Police departments and officials from Border Patrol used Flock’s automatic license plate reader (ALPR) cameras to monitor protests hundreds of times around the country during the last year, including No Kings protests in June and October, according to data obtained by the Electronic Frontier Foundation (EFF).

The data provides the clearest picture yet of how cops widely use Flock to monitor protesters. In June, 404 Media reported cops in California used Flock to track what it described as an “immigration protest.” The new data shows more than 50 federal, state, and local law enforcement ran hundreds of searches in connection with protest activity, according to the EFF.

We start this week with a rant from Jason about how the latest dump of Epstein emails were released. It would be a lot easier to cover them if they were published differently! After the break, we talk about Joseph’s piece about a contractor hiring essentially randos off LinkedIn to physically track immigrants for $300. In the subscribers-only section, Sam tells us about a new adult industry code of conduct that has been a long time coming

Listen to the weekly podcast on Apple Podcasts, Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.

• Our New FOIA Forum! 11/19, 1PM ET
• Contractor Recruiting People on LinkedIn to Physically Track Immigrants for ICE, Will Pay $300
• Major Porn Studios Join Forces to Establish Industry ‘Code of Conduct’

Airlines Reporting Corporation (ARC), a data broker owned by the U.S.’s major airlines, will shut down a program in which it sold access to hundreds of millions of flight records to the government and let agencies track peoples’ movements without a warrant, according to a letter from ARC shared with 404 Media.

ARC says it informed lawmakers and customers about the decision earlier this month. The move comes after intense pressure from lawmakers and 404 Media’s months-long reporting about ARC’s data selling practices. The news also comes after 404 Media reported on Tuesday that the IRS had searched the massive database of Americans flight data without a warrant.

“As part of ARC’s programmatic review of its commercial portfolio, we have previously determined that TIP is no longer aligned with ARC’s core goals of serving the travel industry,” the letter, written by ARC President and CEO Lauri Reishus, reads. TIP is the Travel Intelligence Program. As part of that, ARC sold access to a massive database of peoples’ flights, showing who travelled where, and when, and what credit card they used. 

“All TIP customers, including the government agencies referenced in your letter, were notified on November 12, 2025, that TIP is sunsetting this year,” Reishus continued. Reishus was responding to a letter sent to airline executives earlier on Tuesday by Senator Ron Wyden, Congressman Andy Biggs, Chair of the Congressional Hispanic Caucus Adriano Espaillat, and Senator Cynthia Lummis. That letter revealed the IRS’s warrantless use of ARC’s data and urged the airlines to stop the ARC program. ARC says it notified Espaillat's office on November 14.

ARC is co-owned by United, American, Delta, Southwest, JetBlue, Alaska, Lufthansa, Air France, and Air Canada. The data broker acts as a bridge between airlines and travel agencies. Whenever someone books a flight through one of more than 12,800 travel agencies, such as Expedia, Kayak, or Priceline, ARC receives information about that booking. It then packages much of that data and sells it to the government, which can search it by name, credit card, and more. 404 Media has reported that ARC’s customers include the FBI, multiple components of the Department of Homeland Security, ATF, the SEC, TSA, and the State Department.  

Espaillat told 404 Media in a statement “this is what we do. This is how we’re fighting back. Other industry groups in the private sector should follow suit. They should not be in cahoots with ICE, especially in ways may be illegal.”

Wyden said in a statement “it shouldn't have taken pressure from Congress for the airlines to finally shut down the sale of their customers’ travel data to government agencies by ARC, but better late than never. I hope other industries will see that selling off their customers' data to the government and anyone with a checkbook is bad for business and follow suit.”

“Because ARC only has data on tickets booked through travel agencies, government agencies seeking information about Americans who book tickets directly with an airline must issue a subpoena or obtain a court order to obtain those records. But ARC’s data sales still enable government agencies to search through a database containing 50% of all tickets booked without seeking approval from a judge,” the letter from the lawmakers reads.

Update: this piece has been updated to include statements from CHC Chair Espaillat and Senator Wyden.

The IRS accessed a database of hundreds of millions of travel records, which show when and where a specific person flew and the credit card they used, without obtaining a warrant, according to a letter signed by a bipartisan group of lawmakers and shared with 404 Media. The country’s major airlines, including Delta, United Airlines, American Airlines, and Southwest, funnel customer records to a data broker they co-own called the Airlines Reporting Corporation (ARC), which then sells access to peoples’ travel data to government agencies.

The IRS case in the letter is the clearest example yet of how agencies are searching the massive trove of travel data without a search warrant, court order, or similar legal mechanism. Instead, because the data is being sold commercially, agencies are able to simply buy access. In the letter addressed to nine major airlines, the lawmakers urge them to shut down the data selling program. Update: after this piece was published, ARC said it already planned to shut down the program. You can read more here.

A current pilot project aims to pay former law enforcement and military officers to physically track immigrants and verify their addresses to give to ICE for $300 each. There is no indication that the pilot involves licensed private investigators, and appears to be open to people who are now essentially members of the general public, 404 Media has learned.

The pilot is a dramatic, and potentially dangerous, escalation in the Trump administration’s mass deportation campaign. People without any official role in government would be tasked with tracking down targets for ICE. It appears to be part of ICE’s broader plan to use bounty hunters or skip tracers to confirm immigrant’s addresses through data and physical surveillance. Some potential candidates for the pilot were recruited on LinkedIn and were told they would be given vehicles to monitor the targets.

Immigration and Customs Enforcement (ICE) recently invited staff to demos of an app that lets officers instantly scan a license plate, adding it to a database of billions of records that shows where else that vehicle has been spotted around the country, according to internal agency material viewed by 404 Media. That data can then be combined with other information such as driver license data, credit header data, marriage records, vehicle ownership, and voter registrations, the material shows.

The capability is powered by both Motorola Solutions and Thomson Reuters, the massive data broker and media conglomerate, which besides running the Reuters news service, also sells masses of personal data to private industry and government agencies. The material notes that the capabilities allow for predicting where a car may travel in the future, and also can collect face scans for facial recognition. 

The material shows that ICE continues to buy or source a wealth of personal and sensitive information as part of its mass deportation effort, from medical insurance claims data, to smartphone location data, to housing and labor data. The app, called Mobile Companion, is a tool designed to be used in real time by ICE officials in the field, similar to its facial recognition app but for finding more information about vehicles.

Google is hosting a Customs and Border Protection (CBP) app that uses facial recognition to identify immigrants, and tell local cops whether to contact ICE about the person, while simultaneously removing apps designed to warn local communities about the presence of ICE officials. ICE-spotting app developers tell 404 Media the decision to host CBP’s new app, and Google’s description of ICE officials as a vulnerable group in need of protection, shows that Google has made a choice on which side to support during the Trump administration’s violent mass deportation effort.

Google removed certain apps used to report sightings of ICE officials, and “then they immediately turned around and approved an app that helps the government unconstitutionally target an actual vulnerable group. That's inexcusable,” Mark, the creator of Eyes Up, an app that aims to preserve and map evidence of ICE abuses, said. 404 Media only used the creator’s first name to protect them from retaliation. Their app is currently available on the Google Play Store, but Apple removed it from the App Store.

“Google wanted to ‘not be evil’ back in the day. Well, they're evil now,” Mark added.

The CBP app, called Mobile Identify and launched last week, is for local and state law enforcement agencies that are part of an ICE program that grants them certain immigration-related powers. The 287(g) Task Force Model (TFM) program allows those local officers to make immigration arrests during routine police enforcement, and “essentially turns police officers into ICE agents,” according to the New York Civil Liberties Union (NYCLU). At the time of writing, ICE has TFM agreements with 596 agencies in 34 states, according to ICE’s website.

Immigration and Customs Enforcement (ICE) is allocating as much as $180 million to pay bounty hunters and private investigators who verify the address and location of undocumented people ICE wishes to detain, including with physical surveillance, according to procurement records reviewed by 404 Media.

The documents provide more details about ICE’s plan to enlist the private sector to find deportation targets. In October The Intercept reported on ICE’s intention to use bounty hunters or skip tracers—an industry that often works on insurance fraud or tries to find people who skipped bail. The new documents now put a clear dollar amount on the scheme to essentially use private investigators to find the locations of undocumented immigrants.

We start with Matthew Gault’s dive into a battle between a small town and the construction of a massive datacenter for America’s nuclear weapon scientists. After the break, Joseph explains why people are 3D-printing whistles in Chicago. In the subscribers-only section, Jason zooms out and tells us what librarians are seeing with AI and tech, and how that is impacting their work and knowledge more broadly.

Listen to the weekly podcast on Apple Podcasts, Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.

6:03 - ⁠Our New FOIA Forum! 11/19, 1PM ET⁠ 

7:50 - ⁠A Small Town Is Fighting a $1.2 Billion AI Datacenter for America's Nuclear Weapon Scientists⁠ 

12:27 - ⁠'A Black Hole of Energy Use': Meta's Massive AI Data Center Is Stressing Out a Louisiana Community⁠ 

21:09 - ⁠'House of Dynamite' Is About the Zoom Call that Ends the World⁠ 

30:35 - ⁠The Latest Defense Against ICE: 3D-Printed Whistles⁠

SUBSCRIBER'S STORY: ⁠AI Is Supercharging the War on Libraries, Education, and Human Knowledge⁠

Chicagoans have turned to a novel piece of tech that marries the old-school with the new to warn their communities about the presence of ICE officials: 3D-printed whistles.

The goal is to “prevent as many people from being kidnapped as possible,” Aaron Tsui, an activist with Chicago-based organization Cycling Solidarity, and who has been printing whistles, told 404 Media. “Whistles are an easy way to bring awareness for when ICE is in the area, printing out the whistles is something simple that I can do in order to help bring awareness.”

Over the last couple months ICE has especially focused on Chicago as part of Operation Midway Blitz. During that time, Department of Homeland Security (DHS) personnel have shot a religious leader in the head, repeatedly violated court orders limiting the use of force, and even entered a daycare facility to detain someone.

3D printers have been around for years, with hobbyists using them for everything from car parts to kids’ toys. In media articles they are probably most commonly associated with 3D-printed firearms.

One of the main attractions of 3D printers is that they squarely put the means of production into the hands of essentially anyone who is able to buy or access a printer. There’s no need to set up a complex supply chain of material providers or manufacturers. No worry about a store refusing to sell you an item for whatever reason. Instead, users just print at home, and can do so very quickly, sometimes in a matter of minutes. The price of printers has decreased dramatically over the last 10 years, with some costing a few hundred dollars.

People who are printing whistles in Chicago either create their own design or are given or download a design someone else made. Resident Justin Schuh made his own. That design includes instructions on how to best use the whistle—three short blasts to signal ICE is nearby, and three long ones for a “code red.” The whistle also includes the phone number for the Illinois Coalition for Immigrant & Refugee Rights (ICIRR) hotline, which people can call to connect with an immigration attorney or receive other assistance. Schuh said he didn’t know if anyone else had printed his design specifically, but he said he has “designed and printed some different variations, when someone local has asked for something specific to their group.” The Printables page for Schuh’s design says it has been downloaded nearly two dozen times.

It’s that time again! We’re planning our latest FOIA Forum, a live, hour-long or more interactive session where Joseph and Jason will teach you how to pry records from government agencies through public records requests. We’re planning this for Wednesday, November 19th at 1 PM Eastern. That's in just over a week away! Add it to your calendar! 

This time we're focused on our coverage of Flock, the automatic license plate reader (ALPR) and surveillance tech company. Earlier this year anonymous researchers had the great idea of asking agencies for the network audit which shows why cops were using these cameras. Following that, we did a bunch of coverage, including showing that local police were performing lookups for ICE in Flock's nationwide network of cameras, and that a cop in Texas searched the country for a woman who self-administered an abortion. We'll tell you how all of this came about, what other requests people did after, and what requests we're exploring at the moment with Flock.

If this will be your first FOIA Forum, don’t worry, we will do a quick primer on how to file requests (although if you do want to watch our previous FOIA Forums, the video archive is here). We really love talking directly to our community about something we are obsessed with (getting documents from governments) and showing other people how to do it too.

Paid subscribers can already find the link to join the livestream below. We'll also send out a reminder a day or so before. Not a subscriber yet? Sign up now here in time to join.

We've got a bunch of FOIAs that we need to file and are keen to hear from you all on what you want to see more of. Most of all, we want to teach you how to make your own too. Please consider coming along!

We have something of a Meta Ray-Bans smart glasses bumper episode this week. We start with Joseph and Jason’s piece on a $60 mod that disables the privacy-protecting recording light in the smart glasses. After the break, Emanuel tells us how some people are abusing the glasses to film massage workers, and he explains the difference between a phone and a pair of smartglasses, if you need that spelled out for you. In the subscribers-only section, Jason tells us about the future of advertising: AI-generated ads personalized directly to you.

Listen to the weekly podcast on Apple Podcasts, Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.

• A $60 Mod to Meta’s Ray-Bans Disables Its Privacy-Protecting Recording Light
• Meta's Ray-Ban Glasses Users Film and Harass Massage Parlor Workers
• The Future of Advertising Is AI Generated Ads That Are Directly Personalized to You

Customs and Border Protection (CBP) has publicly released an app that Sheriff Offices, police departments, and other local or regional law enforcement can use to scan someone’s face as part of immigration enforcement, 404 Media has learned.

The news follows Immigration and Customs Enforcement’s (ICE) use of another internal Department of Homeland Security (DHS) app called Mobile Fortify that uses facial recognition to nearly instantly bring up someone’s name, date of birth, alien number, and whether they’ve been given an order of deportation. The new local law enforcement-focused app, called Mobile Identify, crystallizes one of the exact criticisms of DHS’s facial recognition app from privacy and surveillance experts: that this sort of powerful technology would trickle down to local enforcement, some of which have a history of making anti-immigrant comments or supporting inhumane treatment of detainees.

Handing “this powerful tech to police is like asking a 16-year old who just failed their drivers exams to pick a dozen classmates to hand car keys to,” Jake Laperruque, deputy director of the Center for Democracy & Technology's Security and Surveillance Project, told 404 Media. “These careless and cavalier uses of facial recognition are going to lead to U.S. citizens and lawful residents being grabbed off the street and placed in ICE detention.”

Most people probably have no idea that when you book a flight through major travel websites, a data broker owned by U.S. airlines then sells details about your flight, including your name, credit card used, and where you’re flying to the government. The data broker has compiled billions of ticketing records the government can search without a warrant or court order. The data broker is called the Airlines Reporting Corporation (ARC), and, as 404 Media has shown, it sells flight data to multiple parts of the Department of Homeland Security (DHS) and a host of other government agencies, while contractually demanding those agencies not reveal where the data came from.

It turns out, it is possible to opt-out of this data selling, including to government agencies. At least, that’s what I found when I ran through the steps to tell ARC to stop selling my personal data. Here’s how I did that:

1. I emailed privacy@arccorp.com and, not yet knowing the details of the process, simply said I wish to delete my personal data held by ARC.
2. A few hours later the company replied with some information and what I needed to do. ARC said it needed my full name (including middle name if applicable), the last four digits of the credit card number used to purchase air travel, and my residential address. 
3. I provided that information. The following month, ARC said it was unable to delete my data because “we and our service providers require it for legitimate business purposes.” The company did say it would not sell my data to any third parties, though. “However, even though we cannot delete your data, we can confirm that we will not sell your personal data to any third party for any reason, including, but not limited to, for profiling, direct marketing, statistical, scientific, or historical research purposes,” ARC said in an email.
4. I then followed up with ARC to ask specifically whether this included selling my travel data to the government. “Does the not selling of my data include not selling to government agencies as part of ARC’s Travel Intelligence Program or any other forms?” I wrote. The Travel Intelligence Program, or TIP, is the program ARC launched to sell data to the government. ARC updates it every day with the previous day’s ticket sales and it can show a person’s paid intent to travel.
5. A few days later, ARC replied. “Yes, we can confirm that not selling your data includes not selling to any third party, including, but not limited to, any government agency as part of ARC’s Travel Intelligence Program,” the company said.

Honestly, I was quite surprised at how smooth and clear this process was. ARC only registered as a data broker with the state of California—a legal requirement—in June, despite selling data for years. 

What I did was not a formal request under a specific piece of privacy legislation, such as the European Union’s General Data Privacy Regulation (GDPR) or the California Consumer Privacy Act (CCPA). Maybe a request to delete information under the CCPA would have more success; that law says California residents have the legal right to ask to have their personal data deleted “subject to certain exceptions (such as if the business is legally required to keep the information),” according to the California Department of Justice’s website.

ARC is owned and operated by at least eight major U.S. airlines, according to publicly released documents. Its board includes representatives from Delta, United, American Airlines, JetBlue, Alaska Airlines, Canada’s Air Canada, and European airlines Air France and Lufthansa. 

Public procurement records show agencies such as ICE, CBP, ATF, TSA, the SEC, the Secret Service, the State Department, the U.S. Marshals, and the IRS have purchased ARC data. Agencies have given no indication they use a search warrant or other legal mechanism to search the data. In response to inquiries from 404 Media, ATF said it follows “DOJ policy and appropriate legal processes” and the Secret Service declined to answer.

An ARC spokesperson previously told 404 Media in an email that TIP “was established by ARC after the September 11, 2001, terrorist attacks and has since been used by the U.S. intelligence and law enforcement community to support national security and prevent criminal activity with bipartisan support. Over the years, TIP has likely contributed to the prevention and apprehension of criminals involved in human trafficking, drug trafficking, money laundering, sex trafficking, national security threats, terrorism and other imminent threats of harm to the United States.” At the time, the spokesperson added “Pursuant to ARC’s privacy policy, consumers may ask ARC to refrain from selling their personal data.”

Lawmakers have called on the Federal Trade Commission (FTC) to investigate Flock for allegedly violating federal law by not enforcing multi-factor authentication (MFA), according to a letter shared with 404 Media. The demand comes as a security researcher found Flock accounts for sale on a Russian cybercrime forum, and 404 Media found multiple instances of Flock-related credentials for government users in infostealer infections, potentially providing hackers or other third parties with access to at least parts of Flock’s surveillance network.

For this interview episode of the 404 Media Podcast, Joseph speaks to Joshua Aaron, the creator of ICEBlock. Apple recently removed ICEBlock from its App Store after direct pressure from the Department of Justice. Joshua and Joseph talk about how the idea for ICEBlock came about, Apple and Google’s broader crackdown on similar apps, and what this all means for people trying to access information about ICE.

Listen to the weekly podcast on Apple Podcasts, Spotify, or YouTube. Become a paid subscriber for early access to these interview episodes and to power our journalism.If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.

• ICEBlock Owner After Apple Removes App: ‘We Are Determined to Fight This’
• Google Calls ICE Agents a Vulnerable Group, Removes ICE-Spotting App ‘Red Dot’
• Apple Banned an App That Simply Archived Videos of ICE Abuses

This is Behind the Blog, where we share our behind-the-scenes thoughts about how a few of our top stories of the week came together. This week, we discuss keeping FOIA reporting in front of a paywall, Ray-Bans, and what pregnate Schoolhouse Rock bills say about our current AI-driven hellscape.

JOSEPH: Yesterday I did a livestreamed event with Freedom of the Press Foundation and WIRED. It was called Unpaywalled: The case for making public records-based reporting free and you can check it out here. 

As you might know, we made a decision very early on with 404 Media, I think in the first week maybe, to not paywall our Freedom of Information Act (FOIA) reporting. There are a few reasons, but the main one simply is that with public records, we think people should be able to see those records without paying. It’s like a government agency publishing certain databases, or census data, or whatever. These are public records and should be published or re-published as such.

Immigration and Customs Enforcement (ICE) does not let people decline to be scanned by its new facial recognition app, which the agency uses to verify a person’s identity and their immigration status, according to an internal Department of Homeland Security (DHS) document obtained by 404 Media. The document also says any face photos taken by the app, called Mobile Fortify, will be stored for 15 years, including those of U.S. citizens.

The document provides new details about the technology behind Mobile Fortify, how the data it collects is processed and stored, and DHS’s rationale for using it. On Wednesday 404 Media reported that both ICE and Customs and Border Protection (CBP) are scanning peoples’ faces in the streets to verify citizenship.

Someone recently managed to get on a Microsoft Teams call with representatives from phone hacking company Cellebrite, and then leaked a screenshot of the company’s capabilities against many Google Pixel phones, according to a forum post about the leak and 404 Media’s review of the material.

The leak follows others obtained and verified by 404 Media over the last 18 months. Those leaks impacted both Cellebrite and its competitor Grayshift, now owned by Magnet Forensics. Both companies constantly hunt for techniques to unlock phones law enforcement have physical access to.

“You don’t got no ID?” a Border Patrol agent in a baseball cap, sunglasses, and neck gaiter asks a kid on a bike. The officer and three others had just stopped the two young men on their bikes during the day in what a video documenting the incident says is Chicago. One of the boys is filming the encounter on his phone. He says in the video he was born here, meaning he would be an American citizen.

When the boy says he doesn’t have ID on him, the Border Patrol officer has an alternative. He calls over to one of the other officers, “can you do facial?” The second officer then approaches the boy, gets him to turn around to face the sun, and points his own phone camera directly at him, hovering it over the boy’s face for a couple seconds. The officer then looks at his phone’s screen and asks for the boy to verify his name. The video stops.

We start this week with Jason’s explanation of what Grokipedia is, and how it compares to the very much human-made Wikipedia. After the break, we talk all about the hell of updating Windows PCs and what that means specifically for Windows 10 users. In the subscribers-only section, Emanuel explains what a16z is doing with a ‘speedrun’ to a wholly AI-generated world.

Listen to the weekly podcast on Apple Podcasts, Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.

• Dark Wire: The Incredible True Story of the Largest Sting Operation Ever⁠
• First Contact: The Story of Our Obsession with Aliens
• Grokipedia Is the Antithesis of Everything That Makes Wikipedia Good, Useful, and Human
• Elon Musk's Grokipedia Pushes Far-Right Talking Points
• The End of Windows 10 Support Is an E-Waste Disaster in the Making
• Nathan Proctor interview
• a16z-Backed Startup Sells Thousands of ‘Synthetic Influencers’ to Manipulate Social Media as a Service
• a16z Is Funding a 'Speedrun' to AI-Generated Hell on Earth

Con Edison, the energy company that serves New York City, refuses to say whether ICE or other federal agencies require a search warrant or court order to access its customers’ sensitive data. Con Edison’s refusal to answer questions comes after 404 Media reviewed court records showing Homeland Security Investigations (HSI), a division of ICE, has previously obtained such data, and the FBI performing what the records call ‘searches’ of Con Edison data.

The records and Con Edison’s stonewalling raise questions about how exactly law enforcement agencies are able to access the utility provider’s user data, whether that access is limited in any way, and whether ICE still has access during its ongoing mass deportation effort.

The Department of Homeland Security (DHS) is trying to force Meta to unmask the identity of the people behind Facebook and Instagram accounts that post about Immigration and Customs Enforcement (ICE) activity, arrests, and sightings by claiming the owners of the account are in violation of a law about the “importation of merchandise.” Lawyers fighting the case say the move is “wildly outside the scope of statutory authority,” and say that DHS has not even indicated what merchandise the accounts, called Montcowatch, are supposedly importing.

The sound of power tools screech in what looks like a workshop with aluminum bubble wrap insulation plastered on the walls and ceiling. A shirtless man picks up a can of compressed air from the workbench and sprays it. He’s tinkering with a pair of Meta Ray-Ban smart glasses. At one point he squints at a piece of paper, as if he is reading a set of instructions. 

Meta’s Ray-Ban glasses are the tech giant’s main attempt at bringing augmented reality to the masses. The glasses can take photos, record videos, and may soon use facial recognition to identify people. Meta’s glasses come with a bright LED light that illuminates whenever someone hits record. The idea is to discourage stalkers, weirdos, or just anyone from filming people without their consent. Or at least warn people nearby that they are. Meta has designed the glasses to not work if someone covers up the LED with tape.

That protection is what the man in the workshop is circumventing. This is Bong Kim, a hobbyist who modifies Meta Ray-Ban glasses for a small price. Eventually, after more screeching, he is successful: he has entirely disabled the white LED that usually shines on the side of Meta’s specs. The glasses’ functions remain entirely intact; the glasses look as-new. People just won’t know the wearer is recording.

Apple has removed Tea, the women’s safety app which went viral earlier this year before facing multiple data breaches, from the App Store.

“This app is currently not available in your country or region,” a message on the Apple App Store currently says when trying to visit a link to the app.

Apple told 404 Media in an email it removed the app, as well as a copycat called TeaOnHer, for failing to meet the company’s terms of use around content moderation and user privacy. Apple also said it received an excessive number of complaints, including ones about the personal data of minors being posted in the apps. 

The company pointed to parts of its guidelines including that apps are not allowed to share someone’s personal data without their permission, and that apps need a mechanism for reporting objectionable content.

Randy Nelson, head of insights and media resources at app intelligence company Appfigures, first alerted 404 Media to the app’s removal.

We start this week with Joseph’s articles about a hacking group that doxed DHS, ICE, FBI, and DOJ officials. The group then sent us the personal data of officials from the NSA and a bunch of other government agencies. After the break, Emanuel revisits Wikipedia’s AI problem. In the subscribers-only section, Sam explains OpenAI’s inevitable path to an AI sex bot.

Listen to the weekly podcast on Apple Podcasts, Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.

• How Artists Are Keeping 'the Lost Art' of Neon Signs Alive⁠
• ⁠Hackers Dox Hundreds of DHS, ICE, FBI, and DOJ Officials⁠
• Hackers Say They Have Personal Data of Thousands of NSA and Other Government Officials⁠
• Wikipedia Says AI Is Causing a Dangerous Decline in Human Visitors⁠
• OpenAI Catches Up to AI Market Reality: People Are Horny

A hacking group that recently doxed hundreds of government officials, including from the Department of Homeland Security (DHS) and Immigration and Customs Enforcement (ICE), has now built dossiers on tens of thousands of U.S. government officials, including NSA employees, a member of the group told 404 Media. The member said the group did this by digging through its caches of stolen Salesforce customer data. The person provided 404 Media with samples of this information, which 404 Media was able to corroborate.

As well as NSA officials, the person sent 404 Media personal data on officials from the Defense Intelligence Agency (DIA), the Federal Trade Commission (FTC), Federal Aviation Administration (FAA), Centers for Disease Control and Prevention (CDC), the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), members of the Air Force, and several other agencies.

A group of hackers from the Com, a loose-knit community behind some of the most significant data breaches in recent years, have posted the names and personal information of hundreds of government officials, including people working for the Department of Homeland Security (DHS) and Immigration and Customs Enforcement (ICE).

“I want my MONEY MEXICO,” a user of the Scattered LAPSUS$ Hunters Telegram channel, which is a combination of a series of other hacking group names associated with the Com, posted on Thursday. The message was referencing a claim from the DHS that Mexican cartels have begun offering thousands of dollars for doxing agents. The U.S. government has not provided any evidence for this claim.

A number of easy to access websites use facial recognition to let partners, stalkers, or anyone else uncover specific peoples’ Tinder profiles, reveal their approximate physical location at points in time, and track changes to their profile including their photos, according to 404 Media’s tests.

Ordinarily it is not possible to search Tinder for a specific person. Instead, Tinder provides users potential matches based on the user’s own physical location. The tools on the sites 404 Media has found allow anyone to search for someone’s profile by uploading a photo of their face. The tools are invasive of anyone’s privacy, but present a significant risk to those who may need to avoid an abusive ex-partner or stalker. The sites mostly market these tools as a way to find out if their partner is cheating on them, or at minimum using dating apps like Tinder.

A division of ICE, the Secret Service, and the Navy’s criminal investigation division all had access to Flock’s nationwide network of tens of thousands of AI-enabled cameras that constantly track the movements of vehicles, and by extension people, according to a letter sent by Senator Ron Wyden and shared with 404 Media. Homeland Security Investigations (HSI), the section of ICE that had access and which has reassigned more than ten thousand employees to work on the agency’s mass deportation campaign, performed nearly two hundred searches in the system, the letter says.

In the letter Senator Wyden says he believes Flock is uninterested in fixing the room for abuse baked into its platform, and says local officials can best protect their constituents from such abuses by removing the cameras entirely.

The letter shows that many more federal agencies had access to the network than previously known. We previously found, following local media reports, that Customs and Border Protection (CBP) had access to 80,000 cameras around the country. It is now clear that Flock’s work with federal agencies, which the company described as a pilot, was much larger in scope.