan, CEO of YC, after someone made a comment that Flock might be _pretty dystopian_ [1][2]: > You're thinking Chinese surveillance > US-based surveillance helps victims and prevents more victims > You're thinking Chinese surveillance the big irony, of course, is that i'm much more comfortable with China surveilling me than the US, since the latter can throw me in jail, seize my assets, and ruin my family's life, while the former cannot. The CCP can hijack your accounts and absolutely do all of those things, using your own government. why would the former bother, when all they have to do is take you to one of their secret police stations in the US and disappear you? Still a much lower risk than Kristi Noem deciding you represent a national security risk because you tweeted “Fk ICE” The US government is a democracy and can be replaced should it exceed people’s limits. The CCP… uh, not so much. I’m not trying to say the US government is faultless but it amazes me how often I see this kind of anti-democratic institition sentiment. > it amazes me how often I see this kind of anti-democratic institition sentiment. leeoniya didn't say anything about democracy. The practical reality is that regardless of what forms of government are involved, whichever government has the ability to arrest you is the government which is the greatest threat in your day-to-day life. > government has the ability to arrest you is the government which is the greatest threat in your day-to-day life Assuming every government is the same, which I'm not so sure about. I rather be arrested by the German government than the US government, mainly because I don't want to disappear to black site and be made to disappear for years while I'm t̶o̶r̶t̶u̶r̶e̶d̶ receiving enhanced discussion techniques. At least I know I'll be treated relatively OK by Germany, while my fear is pretty much the opposite from a lot of other governments out there. > Assuming every government is the same Wrong. The American government is much better than the Russian government, but the Russian government cannot arrest me while the American government can, therefore the American government is a much more serious threat to me than the Russian government. No equivalence between the two governments is assumed or implied. "The government that has the ability to arrest you" is the one that controls the police on the street you live on. Not some abstract commentary on which government is best at arresting people. > The US government is a democracy and can be replaced I'm not sure this is as axiomatic as many think, in 2025 I've already placed my bets that current president will be the first to serve at least three terms since the two-term limit was introduced. Judging by what's happening, seems like a safer and safer bet every day. I think the most likely reason that won't happen is some sort of cardiovascular failure (heart attack or stroke), not because anyone will actually stop the Republicans otherwise trying. Conservatives want a monarchy. Shitty bet tbqh, but it's your money. Trump promises his supporters much but delivers very little. If J6 is the sort of insurrection his base can muster, there's no chance in hell of him getting another term. Hasn’t Trump already said he won’t do another term? He has said that he cannot do more than two terms, but also there are ways to do more terms. Then he said it's too early to think about, then that he is joking, then that he wasn't joking, then that he isn't looking into it, but that they're "probably entitled to another four after that" (https://www.cbsnews.com/news/what-trump-has-said-about-pursu...), whatever the fuck that means. Ultimately, I don't think it matters much what he says or has said, he won't clearly say what he/they are planning, obviously. > Ultimately, I don't think it matters much what he says or has said, he won't clearly say what he/they are planning, obviously. Honestly they're pretty open about their plans. They laid most of them out in Project 2025. They just sometimes carry out those plans while also denying that they are following the playbook. Trump in particular will be surprisingly candid about what he's doing in between bouts of lies and denials. Like he said he didn't know anything about project 2025? Steve Bannon is the one working on this, has said they have a plan to do it. Trump himself seems to believe that if the country is at war elections are postponed because that is how it works in Ukraine. Ergo Venezuela. It’s not anti-democratic, it’s simply a matter of exposure. China can WANT to do whatever they want to me, but I have no assets in China, no trade in China, and neither me nor anyone close to me will ever go to China. So it simply matters a lot less what China has on me than the country where I have friends, loved ones, financial assets, property, and frequently visit. Generally I'd agree. The threats here are larger. That said China isn't powerless to hurt you either. I haven't seen much of it happening, but in theory China could blackmail you. They can manipulate and influence you and your children through social media and advertising, even encouraging kids to harm themselves/others. They can also fill the products they make for us with heavy metals and other poisons while building them to break draining our finances and filling our country with trash. The worst thing they could do though is just stop producing crap for us entirely since we're basically dependent on them for just about everything. And the united states can also do those things. We’ve been fighting against the hormone-filled milk for decades, and half of the ingredients are banned by smarter countries, but more than half of our food is still imported poison. But none of that has to do with who is surveilling me online. It's not anti-democratic, it's just pragmatic. Yes the US is a democracy, but a lot of our systems suck ass and are also close in proximity. You DO NOT want to get into legal trouble in the US. Our justice system is beyond fucked. If there's one way to permanently ruin your life in the US, it's getting into legal trouble. You're better off smoking crack cocaine, that's probably healthier for your livelihood. I don't know about China's legal system, but even assuming it's more fucked, it's all the way over there. Not here. The main trouble with Flock and companies like them is that they attach to our broken systems like a tumor. If the system fails, which it often does, these accelerate it and make it worse. If you get falsely accused of something or piss off the wrong PD, this shit can ruin your life. Permanently and expeditiously. Even if you are the most Moral Orel you should be skeptical of these crime reduction claims. They don't just beat down crime, they beat down regular people, too. And if you ask them, they don't know the difference. > I don't know about China's legal system, but even assuming it's more fucked, it's all the way over there. Not here. You're saying that the US legal system is extremely bad, shouldn't the assumption be that other countries have it better? I don't know much about either country's legal systems, but I do know that if I feel like my country is extremely bad at something, other countries probably do it better, at least that what I'll assume until I see evidence of something else. Maybe, I mostly gave that disclaimer to say that it actually doesn't matter much. Even if it's worse, that's still better, because it's over there. But yes, generally, I assume virtually every developed country (and some of the kind of developed countries) have a more just and competent legal system than the US. The US is an interesting beast, because when you compare it to the entire world on a bunch of stuff, it doesn't seem so bad. But when you compare to countries that have, like, clean running water, then it really falls flat in a lot of ways. This allows apologists to basically justify anything the US does, because somebody, somewhere, is doing it much worse. Hey guys, look at Uganda, they're genociding gay people! Not being an expert in every single country's legal system, I would guess that the USA's is about middle of the spectrum in terms of badness/fairness/justice. These things are hard to weigh objectively. For instance, in America the police don't take bribes, you can't bribe your way out of a traffic ticket. The cops will laugh at your attempt and pile on more charges. But if you're a local business owner, the bribes to local politicians are far from unheard of and all manner of corrupt dealings between business and local government is prevalent. So how you rank America's corruption depends on how you weigh those two forms of corruption. There's not one single objectively correct way to do that.
dogman144 - a day ago
skipants - 19 hours ago
faidit - 15 hours ago
PunchyHamster - 10 hours ago
riskable - 8 hours ago
makeitdouble - 7 hours ago
Barathkanna - 17 hours ago
dogman144 - 3 minutes ago
KurSix - 14 hours ago
tehlike - a day ago
mysterydip - a day ago
tehlike - 19 hours ago
bakies - a day ago
b00ty4breakfast - 20 hours ago
Tanoc - 9 hours ago
spiderfarmer - 21 hours ago
Tanoc - 10 hours ago
Spooky23 - 7 hours ago
doctorpangloss - 21 hours ago
fasbiner - 20 hours ago
edot - a day ago
dvtkrlbs - a day ago
tdeck - a day ago
MSFT_Edging - 10 hours ago
throwway120385 - a day ago
godelski - a day ago
hugo1789 - a day ago
kcatskcolbdi - a day ago
djtango - a day ago
heavyset_go - a day ago
SOLAR_FIELDS - a day ago
jonway - 18 hours ago
quitit - a day ago
bigiain - 21 hours ago
marcus_holmes - a day ago
Phemist - a day ago
candiddevmike - a day ago
ipdashc - 20 hours ago
toomuchtodo - a day ago
SamInTheShell - a day ago
bigiain - 21 hours ago
tejtm - a day ago
StanislavPetrov - a day ago
SOLAR_FIELDS - a day ago
coffeebeqn - a day ago
AngryData - 17 hours ago
edot - 21 hours ago
AlexCoventry - 21 hours ago
KurSix - 14 hours ago
tracker1 - a day ago
monkaiju - a day ago
tracker1 - 9 hours ago
jjwiseman - a day ago
superultra - a day ago
throw-12-16 - 20 hours ago
kace91 - a day ago
array_key_first - 20 hours ago
crazygringo - a day ago
hypercube33 - 10 hours ago
mothballed - a day ago
bearjaws - 8 hours ago
15155 - a day ago
FireBeyond - a day ago
CPLX - a day ago
kjkjadksj - a day ago
fouc - 19 hours ago
therobots927 - a day ago
whycombinetor - a day ago
BobaFloutist - a day ago
jjwiseman - a day ago
brendoelfrendo - a day ago
fusslo - a day ago
autoexec - a day ago
mothballed - a day ago
dghlsakjg - a day ago
snowwrestler - 9 hours ago
appreciatorBus - a day ago
autoexec - a day ago
appreciatorBus - 21 hours ago
PleasureBot - 11 hours ago
mothballed - 11 hours ago
15155 - a day ago
mothballed - 20 hours ago
iamnothere - 19 hours ago
mothballed - 18 hours ago
godelski - 21 hours ago
Funny enough thats actually not true. Legally speaking. It's often claimed but it is an over simplification. > because there is no expectation of privacy in public
Humorist2290 - 17 hours ago
chzblck - a day ago
rimbo789 - a day ago
kQq9oHeAz6wLLS - a day ago
tomrod - 21 hours ago
fakedang - 14 hours ago
TheCraiggers - a day ago
snazz - a day ago
NoGravitas - 5 hours ago
ericmcer - 7 hours ago
amrocha - a day ago
unclad5968 - a day ago
amrocha - a day ago
dghlsakjg - a day ago
amrocha - 16 hours ago
faidit - 19 hours ago
reed1234 - a day ago
amrocha - a day ago
lazyasciiart - a day ago
kQq9oHeAz6wLLS - a day ago
amrocha - 16 hours ago
culi - a day ago
dang - a day ago
culi - a day ago
dang - 20 hours ago
afarah1 - a day ago
aucisson_masque - a day ago
kklisura - a day ago
ribosometronome - a day ago
dang - a day ago
LexiMax - a day ago
itishappy - a day ago
LexiMax - 8 hours ago
dang - 8 hours ago
tomhow - a day ago
culi - a day ago
ribosometronome - a day ago
dang - 20 hours ago
embedding-shape - a day ago
lossolo - a day ago
kklisura - a day ago
leeoniya - a day ago
devwastaken - a day ago
stronglikedan - a day ago
therobots927 - a day ago
afavour - a day ago
mikkupikku - a day ago
embedding-shape - a day ago
mikkupikku - a day ago
lazyasciiart - a day ago
LocalH - a day ago
embedding-shape - a day ago
SAI_Peregrinus - a day ago
mikkupikku - a day ago
tchalla - a day ago
embedding-shape - a day ago
autoexec - a day ago
Hikikomori - a day ago
freeone3000 - a day ago
autoexec - a day ago
freeone3000 - 2 hours ago
array_key_first - a day ago
embedding-shape - a day ago
array_key_first - a day ago
ryandrake - a day ago
mikkupikku - a day ago