zlacker

[return to "Flock Exposed Its AI-Powered Cameras to the Internet. We Tracked Ourselves"]
1. dogman+Sj1[view] [source] 2025-12-22 23:42:16
>>chaps+(OP)
Was fortunate to talk to a security lead who built the data-driven policing network for a major American city that was an early adopter. ALPR vendors like Flock either heavily augment and/or anchor the tech setups.

What was notable to me is the following, and it’s why I think a career spent on either security researching, or going to law school and suing, these vendors into the ground over 20 years would be the ultimate act of civil service:

1. It’s not just Flock cams. It’s the data eng into these networks - 18 wheeler feed cams, flock cams, retail user nest cams, traffic cams, ISP data sales

2. All in one hub, all searchable by your local PD and also the local PD across state lines who doesn’t like your abortion/marijuana/gun/whatever laws, and relying on:

3. The PD to setup and maintain proper RBAC in a nationwide surveillance network that is 100%, for sure, no doubt about it (wait how did that Texas cop track the abortion into Indiana/Illinois…?), configured for least privilege.

4. Or if the PD doesn’t want flock in town, they reinstall cameras against the ruling (Illinois iirc?) or just say “we have the feeds for the DoT cameras in/out of town and the truckers through town so might as well have control over it, PD!”

Layer the above with the current trend in the US, and 2025 model Nissan uploading stop-by-stop geolocation and telematics to cloud (then, sold into flock? Does even knowing for sure if it does or doesn’t even matter?)

Very bad line of companies. Again all is from primary sources who helped implement it over the years. If you spend enough time at cybersecurity conferences you’ll meet people with these jobs.

◧◩
2. Barath+i02[view] [source] 2025-12-23 07:37:25
>>dogman+Sj1
This is the part that doesn’t get enough attention. The real risk isn’t any single vendor, it’s the aggregation layer. Once ALPR, retail cams, traffic cams, ISP data, and vehicle telematics all land in one searchable system, the idea that this will be perfectly RBAC’d and jurisdictionally contained is fantasy. At that point it’s not policing tech, it’s a nationwide surveillance substrate held together by policy promises.
◧◩◪
3. dogman+744[view] [source] 2025-12-24 00:36:54
>>Barath+i02
I’ve been in security for a while and I increasingly think understanding what the future looks like under this threat model is about the only security research that really matters fully above the rest (many topics also very important in their own ways).

The state change is just so significant and so under discussed because you learn about it via making an effort in a cybersec career, hitting conferences very years, eventually lucking out with who you met for a beer, and so on.

So how do policy leaders trying to understand this stand a chance at understanding it? How do local PD chiefs understand what they’re bringing in, who I really do believe deserve the benefit of the doubt wrt positive intentions?

There is really no counter-voice to an incredibly capable nationwide surveillance network that’s been around for at least 10-15 years. The EFF doesn’t really count because the EFF complains about these things, SEN Wyden writes a memo, and that seems to be the accepted scope of the work..

Just like man… the bill of rights… it’s a thing! Insane technology.

[go to top]