dvtkrlbs 2025-12-22 16:41 UTC link

I just watched the Benn Jordan's video on this. Even if this is just configuration error on some of their cameras this is terrifying and I think they should be held accountable for this and their previous myriad of CVEs.

edot 2025-12-22 16:54 UTC link

Flock or their defenders will lock in on the excuse that “oh these are misconfigured” or “yeah hacking is illegal, only cops should have this data”. The issue is neither of the above. The issue is the collection and collation of this footage in the first place! I don’t want hackers watching me all the time, sure, but I DEFINITELY don’t trust the state or megacorps to watch me all the time. Hackers concern me less, actually. I’m glad that Benn Jordan and others are giving this the airtime it needs, but they’re focusing the messaging on security vulnerabilities and not state surveillance. Thus Flock can go “ok we will do better about security” and the bureaucrats, average suburbanites, and law enforcement agencies will go “ok good they fixed the vulnerabilities I’m happy now”

eightysixfour 2025-12-22 17:43 UTC link

I don't want these cameras to exist but, if they're going to, might we be better off if they are openly accessible? At the very least, that would make the power they grant more diffuse and people would be more cognizant of their existence and capabilities.

monkaiju 2025-12-22 18:02 UTC link

i guess that while it is alarming that these feeds were "unsecured" I'm just as concerned that they exist at all. Folks worry about it getting into the "wrong hands" but from my POV it was put up by the wrong hands.

While both are a problem I am far more concerned about the power this gives our, increasingly authoritarian, government than about individual stalkers/creeps.

tptacek 2025-12-22 18:03 UTC link

I would love to watch a shorter version of this video that just discussed the deltas between the status quo and Flock, rather than breathlessly reporting the implications of cameras as if they were distinctive to Flock. He'll spend 30 seconds talking about how you can see every activity and every person on the camera --- yeah, that's how cameras work. There are thousands of public IP cameras on the Internet, aimed at intersections, public streets, houses, playgrounds, schools; most of them operated that way deliberately.

There are Flock-specific bad things happening here, but you have to dig through the video to get to them, and they're not intuitive. The new Flock "Condor" cameras are apparently auto-PTZ, meaning that when they detect motion, they zoom in on it. That's new! I want to hear more about that, and less about "I had tears in my eyes watching this camera footage of a children's playground", which is something you could have done last week or last year or last decade, or about a mental health police wellness detention somewhere where all the cops were already wearing FOIA-able body cams.

If open Flock cameras gave you the Flock search bar, that would be the end of the world. And the possibility that could happen is a good reason to push back on Flock. But that's not what happened here.

Bender 2025-12-22 18:10 UTC link

Children could go missing thanks to Flock default settings. HN would tell me to never attribute to malice ... but there may be criminal negligence.

To cover their butts I strongly suggest Flock implement a default "grading system" that will show a city in a banner at the top of their management and monitoring system that based on their camera and network configuration they get an A+ to F-. If the grade is below a C then it must be impossible to get rid of the banner and it must be blinking red. The grading system must be both free, mandatory and a part of the core management code. This assumes Flock will have the willpower to say no when a city demands removal of the flashing red banner. Instead up-sell professional services to secure their mess. I would like to see the NCC Group review their security and future grading system.

kklisura 2025-12-22 18:17 UTC link

For more context here Flock Safety is a YC-backed company [1][2]

[1] https://www.ycombinator.com/companies/flock-safety

[2] https://x.com/garrytan/status/1856016868580151615

kirykl 2025-12-22 18:23 UTC link

If the cameras are recoding public areas, isn’t it better the recorded footage stays public

e40 2025-12-22 18:31 UTC link

Him reading the Flock statement on a Flock camera open on the internet was just so good. I love and support Benn Jordan.

culi 2025-12-22 19:06 UTC link

This was posted to HN a week ago but didn't get enough attention due to the weird title.

It's a map of all city council meetings in the US whose agenda mentions Flock

https://alpr.watch/

fusslo 2025-12-22 19:12 UTC link

I wonder what our founders would think about tools like Flock.

From what I understand these systems are legal because there is no expectation of privacy in public. Therefore any time you go in public you cannot expect NOT to be tracked, photographed, and entered into a database (which may now outlive us).

I think the argument comes from the 1st amendment.

Weaponizing the Bill of Rights (BoR) for the government against the people does not seem to align with my understanding of why the Bill of Rights was cemented into our constitution in the first place.

I wonder what Adams or Madison would make of it. I wonder if Benjamin Franklin would be appalled.

I wonder if they'd consider every license plate reading a violation of the 4th amendment.

jjwiseman 2025-12-22 19:28 UTC link

The CEO of Flock, Garrett Langley, called Deflock a terrorist group. It's unhinged. https://www.youtube.com/watch?v=l-kZGrDz7PU

afarah1 2025-12-22 19:35 UTC link

In Brazil there is a similar problem, but it's not as widely discussed. Here, police investigations revealed that a website sold access for less than $4 to the nation-wide surveillance system, which included live feed of public safety cameras and person search by tax identifier. It was also shown that criminal organizations used it to locate their targets. Access was through the open internet, with leaked credentials, the federal government's system requires no VPN for access.

Source (Portuguese): https://mpmt.mp.br/portalcao/news/1217/164630/pf-expoe-invas...

mmaunder 2025-12-22 19:37 UTC link

Really valuable research. A benefit to public safety, and drawing attention to a sloppy vendor in the security space, claiming to secure the public, but instead putting the public at risk. However I'm deeply concerned for the researcher and all involved because this may be a criminal violation under the CFAA - accessing these systems without authorization, even if they don't have authentication.

crumpled 2025-12-22 21:38 UTC link

Yes. This looks bad for Flock security.

Good thing nobody tried to pop a shell on the camera OS and move laterally through the network. That would be bad.

I'm sure it's all very secure though.

dogman144 2025-12-22 23:42 UTC link

Was fortunate to talk to a security lead who built the data-driven policing network for a major American city that was an early adopter. ALPR vendors like Flock either heavily augment and/or anchor the tech setups.

What was notable to me is the following, and it’s why I think a career spent on either security researching, or going to law school and suing, these vendors into the ground over 20 years would be the ultimate act of civil service:

1. It’s not just Flock cams. It’s the data eng into these networks - 18 wheeler feed cams, flock cams, retail user nest cams, traffic cams, ISP data sales

2. All in one hub, all searchable by your local PD and also the local PD across state lines who doesn’t like your abortion/marijuana/gun/whatever laws, and relying on:

3. The PD to setup and maintain proper RBAC in a nationwide surveillance network that is 100%, for sure, no doubt about it (wait how did that Texas cop track the abortion into Indiana/Illinois…?), configured for least privilege.

4. Or if the PD doesn’t want flock in town, they reinstall cameras against the ruling (Illinois iirc?) or just say “we have the feeds for the DoT cameras in/out of town and the truckers through town so might as well have control over it, PD!”

Layer the above with the current trend in the US, and 2025 model Nissan uploading stop-by-stop geolocation and telematics to cloud (then, sold into flock? Does even knowing for sure if it does or doesn’t even matter?)

Very bad line of companies. Again all is from primary sources who helped implement it over the years. If you spend enough time at cybersecurity conferences you’ll meet people with these jobs.

kjkjadksj 2025-12-23 00:43 UTC link

Flock cameras would be so easy to disable by motivated people. Dress in nondescript clothing, mask, sunglasses, and just spraypaint over the lenses. This is completely asymmetric warfare because it is trivial how long it would take for you to do this. You could hit dozens of cameras across an area overnight. Meanwhile, flock or the city, whoever maintains this stuff, needs to identify the vandalized cameras, flag them for repair, pay a technician to go out and presumably repair the unit outright. You pay cents and they are paying potentially thousands in labor and hardware costs.

And this would absolutely work at scale too. Streetlights are already being vandalized for their copper and most cities cannot afford to hire more technicians to even keep up with streetlight repair. I believe I’ve seen the backlog for streetlight repair in LA is over 10x what the current street services crew is capable of repairing in a year of constant work and growing by the day.

Municipalities and these technology companies cannot keep up against a motivated crew and can’t afford to scale either. Totally asymmetric.

catoc 2025-12-23 05:01 UTC link

What I don’t understand is how you can work at a company like Flock and look yourself in the mirror. Seriously. You must be aware of the inherent evil, of the privacy invasive nature of your product, of how it’s being actively abused. How do you rationalize this for yourself?

potato3732842 2025-12-23 11:24 UTC link

Systems like this that exist to facilitate dispatching government violence will never be "good" by whatever the standards of the time is because they don't need to be. They have "at-cost" access to nearly infinite government violence they can dispatch capriciously and an unequally good relationship with any system that would hold them accountable for any misuse of their stuff.

bearjaws 2025-12-23 16:30 UTC link

You just know other nation states are all inside these camera systems and probably buried deep at this point.

Of course no liability will be faced by the company, and none for the police departments who violate our constitutional rights.

chaps 2025-12-22 16:48 UTC link

Here's the video for interested folk:

https://www.youtube.com/watch?v=vU1-uiUlHTo

tencentshill 2025-12-22 16:48 UTC link

It's amazing that any vendor, let alone a CJIS vendor even allows unsecured deployments of their software in 2025.

dvtkrlbs 2025-12-22 16:59 UTC link

Yes and the biggest problem with this kind of ALPRs are they bypass the due process. Most of the time police can just pull up data without any warrant and there has been instances where this was abused (I think some cops used this for stalking their exes [1]) and also the most worrying Flock seems to really okay with giving ICE unlimited access to this data [2] [3] (which I speculate for loose regulations).

[1]: https://lookout.co/georgia-police-chief-arrested-for-using-f... [2]: https://www.404media.co/emails-reveal-the-casual-surveillanc... [3]: https://www.404media.co/ice-taps-into-nationwide-ai-enabled-...

SamInTheShell 2025-12-22 17:39 UTC link

Nothing will be done until one of the investors of the tech end up embarrassed from weaponization of the tech against themselves. These people have no clue how creepy some of their technologic betters can be. I once witnessed a coworker surveilling his own network to ensure his girlfriend wasn't cheating on him (this was a time before massive SSL adoption). The guy just got a role doing networking at my company and thankfully he wasn't there for very long after that.

hrimfaxi 2025-12-22 17:44 UTC link

Is it more symmetrical? I know in theory we all can continuously download and datamine these video feeds but can everyone really?

fuckflock 2025-12-22 18:15 UTC link

HN is the malice in this instance.

> The financing was led by Andreessen Horowitz, with backing from Greenoaks Capital, Bedrock Capital. Meritech Capital, Matrix Partners, Sands Capital, Founders Fund, Kleiner Perkins, Tiger Global, and Y Combinator also participated.

https://www.flocksafety.com/blog/flock-safety-secures-major-...

jkestner 2025-12-22 18:19 UTC link

In my experience, people respond much more strongly to naming a specific company or person. Clearer plan of action than a resigned “This tech is old news.”

kklisura 2025-12-22 18:27 UTC link

And let me share this reply by Garry Tan, CEO of YC, after someone made a comment that Flock might be _pretty dystopian_ [1][2]:

> You're thinking Chinese surveillance

> US-based surveillance helps victims and prevents more victims

[1] https://x.com/neurajordan/status/1963303084609966288

[2] https://x.com/garrytan/status/1963310592615485955

NietzscheanNull 2025-12-22 18:32 UTC link

I always found Hanlon's Razor a bit too optimistic in tone. I prefer it restated in the form of Clarke's third law: "Sufficiently advanced stupidity is indistinguishable from malice."

butlike 2025-12-22 18:37 UTC link

They shouldn't be recording at all is the point.

esseph 2025-12-22 18:38 UTC link

Would you want your partner or child stalked, raped, and murdered?

You don't even need to drop an air tag now, you can use the license plate reader to track them everywhere they go. There is no hiding.

eightysixfour 2025-12-22 18:39 UTC link

I think so, but it is a loosely held opinion at this point. Fundamentally, I think it is a huge, asymmetric power grab by Flock and local police to install these systems. It only takes one officer looking up their local politician and finding them doing something that could even look like a bad deed (or to fake it in the era of AI videogen...) to enable blackmail and personal/professional gain.

If they're going to exist, it may be better for that to be spread among the public than to be left in the hands of the few.

kgwxd 2025-12-22 19:01 UTC link

They don't grant power, they enhance it. Not helpful for those without don't have any actual power.

lubujackson 2025-12-22 19:06 UTC link

Did you see the other post about this where the guys showed a Flock camera pointed at a playground, so any pedo can see when kids are there and not attended?

Or how it has become increasingly trivial to identify by face or license plate such that combining tools reaches "movie Interpol" levels, without any warrant or security credentials?

If Big Brother surveillance is unavoidable I don't think "everyone has access" is the solution. The best defense is actually the glut of data and the fact nobody is actively watching you picking your nose in the elevator. If everyone can utilize any camera and its history for any reason then expect fractal chaos and internet shaming.

phyzome 2025-12-22 19:36 UTC link

He's pretty open in this video about how Flock is far from alone in this space, and he's just using them as an example because they're so popular and flagrantly abusive.

therobots927 2025-12-22 19:40 UTC link

Expect more of this. The masks are coming off.

“Are the fires of Hell a-glowing? Is the grisly reaper mowing? Yes! The danger must be growing For the rowers keep on rowing And they're certainly not showing Any signs that they are slowing!” - Willie Wonka

verisimi 2025-12-22 19:42 UTC link

Is this dystopian enough yet?

JKCalhoun 2025-12-22 20:00 UTC link

I've thought the same regarding license plate readers (and saw considerable pushback on HN) — feeling like you suggest: if they have the technology anyway, why not open it up?

I imagined a "white list" though (or whatever the new term is—"permitted list"?) so that only certain license plates are posted/tracked.

chzblck 2025-12-22 20:17 UTC link

they prob be upset about the 13th 15th and 19th amendments too

ribosometronome 2025-12-22 20:28 UTC link

I wonder if that's why this post, with more upvotes than a number of the other ones on the front page, has seemingly vanished from it.

fuzzylightbulb 2025-12-22 20:54 UTC link

Have you ever gone fishing? Did you catch all the fish?

Often it is more impactful to address one major/tangible player in a particular space than it would be to "boil the ocean" and ensure that we are capturing every possible player/transgressor. I agree that some of the video was overly breathless, but if that's what wakes people up to the dangers of unsecured cameras/devices then so be it.

dang 2025-12-22 22:02 UTC link

alpr.watch - https://news.ycombinator.com/item?id=46290916 - Dec 2025 (444 comments)

That post was literally the #1 story on HN for the entire day: https://news.ycombinator.com/front?day=2025-12-16.

It was on the frontpage for 25 hours. That's about as much attention as any thread gets - well above the 99th percentile.

dang 2025-12-22 22:09 UTC link

(This was originally posted to https://news.ycombinator.com/item?id=46356182 but we've since merged the threads.

The video in question is linked from the toptext above.)

aucisson_masque 2025-12-22 22:36 UTC link

That definitely wouldn't happen in the states. Corruption only happens in poor countries.

SamInTheShell 2025-12-22 23:13 UTC link

This is pretty naive. What happens when you develop and extend such a system in a way that it can track who you interact with? What about social credit scores? You might go out to a social event with a very distinguished social credit score of 820 and get knocked down to 69 just because you were in proximity to Bob and Alice, who happen to be on some blacklists for their work in cryptography.

What you're staring at is the gateway tech that brings in a dystopian society. At first stuff like this is fairly benign, but slowly over time it ramps up into truly awful outcomes.

saubeidl 2025-12-22 23:17 UTC link

"like Antifa". Very telling how he uses a far-right boogeyman as comparison point, literally antifascists.

If you're anti-antifascist, you are exposing yourself.

superultra 2025-12-22 23:28 UTC link

I live in an Atlanta neighborhood where one of the founders lived. A prototype for Flock Camera was designed by three Georgia Tech grads because someone kept breaking into their car (not uncommon in our neighborhood tbh).

The trick is that the camera was pointed towards a middle school. Which means they were constantly recording kids without adult consent.

Now, years later, Atlanta is the most surveilled city in North America and one of the most in the world. Flock cameras are everywhere. There are 124 cameras for every 1,000 people. Just last week, a ex-urb police chef was arrested for using the Flock network to stalk and harass citizens.

I know a lot of people who work at Flock. I’m shocked that they do though.

I don’t know when it stops.

FireBeyond 2025-12-22 23:40 UTC link

He has said his goal is for a "world with no crime. Thanks to Flock." and his goal is not aspirational, visionary, but quite literal.

He sees false negatives as more problematic than false positives. He has admitted being inspired by Minority Report (to me it's always very telling when someone takes a cautionary tale like this and finds it "inspirational").

It is right to be amazingly concerned.

enahs-sf 2025-12-23 00:08 UTC link

I wonder if such a business model could exist where they were effectively "public" and thus, access was uniformly granted to anyone willing to pay. not sure if this would be net better for society, but an interesting thought.

pixl97 2025-12-23 00:11 UTC link

>I wonder if Benjamin Franklin would be appalled.

Depends how fast we lost him to porn on the internet

Editorial Channel

What the content says

Structural Channel

What the site does