"Flock Safety" is a company that makes "ALPR" cameras (automated license plate recognition, in reality they go far beyond just reading license plates), they've been getting a lot of attention recently because people are worried about privacy and abuse.
ANPR cameras which the rest of the world (and apparently America) have had for decades have recently become big news in America, I believe because they're now being used for immigration purposes?
I'm not sure why these are so bad but generally everyone loves things like Ring cameras which do the same thing but with people rather than vehicles. I suspect there's something in the American Psyche and how they treat cars, and the inherent trust of the billionaires and distrust of "The Feds"
It’s trivial for law enforcement to track your movement with ALPR cameras. Information feeds into a single database, paid for by law enforcement agencies, and they just connect the dots.
Ring camera footage requires law enforcement to get a warrant or for individuals to give consent to supply the footage.
Now tell me which system makes it easier for a cop to stalk their ex.
Besides the obvious privacy concern: at the very least in my state (Illinois), it's not lawful for public bodies to disclose the license plate numbers read from ALPR cameras, so this data set is necessarily incomplete.
But, give it a year or two, and you can replace this whole website with a black background and 72 point white bold text "YES".
There is already case law that makes the records collected by government through these methods no different than any other public records, especially since they are publicly visible license plate numbers.
That has its own problems because it shields/deflects from the bigger issue of being treasonous, i.e., grotesque violation of the law of the Constitution, through mass surveillance that has also already been abused for various kinds of criminal acts by law enforcement.
Flock is a private company, right. That's the whole schtick. Like, Flock can retain records indefinitely for example, they may sell those records to the government but they're a private party.
Yes but: Privatization is an effective way to negate the public's right know.
eg Some companies have claimed trade secret protections to prevent public access. Infamously, election administration vendors like Diebold.
I imagine anyone trying to investigate govt activities conducted by Palantir (for example) will run into similar stonewalling. Even getting the fulltext of contracts can be challenging.
Not automatically. There's aleeady case law(0x1) that ruled that images captured by Flock ALPR cameras are public records, even though the data are stored by Flock (a private vendor), not directly by the city.
The court rejected the notion that “because the data sits on a private server, it’s not a public record.” Instead, it said that since the surveillance is paid for by the public (taxpayers) and used by a public agency, the data must comply with the state’s public-records law.
This shows that — in at least one jurisdiction — using a private company to run ALPRs doesn’t shield the data from public-records requests.
> at the very least in my state (Illinois), it's not lawful for public bodies to disclose the license plate numbers read from ALPR cameras, so this data set is necessarily incomplete.
They de facto are because they only place cameras in public places and on public land by contract with the government in one form or another; be it with a treasonous sheriff or a treasonous state executive and legislature. The public would not be talking about Flock if they had not worked to create a treasonous surveillance state and instead only did things like monitored truck movements in a logistics depot. The private contracts for things like HOA neighborhoods and corporations, e.g., big box store loss prevention and customer data tracking, but those’s are a totally different issue that have nothing to do with the use of public funds and power for mass surveillance.
Put up billboards around metros with a license plate reader that queries this database with each passing car and announce "White Tesla Model Y XYZ-1234 You've been focked for: Inv"
Flock cameras are oriented to read rear plates. One would need a camera similarly configured + a billboard some distance in front, or perhaps 2 billboards, a 1-2 setup + payoff combo, the camera behind the first billboard, and the dynamic text on the second. Pulling up other public data correlated to the plate - where legal - may make a splash. I'm thinking addressing the car owner by their first name.
No, Workers free tier is 100,000 requests/day. Considering the error is on the main page, each visit is probably taking a minimum of 10+ requests, so it can easily be overwhelmed.
No, the paid plan scales to infinity (without having to beg for limit increases like on some other clouds). But ther paid plan has a $5/month base fee, so it's tempting to stay in the free plan if you don't expect to go viral
That is oft-repeated, but case law is starting to show it's not strictly true:
See Mosaic + Carpenter case which say “Yes, each scan is public; yes, aggregation is different. "
Carpenter shows the Court recognizes that aggregated location data can be constitutionally significant.
Individual observability vs. systemic observation:
A passerby can note a single plate at a single place/time. But a system of ALPRs, distributed spatially and continuous in time, indexed and retained, can map a person’s entire movements, associations, repeated visits, and behavioral patterns. That’s exactly the “mosaic” insight: the whole reveals things the pieces don’t. (Maynard / Jones reasoning).
I love these kinds of sites, since they're indistinguishable from honeypots. Sure, have my license plate and the information that I'm worried about being watched.
> With no other identifying info, though, what can they do with a license plate number in isolation?
For typical users not taking extra precautions, visiting a page in a browser is providing additional identifying info, a fact that monetization of the free-as-in-beer web relies heavily upon, but which can be leveraged in other ways, e.g., by a site that draws you in with privacy fears as a technique to get you to submit additional information that can be correlated with it.
Here's what I would do working off just a single license plate number w OSINT.
I would pivot immediately into license plate databases that have been breached. For example, ParkMobile got popped in 2021 and the db has 20.9M license plates in it. prob have low success rate and iirc its pretty US centric. It has their full name, address, phone, email, all kinda data.
If you had paid fancy tools, like Lexis Nexis, you could plug it into there and easily find the owner.
There are also plenty of license plate look sites online where it will tell you the VIN and make/model details.
Idk, would just take digging and keep spidering out with all new info you find. Would yield a few hits eventually.
Sure, and so what? You can look up people on Accurint without license plates. Depending on what kind of account you have, you can just search by a zip code, or a state with no further identifiers.
What would be the point of running a website collecting the license plate numbers of random visitors?
Theres a parking lot... what are the 10 wealthiest car owners...and the 10 frailest oldest people... or maybe the 20 women aged 19-25 blond under 150 pounds... and when do they get off work tired, drive home each day? What's the most isolated gas station,convenience store they stop at? Ones where few other cars pass by? Who's homes don't show a 2nd car in driveway? Owned by 6'5" 200 pound man? Who frequently visits a karate studio?
Or: im a car salesman, in comes a customer, whining abt lowering the price bc Theyre broke... lemme just look up where they eat supper every night! How much time they spend at airports! What school they drop off their kids! Who comes to their house? Nannies? Oh look drug dealers, i can threaten them with blackmail!
Sound ridiculous? All the data brings it into focus. A local detective told me theyre focusing on robberies of $ethnicity restaurants bc that group stockpiles cash in their homes...
And this is all assuming good info, but when u get creative:
..what if we look for mistakes... hey that annoying $religious neighbor pissed me off with his loud music. His kids car shows up as visiting thr wrong side of town..probably a wrong digit but lets report him anyway!!!
Or:
Hey lets scan all the wifi dbs for ssids that seem like defaults, then offer them csam-insurance: you pay me $1000 cash rn and ill insure i dont browse csam from your network! And my alpr data says when youre home and your iot devs tell me when you go to sleep so we'll slip it in at before-bed-wank-time!
Some states, like Michigan, you can request owner information (including address) by a in-person SOS visit and $15 a plate. I've always thought this should be PII and shouldn't be allowed on reddit, for example, where PII is banned. Post a driver with plate in Michigan and you may have doxxed them.
This is intentionally not PII. You accept this burden when you decide to register a vehicle.
Keep in mind you don't need to have a license plate or to register a vehicle to drive it only on private property.
Your license plate is required to be readily visible so that it can be used to find out who the registered and, presumably, responsible party is.
Consider if you skip out on paying for parking at a garage, where you agreed to pay the fee by parking there in the first place. How is the business supposed to identify you to collect the money owed?
Otherwise, how else would automatic private toll roads know where to send the bill?
In Michigan, I believe the law only permits someone to request registration details for certain listed reasons. They don't verify that, but if you're caught submitting a fraudulent request, you can get in trouble - I don't know if it's a fine or crime. Probably depends on the circumstance.
No, because while the leasing company may own the vehicle (known as the title holder) the vehicle will be registered in the lesser's name (known as the registered owner.)
In the case of a car purchased with financing like a loan, I believe the purchaser will be both the title and registered owner, but the lender will have a lien on the vehicle until the debt is paid off.
That, or, establish a trust to own the vehicle and grant yourself permission to use it. It's not exactly trivial to do and costs some money, but it's doable.
You can do similar with an LLC, but that gets more complicated with the rules regarding using a "company" vehicle for personal purposes. IANAL
Similar things are done for things like cellphone plans, firearm ownership, homes, etc.
The only thing I am aware of that you can only do in your own name is register to vote. Almost all of the Michigan voter database can be FOIA'd. It's called the QVF - qualified voter file. Only a few fields in the database (ie, day and month of birth) as well as all voter records for victoms domestic battery are protected by statute.
"Wait, user compliance scan identified location traces associated with participitation in community groups prohibited by EasyLife Health™ policy update 2025-12-06b. Recommend to annul contract."
Wait really? I feel like this was happening in the 90s. Now every car has a full gps spy system integrated to the point I barely trust that my conversation is private in a modern vehicle. But I guess if you think it's just your car company, Android, Apple, roadside assistance, the local police, and probably the music you're playing that can pin your location you're probably ok.
LinkedIn has always struck me like a kind of contemporary slave management/market place, only one in which pick-mes try to be the best alpha slave they can be.
The fact that you are linked in, as in a chain, sure does not help with dispelling my impression.
I totally understand your sentiment, but you could just check a random assortment of license plate numbers you collected while driving around, which also includes yours. At the very least that would effectively obfuscate your license plate sufficiently that it could not be attributed beyond other methods that likely already have done so.
It's a big deal even if it's been happening for a while. It should not be something we shrug our shoulders to and move on. These are stepping stones to a greater police state.
Hello, we at Flock are very sad to announce that your data was leaked, but due to the fact that we operate in a legal grey area to get around laws and are nothing more than the domestic surveillance equivalent to a PMC operating overseas, we invite you get fucked
Why would they break into individual hardware when they have unfettered access to the whole system in certain countries’ cases and can likely just hack into it in more adversarial cases? It is one of the several reasons why … yes, I know YC backed and funded Flock … the company and everyone in government that contracts for them to provide this mass surveillance service, is objectively and inherently treasonous. But don’t shoot the messenger just because people don’t like the message.
“Whoopsie, my negligence I shouldn’t have been engaging in in the first place” is no exemption from being a traitor, betrayal.
What that means for society and if and what it does about it is a different question. Based on historical trends, it all probably won’t matter since we’ve clearly crossed a threshold and the “PPP” tyranny (different from the trillion dollars in PPP loans that were forgiven and contributed to the inflation) is upon us because it wasn’t prevented when it still could have been.
I don’t think people here are even tracking what is going on in TX, UT, LA (and soon to be nation wide); where as of Jan 1st all new accounts will have to provide government ID to install any app on a mobile device.
reply