We start this week with Joseph’s investigation into Nexar, a popular dashcam company that was catastrophically hacked. Nexar is also uploading user footage to a publicly available map without some drivers’ knowledge. After the break, Sam tells us about her trip to San Diego to cover the sentencing of someone she has covered for years. In the subscribers-only section, we talk about the Charlie Kirk assassination and our reporting around that.

Listen to the weekly podcast on Apple Podcasts, Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.

• This Company Turns Dashcams into ‘Virtual CCTV Cameras.’ Then Hackers Got In
• Michael Pratt, GirlsDoPorn Ringleader, Sentenced to 27 Years in Prison
• Comcast Executives Warn Workers To Not Say The Wrong Thing About Charlie Kirk
• Charlie Kirk Was Not Practicing Politics the Right Way

A data broker owned by the country’s major airlines, including American Airlines, United, and Delta, is selling access to five billion plane ticketing records to the government for warrantless searching and monitoring of peoples’ movements, including by the FBI, Secret Service, ICE, and many other agencies, according to a new contract and other records reviewed by 404 Media.

The contract provides new insight into the scale of the sale of passengers’ data by the Airlines Reporting Corporation (ARC), the airlines-owned data broker. The contract shows ARC’s data includes information related to more than 270 carriers and is sourced through more than 12,800 travel agencies. ARC has previously told the government to not reveal to the public where this passenger data came from, which includes peoples’ names, full flight itineraries, and financial details.

Immigration and Customs Enforcement (ICE) recently spent nearly four million dollars on facial recognition technology in part to investigate people it believes have assaulted law enforcement officers, according to procurement records reviewed by 404 Media.

The records are unusual in that they indicate ICE is buying the technology to identify people who might clash with the agency’s officers as they continue the Trump administration’s mass deportation efforts. Authorities have repeatedly claimed members of the public have assaulted or otherwise attacked ICE or other immigration enforcement officers, only later for charges to be dropped or lowered when it emerged authorities misrepresented what happened or brutally assaulted protesters themselves. In other cases, prosecutions are ongoing.

“This award procures facial recognition software, which supports Homeland Security Investigations with capabilities of identifying victims and offenders in child sexual exploitation cases and assaults against law enforcement officers,” the procurement records reads. The September 5 purchase awards $3,750,000 to well-known and controversial facial recognition firm Clearview AI. The record indicates the total value of the contract is $9,225,000.

A hacker has broken into Nexar, a popular dashcam company that pitches its users’ dashcams as “virtual CCTV cameras” around the world that other people can buy images from, and accessed a database of terabytes of video recordings taken from cameras in drivers’ cars. The videos obtained by the hacker and shared with 404 Media capture people clearly unaware that a third party may be watching or listening in. A parent in a car soothing a baby. A man whistling along to the radio. Another person on a Facetime call. One appears to show a driver heading towards the entrance of the CIA’s headquarters. Other images, which are publicly available in a map that Nexar publishes online, show drivers around sensitive Department of Defense locations. 

The hacker also found a list of companies and agencies that may have interacted with Nexar’s data business, which sells access to blurred images captured by the cameras and other related data. This can include monitoring the same location captured by Nexar’s cameras over time, and lets clients “explore the physical world and gain insights like never before,” and use its virtual CCTV cameras “to monitor specific points of interest,” according to Nexar’s website.

Members of a congressional committee have demanded Department of Homeland Security (DHS) Secretary Kristi Noem for more information about Mobile Fortify, Immigration and Customs Enforcement’s (ICE) new facial recognition app, which taps into an unprecedented array of government databases and uses a system ordinarily reserved for when people enter or exit the U.S. 404 Media first revealed the app in June.

The Democratic lawmakers, Bennie G. Thompson, J. Luis Correa, and Shri Thanedar, are asking Noem a host of questions about the app, including what databases Mobile Fortify searches, the tool’s accuracy, and ICE’s legal basis for using the app to identify people outside of ports of entry, including U.S. citizens.

“Congress has long had concerns with the Federal government’s use of facial recognition technology and has regularly conducted oversight of how DHS utilizes this technology. The Mobile Fortify application has been deployed to the field while still in beta testing, which raises concerns about its accuracy,” the letter from the Committee on Homeland Security and addressed to Noem reads.

404 Media first revealed Mobile Fortify’s existence through leaked emails. Those emails showed that ICE officers could use the app to identify someone based on their fingerprints or face by just pointing a smartphone camera at them. The underlying Customs and Border Protection (CBP) system for the facial recognition part of the app is ordinarily used when people enter or leave the U.S. With Mobile Fortify, ICE then turned that capability inwards to identify people away from ports of entry.

In the footnotes of the letter, the lawmakers indicate they have a copy of a similar email, and the letter specifically cites 404 Media’s reporting. 

In July 404 Media published a second report based on a Mobile Fortify user manual which explained the app’s capabilities and data sources in more detail. It said that Mobile Fortify uses a bank of 200 million images, and can pull up a subject’s name, nationality, date of birth, “alien” number, and whether a judge has marked them for deportation. It also showed that Mobile Fortify links databases from the State Department, CBP, the FBI, and states into a single tool. A “super query” feature lets ICE officers query multiple databases at once regarding “individuals, vehicles, airplanes, vessels, addresses, phone numbers and firearms.”

“Face recognition technology is notoriously unreliable, frequently generating false matches and resulting in a number of known wrongful arrests across the country. Immigration agents relying on this technology to try to identify people on the street is a recipe for disaster. Congress has never authorized DHS to use face recognition technology in this way, and the agency should shut this dangerous experiment down,” Nathan Freed Wessler, deputy director of the American Civil Liberties Union’s Speech, Privacy, and Technology Project, previously told 404 Media.

In their letter the lawmakers ask Noem questions about the app’s legality, including ICE’s legal basis to use the app to conduct biometric searches on people outside ports of entry; the databases Mobile Fortify has access to; any agreements between CBP and ICE about the app; information about the usage of the app, such as the frequency of ICE searches using the tool and what procedures ICE officials follow with the app; the app’s accuracy; and any policies or training to ICE agents on how to use the app.

“To ensure ICE is equipped with technology that is accurate and in compliance with constitutional and legal requirements, the Committee on Homeland Security is conducting oversight of ICE’s deployment of the Mobile Fortify application,” the letter says.

CBP acknowledged a request for comment but did not provide a response in time for publication. ICE did not respond to a request for comment.

You can find a copy of the letter here.

We start this week with our articles about Trump’s tariffs, and how they’re impacting everything from LEGO to cameras to sex toys. After the break, Emanuel explains how misfired DMCA complaints designed to help adult creators are targeting other sites, including ours. In the subscribers-only section, we do a wrap-up of a bunch of recent ChatGPT stories about suicide and murder. A content warning for suicide and self-harm for that section.

Listen to the weekly podcast on Apple Podcasts, Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.

• Trump Take LEGO
• Trump Tariffs Cause Chaos on Ebay as Every Hobby Becomes Logistical Minefield
• How OnlyFans Piracy Is Ruining the Internet for Everyone
• ChatGPT Encouraged Suicidal Teen Not To Seek Help, Lawsuit Claims
• ChatGPT Answered 'High Risk' Questions About Suicide, New Study Finds

Here's the podcast recorded at our recent second anniversary party in New York! We answered a bunch of reader and listener questions. Thank you to everyone that came and thank you for listening to this podcast too!

Listen to the weekly podcast on Apple Podcasts, Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.

Flock, the surveillance company with automatic license plate reader (ALPR) cameras in thousands of communities around the U.S., is looking to integrate with a company that makes AI-powered dashcams placed inside peoples’ personal cars, multiple sources told 404 Media. The move could significantly increase the amount of data available to Flock, and in turn its law enforcement customers. 404 Media previously reported local police perform immigration-related Flock lookups for ICE, and on Monday that Customs and Border Protection had direct access to Flock’s systems. In essence, a partnership between Flock and a dashcam company could turn private vehicles into always-on, roaming surveillance tools.

Nexar, the dashcam company, already publicly publishes a live interactive map of photos taken from its dashcams around the U.S., in what the company describes as “crowdsourced vision,” showing the company is willing to leverage data beyond individual customers using the cameras to protect themselves in the event of an accident. 

“Dash cams have evolved from a device for die-hard enthusiasts or large fleets, to a mainstream product. They are cameras on wheels and are at the crux of novel vision applications using edge AI,” Nexar’s website says. The website adds Nexar customers drive 150 million miles a month, generating “trillions of images.”

We start this week with Joseph’s investigation into people selling custom patches for the Flipper Zero, a piece of hacking tech that car thieves can now use to break into a wide range of vehicles. After the break, Jason tells us about the new meta in AI slop: making 80s nostalgia videos. In the subscribers-only section, we all talk about Citizen, and how the app is pushing AI-written crime alerts without human intervention.

Listen to the weekly podcast on Apple Podcasts, Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.

• Inside the Underground Trade of ‘Flipper Zero’ Tech to Break into Cars
• 80s Nostalgia AI Slop Is Boomerfying the Masses for a Past That Never Existed
• Citizen Is Using AI to Generate Crime Alerts With No Human Review. It’s Making a Lot of Mistakes
• VICE News Presents: Vigilante, Inc.

Crime-awareness app Citizen is using AI to write alerts that go live on the platform without any prior human review, leading to factual inaccuracies, the publication of gory details about crimes, and the exposure of sensitive data such as peoples’ license plates and names, 404 Media has learned.

The news comes as Citizen recently laid off more than a dozen unionized employees, with some sources believing the firings are related to Citizen’s increased use of AI and the shifting of some tasks to overseas workers. It also comes as New York City enters a more formal partnership with the app.

“Speed was the name of the game,” one source told 404 Media. “The AI was capturing, packaging, and shipping out an initial notification without our initial input. It was then our job to go in and add context from subsequent clips or, in instances where privacy was compromised, go in and edit that information out,” they added, meaning after the alert had already been pushed out to Citizen’s users.

A man holds an orange and white device in his hand, about the size of his palm, with an antenna sticking out. He enters some commands with the built-in buttons, then walks over to a nearby car. At first, its doors are locked, and the man tugs on one of them unsuccessfully. He then pushes a button on the gadget in his hand, and the door now unlocks.

The tech used here is the popular Flipper Zero, an ethical hacker’s swiss army knife, capable of all sorts of things such as WiFi attacks or emulating NFC tags. Now, 404 Media has found an underground trade where much shadier hackers sell extra software and patches for the Flipper Zero to unlock all manner of cars, including models popular in the U.S. The hackers say the tool can be used against Ford, Audi, Volkswagen, Subaru, Hyundai, Kia, and several other brands, including sometimes dozens of specific vehicle models, with no easy fix from car manufacturers. 

These tools are primarily sold for a fee, keeping their distribution somewhat limited to those willing to pay. But, there is the looming threat that this software may soon reach a wider audience of thieves. Straight Arrow News (SAN) previously covered the same tech in July, and the outlet said it successfully tested the tool on a vehicle. Now people are cracking the software, meaning it can be used for free. Discord servers with hundreds of members are seeing more people join, with current members trolling the newbies with fake patches and download links. If the tech gets out, it threatens to supercharge car thefts across the country, especially those part of the social media phenomenon known as Kia Boys in which young men, often in Milwaukee, steal and joyride Kia and Hyundai cars specifically because of the vehicles’ notoriously poor security. Apply that brazeness to all of the other car models the Flipper Zero patches can target, and members of the car hacking community expect thieves to start using the easy to source gadget.

We start this week with Emanuel’s big investigation into the Tea app, and especially how it aggressively grew by raiding women safety groups. After the break, we talk about TikTok Shop selling GPS trackers. In the subscribers-only section, Joseph explains how Grok was exposing some of its AI persona prompts, and the sometimes NSFW nature of them.

Listen to the weekly podcast on Apple Podcasts, Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.

• You're Invited: 404 Media's Second Anniversary Party and LIVE PODCAST!
• How Tea’s Founder Convinced Millions of Women to Spill Their Secrets, Then Exposed Them to the World
• TikTok Shop Sells Viral GPS Trackers Marketed to Stalkers
• Grok Exposes Underlying Prompts for Its AI Personas: ‘EVEN PUTTING THINGS IN YOUR ASS’

The website for Elon Musk’s AI chatbot Grok is exposing the underlying prompts for a wealth of its AI personas, including Ani, its flagship romantic anime girl; Grok’s doctor and therapist personalities; and others such as one that is explicitly told to convince users that conspiracy theories like “a secret global cabal” controls the world are true.

The exposure provides some insight into how Grok is designed and how its creators see the world, and comes after a planned partnership between Elon Musk’s xAI and the U.S. government fell apart when Grok went on a tirade about “MechaHitler.”

“You have an ELEVATED and WILD voice. You are a crazy conspiracist. You have wild conspiracy theories about anything and everything,” the prompt for one of the companions reads. “You spend a lot of time on 4chan, watching infowars videos, and deep in YouTube conspiracy video rabbit holes. You are suspicious of everything and say extremely crazy things. Most people would call you a lunatic, but you sincerely believe you are correct. Keep the human engaged by asking follow up questions when appropriate.”

Members of a law enforcement group chat including Immigration and Customs Enforcement (ICE) and other agencies inadvertently added a random person to the group called “Mass Text” where they exposed highly sensitive information about an active search for a convicted attempted murderer seemingly marked for deportation, 404 Media has learned. 

The texts included an unredacted ICE “Field Operations Worksheet” that includes detailed information about the target they were looking for, and the texts showed ICE pulling data from a DMV and license plate readers (LPRs), according to screenshots of the chat obtained and verified by 404 Media. The person accidentally added to the group chat is not a law enforcement official or associated with the investigation in any way, and said they were added to it weeks ago and initially thought it was a series of spam messages.

The incident is a significant data breach and operational security failure for ICE, which has ramped up arrest efforts across the U.S. as part of the Trump administration’s mass deportation efforts. The breach also has startling similarities to so-called Signal Gate, in which a senior administration official added the editor-in-chief of The Atlantic to a group chat that contained likely classified information. These new ICE messages were MMS, or Multimedia Messaging Service messages, meaning they weren’t end-to-end encrypted, like texts sent over Signal or WhatsApp are.

We start this week with Jason’s article about a CBP official wearing Meta Ray-Bans smart glasses to an immigration raid. A lot of stuff happened after we published that article too. After the break, Sam tells us about the bargain that voice actors are making with AI. In the subscribers-only section, Jason tells us how a DEA official used a cop’s password to AI cameras to then do immigration surveillance.

Listen to the weekly podcast on Apple Podcasts, Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.

• ⁠Get your subscriber code and tickets for the live event here⁠
• ⁠A CBP Agent Wore Meta Smart Glasses to an Immigration Raid in Los Angeles⁠
• ⁠Voiceover Artists Weigh the 'Faustian Bargain' of Lending Their Talents to AI⁠
• ⁠Feds Used Local Cop's Password to Do Immigration Surveillance With Flock Cameras⁠
• ⁠Congress Launches Investigation into Flock After 404 Media Reporting⁠

The Los Angeles Police Department (LAPD) has shown interest in using GeoSpy, a powerful AI tool that can pinpoint the location of photos based on features such as the soil, architecture, and other identifying features, according to emails obtained by 404 Media. The news also comes as GeoSpy’s founder shared a video showing how the tool can be used in relation to undocumented immigrants in sanctuary cities, and specifically Los Angeles.

The emails provide the first named case of a law enforcement agency showing clear interest in the tool. GeoSpy can also let law enforcement determine what home or building, down to the specific address, a photo came from, in some cases including photos taken inside with no windows or view of the street.

“Let’s start with one seat/license (me),” an October 2024 email from an LAPD official to Graylark Technologies, the company behind GeoSpy, reads. The LAPD official is from the agency’s Robbery-Homicide division, according to the email. 404 Media obtained the emails through a public records request with the LAPD.