1587 points by Brajeshwar 125 days ago | 632 comments on HN
| Moderate positive
Contested
Editorial · v3.7· 2026-02-28 10:31:03 0
Summary Free Expression & Due Process Advocates
Ars Technica reports on a lawsuit filed by lock company Proven Industries against YouTuber Trevor McNally for posting a video demonstrating how to bypass one of their products. The article strongly advocates for McNally's free expression rights to share security information and critiques Proven's legal action as an illegitimate abuse of process, particularly given the CEO's criminal history and documented pattern of intimidation. The coverage emphasizes that lock-picking videos remain legal and that corporate suppression of such information contradicts principles of fair legal process and due process protection.
I am concerned about the public reacting aggressively agaisnt the lock company owner amd his family. The guy is definitely a toxic bully, but he was indeed violently harrassed by filing a lawsuit, however unjust it was.
The correct support for a just cause must have been constructive: providing financial support for the defendant, public manifestation campaign, professional lobbying, etc
Although this time I agree with the defendant cause, the response by the public was as toxic bullying as the plaintiff, only stronger.
This guy shims a $100+ lock in 10 seconds with a liquid death can, all without speaking in the video, just replays and then destroyed their claims and GTFO. Absolutely masterful.
Back in 2007, I published the first YouTube bypass of the Master Lock #175 (very common 4-digit code lock), using a paperclip.
After the video reached 1.5M views (over a couple years), the video was eventually demonetized (no official reason given). I suspect there was a similarly-frivolous DMCA / claim, but at that point in my life I didn't have any money (was worth negative) so I just accepted YouTube's ruling.
Eventually shut down the account, not wanting to help thieves bypass one of the most-common utility locks around — but definitely am in a position now where I understand that videos like mine and McNally's force manufacturers to actually improve their locks' securities/mechanisms.
It is lovely now to see that the tolerances on the #175 have been tightened enough that a paperclip no longer defeats the lock (at least non-destructively); but thin high-tensile picks still do the trick (of bypassing the lock) via the exact same mechanism.
Locks keep honest people honest, but to claim Master's products high security is inherently dishonest (e.g. in their advertising). Thievery is about ease of opportunity; if I were stealing from a jobsite with multiple lockboxes, the ones with Master locks would be attacked first (particularly wafer cylinders).
Someone : “Sucks to see how many people take everything they see online for face value,” one Proven employee wrote. “Sounds like a bunch of liberals lol.”
The company : Proven also had its lawyers file “multiple” DMCA takedown notices against the McNally video, claiming that its use of Proven’s promo video was copyright infringement.
When did facts and enlightenment started to be for "liberals lol" ?
Freedom of speech based on facts should be universal.
If you don't know him already, I highly recommend videos by LockPickingLawyer — he routinely destroys bogus claims of various companies within seconds. It's quite entertaining to see how little security you actually get from most locks.
The most absurd thing is the original video response from the company was good, and with a very compelling argument: their customers never saw shimming in the field. Their user base don't need shimming resistance: security needs to be adequate, not perfect. And they follow-up by presenting options about people requiring the lock to be shim-proof.
Granted, in this day and age, it's a disgrace to still make locks that can be shimmed. Especially when the shim-proof alternatives they show just have an additional notch to catch the shim.
I wonder how many stories like this are caused simply because a corporate lawyer is looking for some work to do, and maybe to meet some kind of internal KPI.
> Under questioning, however, one of Proven’s employees admitted that he had been able to duplicate McNally’s technique, leading to the question from McNally’s lawyer: “When you did it yourself, did it occur to you for one moment that maybe the best thing to do, instead of file a lawsuit, was to fix [the lock]?”
Sometimes a single question tells you how the entire case is going to go.
> On July 7, the company dismissed the lawsuit against McNally instead.
> Proven also made a highly unusual request: Would the judge please seal almost the entire court record—including the request to seal?
Tough at first then running away with the tail between their legs. Typical bullying behavior.
> but Proven complained about a “pattern of intimidation and harassment by individuals influenced by Defendant McNally’s content.”
They have to know it's generated by their own lawsuit and how they approached it, right? They can't be that oblivious to turn around and say "Judge, look at all the craziness this generated, we just have to seal the records!". It's like an ice-cream cone that licks itself.
> the case became a classic example of the Streisand Effect, in which the attempt to censor information can instead call attention to it.
A constant reminder to keep the people who don't know what they are doing (including the owners of the company!) from the social media.
I once worked for a company that kept its passwords locked in a safe. One day, all other copies of the password were lost, and they needed it, but the safe's key could not be found.
They expensed a sledgehammer and obtained the password through physical modification of the safe using a careful application of force. Some employees complained that meant the safe wasn't... well, safe.
The security team replied "Working as Intended" - no safe is truly safe, it's just designed to slow down an attacker. At that moment, I was enlightened.
> Lee’s partner and his mother both “received harassing messages through Facebook Messenger,” while other messages targeted Lee’s son, saying things like “I would kill your f—ing n—– child” and calling him a “racemixing pussy.”
Some people always go too far, undermining the good cause of the others
If anyone is interested in the legal side, I'd also recommend 'Runkle of the Bailey' who has a series on this saga but with a focus on the legal shenanigans [0]
If a company’s first reaction to a flaw is to sue instead of fix it, the problem probably goes beyond the lock itself. A real security company would appreciate someone pointing out a weakness rather than trying to take the video down. That kind of openness would actually make people trust them more.
This reminds me of the CEO of a cyber security company that challenged Anonimous https://en.wikipedia.org/wiki/HBGary. If you work for any kind of security company, do not ever ever ever challenge any kind penetration specialist. Everything is hackable, it is only a matter of cost vs reward, but when you challenge someone that goes out of the window.
This reminded me of Matt Blaze's work on physical lock security back in 2003. He found a method of deriving the "master key" for a building (one key that opens all locks) from a single example: https://www.mattblaze.org/masterkey.html
When he published about this he was bombarded with messages from locksmiths complaining that they all knew about this and kept it secret for a reason! https://www.mattblaze.org/papers/kiss.html
It was a fascinating clash between computer security principles - disclose vulnerabilities - and physical locksmith culture, which was all about trade secrets.
The entire field of locksmithing has a failing culture around security. They still rely on security by obscurity, they sue attackers, and they never improve
You’re getting downvoted which is unfortunate because I think you make a worthwhile point.
Emotionally I disagree with you. It feels like a bully is getting what a bully deserves. Logically, I think you are right though. Crowds just aren’t equipped to handle these situations. There are cases where the wisdom of the crowd is correct, but there are many more where it multiplies harms.
The underlying problem is that it never feels like justice is being served. Another comment mentions that there should be harsher punishment for false DMCAs. I don’t think the “wisdom of the crowd” approach is the best way to write those wrongs but I lament that modern justice has not been up to the task.
I’m going to border closely to blaming the “victim” here, but if the lawsuit had been filed without toxic, threatening, man-baby social media posts, we wouldn’t be hearing about it. Harassed because he filed a lawsuit? C’mon, there’s a lot more to it than that. When one goes swinging their dick around on Twitter in an attempt to garner support (from one’s equally toxic fans, I presume), one will also likely attract equally toxic folks who disagree. Talk enough shit, and you’ll eventually get a punch to the face. Right or wrong, such is the world long before social media.
That’s the internet these days. It’s been going on for decades. Game developers got death threats over minor changes to video games and nothing happened to them. Is it that surprising that tactic has continued?
People can make fun of the company all they want. That’s fair game. They shouldn’t be calling the guy’s personal phone or harassing his family, that’s totally over the line.
But nothing happens. The behavior gets a pass so it continues to become more common. That passes for debate now.
This all sounds great in the abstract. But reality is different due to the power differential. McNally is just one dude (albeit with a huge following). Lee is obviously a toxic jerk and his attacks and mockery of McNally triggered both McNally repeatedly proving the flaws in Proven's technology.
McNally obviously did the correct thing it seeking counsel and basically demolishing Proven's case in court. Too bad the SLAPP stuff doesn't work with DMCA takedowns.
And everyone else cheering on the sidelines (who isn't a paid shill of Proven's like the guy making the "liberal" comment)? Well giving Lee's company shit is fine IMHO. Call up the publicly available phone numbers, make service requests to flood his business etc. Fine with me. You poke the Internet bear, you get some claws.
As to the threats? If they actually occurred (which is questionable considering the BS Proven has been saying), then let the authorities know about them. That's not on McNally at all, it's more Lee being a jerk who doesn't know about the Streisand Effect, combined with social media companies that allow stuff like that to happen. It's also a good idea to not expose too much info about your personal life on social media that can be linked to your business, opsec ya know?
Actual thieves don't give a shit to learn lock picking, they can use a fine toothed sawzall or oxy-acetylene torch and defeat any lock just as fast without having to youtube the particular brand.
> the lock company owner amd his family. The guy is definitely a toxic bully, but he was indeed violently harrassed by filing a lawsuit
I think you're confusing who filed the lawsuit here. That was also the lock company owner as well (Lee/Proven).
While I agree that flash mob harassment from the Internet is a terrible dynamic, filing baseless lawsuits has been a longstanding way to predictably summon them. So if the table stakes of launching or defending these type of aggressive attacks have gone from a significant amount of money for attorneys, to a significant amount of money for attorneys plus public relations and/or having a large audience, does that really actually change much? Either way most people simply don't file lawsuits, even if they've been actually wronged, due to the extreme personal stress.
The straightforward way of diminishing mob justice is to make people believe the system provides justice. If we lived in a society where McNally would predictably win the lawsuit [0], and be predictably compensated for his expenses/time/emotionalDistress for being on the receiving end of this baseless SLAPP, then there would be much less mob outrage to begin with. As it stands, everyone can imagine themselves receiving these types of legal shakedown letters, but having much less power to push back.
[0] it sounds like this particular suit was slapped down pretty hard and "quick" by the standards of the legal system, but there are many similar cases that don't go this way
>Freedom of speech based on facts should be universal.
To be fair that's not what we have in USA. For instance, a nurse who never even signed a private privacy agreement with anyone (unusual, but could happen) could violate HIPAA if they factually tell a patient's spouse the patient is being treated for AIDS and they ought to watch out.
LPL owns Covert Instruments, who employs McNally, the YouTuber who got sued in this case. Probably not a coincidence that Covert Instruments wasn't named in the lawsuit.
Former in-house lawyer here and in my experience the answer is something like "probably less than you think." The job of the lawyer is to advise the client and (within the bounds of ethical rules) advocate for their position, not to come up what the company's position should be.
> A constant reminder to keep the people who don't know what they are doing (including the owners of the company!) from the social media.
I'm just guessing based on the contents of the article, but it sounds like a typical "hard-fist founder-run company" so good luck convincing the founder to not sit on social media and argue their points.
> When did facts and enlightenment started to be for "liberals lol" ?
It didn't. That's one employee of the company, who has a clear bias in the matter, being ridiculous. It has nothing to do with liberal ideology, nor critique of liberal ideology, nor whatever sort of person that employee thinks should be considered a "liberal", nor their ideology. It's only the employee who even suggests that, and probably not even seriously.
Here in Finland mechanical locks with electronic keying are pretty common in some places. Some of them like iLOQ or Abloy eCLIQ are actually pretty clever: electrical bits of the lock are powered from mechanical action of inserting and turning the key, so you don't have to worry about batteries. In theory, they promise significant cost savings in scenarios like rental apartment buildings where tenants move in and out, need access to common areas, lose keys, etc, without compromising security or having to replace or recode locks - they just give you a generic key, click some buttons in the admin panel, and your key could be provisioned accordingly once you first enter the building and interact with one of the "smarter" locks that are externally powered and networked to the mothership.
In practice, in addition to the usual bugs you would expect from a software-based system managed and maintained by a plethora of organizations and contractors, they tend to become very annoying as parts wear out, so you have to fiddle with the key reinserting it repeatedly trying to find just the right angle so it will make a good contact to be recognized by the lock (for example the iLOQ system by my landlord communicates over a thin contact strip molded into the key opposite of the cutting and separated from the rest of the key with a thin layer of plastic).
> their customers never saw shimming in the field.
This is arguably good PR, but a terrible response. Shimming is so quick and hard to detect that even if you had 24-7 video of the lock, you probably wouldn't notice that the lock had been shimmed. You would just assume that someone lost a key.
Issues with master locks are hardly new- back in the 1980s, I downloaded a file from a BBS explaining how to open a combo lock (basically by pulling on the shackle while turning, and a few other tricks.
If you want an extreme example of this; go look at the Sacramento startup Sircles. 7+ year old "startup" that has sub $100k revenue after several years but 9 million in debt. The founder has an account there under u/Sirclesapp where he goes off on toxic and insane tirades to anyone who dares say anything but utmost praise at his app. Apparently he stalks their reddit accounts and sends threatening letters to their personal home addresses from his lawyer for "defamation". That I understand he sent one to some ex employees and one to some woman who I think is a paralegal and is now suing them in civil court.
He partnered with some radio program called radradio where the host had a lot of personal issues and the show ultimately got axed. The radio host was known for having issues with alcohol, but they kept partnering with him because he kept shilling their WeFunder. They've raised over $6m in SAFEs but considering they are $9m in debt, haven't broken $100k lifetime revenue after 7 years, and seem to have over a million a year burn rate, it's doubtful that the shares from those SAFEs (if ever executed) would ever be in the money.
> It's quite entertaining to see how little security you actually get from most locks.
Yeah, one of my conclusions after years of watching LPL is ironically to start buying cheaper locks.
The difference between a $3 and a $300 lock is just about a minute of time for an experienced lockpick. No lock is capable of dissuading a determined thief, but any lock is equally capable of dissuading a lazy one.
They also made sloppy mistakes like naming the Proven owner's partner un-redacted in a document they submitted to the court (which is then available through legal search engines). If they were concerned with privacy they could easily have withheld her name.
Article strongly advocates for McNally's right to free expression and information sharing about lock vulnerabilities. Title and throughout, frames the lawsuit as illegitimate interference with expression rights. Directly affirms: 'It's still legal to pick locks, even when you swing your legs.'
FW Ratio: 50%
Observable Facts
Article title explicitly states the lawsuit is a 'Bad idea,' establishing that suppression of McNally's videos violates principles of free expression.
Article notes McNally's video 'has been viewed nearly 10 million times on YouTube alone,' documenting massive audience access to the expression.
Article states: 'It's still legal to pick locks, even when you swing your legs,' directly affirming the legal right to create and share expression on the topic.
Article describes Proven's attempts to suppress McNally: 'Concerned about losing business, Lee kept trying to shut McNally down' and warned things would 'get really personal,' documenting corporate infringement on expression.
Inferences
The headline frames lawsuits against expression creators as categorically flawed, suggesting strong presumption against suppression.
The 10M view metric suggests the expression has reached massive audience, implying social value worthy of protection.
The legal affirmation ('It's still legal') presumes expression right is foundational, not requiring special pleading.
Documenting the threats and suppression attempts frames them as rights violations, not legitimate corporate defense.
Article's central argument: Proven Industries is abusing legal processes to suppress McNally's speech and expression rights. Frames this as violation of Article 30—using law to abuse rather than protect rights. CEO's criminal history and threats establish pattern of abuse.
FW Ratio: 63%
Observable Facts
Article title: 'Bad idea' frames the lawsuit as abuse of legal rights.
Article documents CEO Lee as 'triple felon' who previously 'hired someone to throw a brick through the window of his ex-wife,' establishing pattern of using intimidation and violence.
Article shows Lee sent threatening messages ('be prepared!') and contacted McNally's family, documenting intentional abuse.
Article frames Proven's actions as campaign to 'shut McNally down' despite Proven itself demonstrating identical behavior, showing selective abuse of legal process.
Article documents Proven posted 'response video' and engaged in 'social media' confrontation, then threatened things would 'get really personal' for McNally, showing escalating abuse.
Inferences
The accumulation of threatening behavior, criminal history, and selective legal action establishes that Proven is abusing legal rights rather than protecting legitimate interests.
The 'bad idea' framing suggests that using law to suppress expression—especially by someone with a violent history—constitutes abuse of rights.
The hypocrisy of Proven doing the identical behavior it sued McNally for demonstrates the lawsuit is abusive, not protective of legitimate interests.
Article defends McNally's privacy rights by framing Lee's text to his wife as an invasion of privacy and intimidation. Strongly implies the act violates privacy and personal boundary protections.
FW Ratio: 50%
Observable Facts
Article documents: 'The next day, Lee texted McNally's wife,' and describes this as McNally perceiving it 'to intimidate me and my family.'
Article notes Lee 'already knew how to contact him on Instagram,' suggesting the wife contact was a deliberate privacy invasion rather than mistake.
Inferences
Describing the wife contact as intimidation reframes it as a privacy violation, not innocent communication.
The comparison to available contact (Instagram) suggests the wife contact was chosen specifically to invade McNally's family privacy.
Article questions the fairness of legal proceedings by highlighting the CEO's criminal history as disqualifying context. Implies the lawsuit itself may lack legal/moral grounding due to the plaintiff's character and prior abuse patterns.
FW Ratio: 60%
Observable Facts
Article documents Lee is 'a triple felon' with history of 'hiring someone to throw a brick through the window of his ex-wife,' establishing pattern of abuse.
Article frames the lawsuit and threats as continuous campaign to suppress McNally, suggesting lack of good-faith legal process.
Article notes Proven itself engages in the exact behavior (demonstrating lock vulnerabilities) that it sued McNally for, suggesting the lawsuit lacks fairness and proportionality.
Inferences
The detailed disclosure of Lee's criminal history implies that fair trial principles require courts to consider a plaintiff's pattern of abuse in evaluating the lawsuit's legitimacy.
The hypocrisy documentation (Proven's own demo videos) suggests the legal action fails fairness standards because it applies different rules to different actors.
Article implicitly supports principles of human dignity and individual rights by defending McNally's right to create and share information; frames attempt to suppress his expression as contrary to justice and fairness.
FW Ratio: 60%
Observable Facts
Article title frames lock company's lawsuit as 'bad idea,' signaling the author's judgment that the legal action contradicts foundational principles.
Article provides detailed account of McNally as individual with recognized social standing (7M followers, 2B views) and agency.
Site allows 368 public comments on the article, enabling collective discussion of the dispute.
Inferences
The framing treats McNally's right to expression as aligned with principles of human dignity and justice.
Site structure enables participatory discourse, supporting a vision of human dignity grounded in collective reasoning.
Article questions the fairness and equality of the legal action by Proven Industries, questioning whether the lawsuit is appropriate and suggesting the CEO's tactics lack legal or moral grounding. Title itself ('Bad idea') questions the legality/fairness of the suit.
FW Ratio: 50%
Observable Facts
Article title explicitly labels the lawsuit a 'bad idea,' a direct editorial judgment on the legal action's propriety.
Article documents Lee's attempts to suppress McNally ('Concerned about losing business, Lee kept trying to shut McNally down') and suggests these lacked legal foundation.
Inferences
The headline's framing suggests the lawsuit violates principles of equal/fair legal treatment.
Documenting the CEO's prior harassment and threats suggests the legal system should be skeptical of claims from actors with clear intent to suppress speech.
Article identifies security concerns for McNally based on CEO Lee's threatening message and criminal history (prior violence). Frames these as legitimate liberty/security threats warranting concern.
FW Ratio: 60%
Observable Facts
Article documents Lee texting McNally's wife and notes McNally 'saw the text as a way to intimidate me and my family.'
Article reveals Lee is 'a triple felon' who 'hired someone to throw a brick through the window of his ex-wife,' establishing violent history.
Lee's prior message 'Just wanted to say thanks and be prepared!' is presented as threat context for the text message.
Inferences
The placement of Lee's criminal history immediately after discussing the threatening messages suggests the author links prior violence to present security concerns.
Framing of the text as intimidation affirms McNally's security interests as legally and morally relevant.
Article presents McNally sympathetically and without accusation; treats him as innocent of wrongdoing. Does not presume guilt based on being sued.
FW Ratio: 50%
Observable Facts
Article describes McNally's video as 'saucy' and his actions as responding to explicit challenge from Proven, not initiated misconduct.
Article does not accuse McNally of illegal activity; instead frames his lock-picking as expressly legal: 'It's still legal to pick locks, even when you swing your legs.'
Inferences
The legal affirmation ('It's still legal') presumes McNally's innocence of any criminal wrongdoing.
Framing Proven's taunt as provocation implicitly exonerates McNally of initiating wrongful conduct.
Article frames Lee's contact with McNally's wife as inappropriate interference with family privacy and security. Implicitly defends family unit integrity against external intimidation.
FW Ratio: 67%
Observable Facts
Article specifically mentions McNally's wife being contacted by the CEO, framing this as part of an intimidation campaign.
Article describes the contact as intended 'to intimidate me and my family,' explicitly linking it to family unit protection.
Inferences
The selective mention of wife contact suggests family relationships merit special protection from corporate intimidation.
Article frames McNally's lock-picking videos as educational content about security vulnerabilities. Treats information sharing as having educational and public value.
FW Ratio: 60%
Observable Facts
Article documents that McNally demonstrates 'how easy it is to open many common locks,' treating the demonstration as informational/educational.
Article notes Proven's own marketing materials do the same thing (show lock defeats), establishing that vulnerability education is a standard industry practice.
Article frames consumer awareness about lock weaknesses as relevant to informed purchasing ('Without extensive experience, long prep work, and precise measurements... Proven's locks were in little danger').
Inferences
The educational framing suggests McNally's content contributes to public knowledge about consumer product safety.
The reference to Proven's own educational videos suggests this type of content is standard in the lock industry, not uniquely problematic.
Article treats McNally (individual) and Proven Industries (corporation) as legally and morally distinct; implicitly affirms that both have rights but McNally's expression rights take precedence in this context.
FW Ratio: 50%
Observable Facts
Article contrasts McNally's actions and perspective with Proven Industries' corporate position, treating them as equal agents with potentially conflicting rights.
Inferences
The parallel treatment of individual and corporate rights suggests implicit support for equality before law, though corporate legal overreach is questioned.
Article recognizes McNally as legal and moral person with agency, rights, and standing in the dispute. Does not reduce him to an object or strip his personhood.
FW Ratio: 67%
Observable Facts
McNally is identified by name, background (ex-Marine Staff Sergeant), and social metrics (7M followers, 2B views).
Article quotes his perspective ('to intimidate me and my family') and treats his interpretation as legally and morally salient.
Inferences
The detailed identification and voice given to McNally affirms his status as a legal and moral person, not merely an object of the dispute.
Article recognizes McNally's content creation as livelihood and career (7M followers, 2B views generating income/status). Frames legal threats to this as rights-relevant.
FW Ratio: 67%
Observable Facts
Article documents McNally's professional status: '7 million followers and has amassed more than 2 billion views,' indicating income-generating work.
Article frames the legal threat as affecting McNally's work ('Concerned about losing business') alongside his expression rights.
Inferences
The extensive audience metrics suggest McNally's expression constitutes professional work deserving labor rights protection.
Article questions whether suppressing information serves social order; implies that legal processes used to suppress expression undermine rather than support social order.
FW Ratio: 67%
Observable Facts
Article frames the lawsuit as illegitimate ('Bad idea'), suggesting it violates principles of legal order.
Article documents Proven's attempt to use legal process for suppression, questioning whether this serves legitimate social ordering.
Inferences
The framing suggests that suppressing expression through legal intimidation corrupts rather than preserves social order.
No observable content addressing discrimination or equal protection on grounds of race, color, sex, language, religion, opinion, national origin, property, birth, or status.
Site publishes the article without restriction, enables public comment discussion (368 comments), and makes article freely accessible to broad audience.
Lee's violent criminal history (hiring someone to break window of ex-wife) presented immediately after describing threatening messages to establish danger/fear response
loaded language
Descriptions like 'saucy little video,' 'practically begging people to attempt this,' 'Oddly enough'—emotionally charged language shaping reader perception
build 1ad9551+j7zs · deployed 2026-03-02 09:09 UTC · evaluated 2026-03-02 10:41:39 UTC
Support HN HRCB
Each evaluation uses real API credits. HN HRCB runs on donations — no ads, no paywalls.
If you find it useful, please consider helping keep it running.