Flock Exposed Its AI-Powered Cameras to the Internet. We Tracked Ourselves

Original Article ↗ Hacker News Discussion ↗

Security failures and AI escalation

  • Commenters see the exposed Flock cameras as more than a simple “misconfiguration”: basic auth, default security, and QC appear worse than consumer ISP routers or cheap IP cams.
  • Corporate incentives (cutting support costs, minimizing friction for installers) are blamed for shipping devices with no meaningful security.
  • The new AI/auto‑PTZ features are viewed as a qualitative shift: instead of a passive feed you must watch, the system actively detects motion, zooms on faces/plates, and tracks targets—turning an open camera into a real‑time stalking and reconnaissance tool.
  • Some contrast this with older Shodan‑indexed cameras and ALPRs: the novelty isn’t cameras on the internet, but AI‑driven targeting plus central search.

Surveillance, power, and recurring abuse

  • Many argue the core problem is the existence of mass, persistent ALPR/surveillance networks at all—not just who can currently access them.
  • Numerous anecdotes and links describe police repeatedly abusing database access to stalk ex‑partners or random women; similar patterns are reported in multiple countries and even intelligence agencies.
  • Commenters note cooperation with immigration enforcement and cross‑jurisdiction sharing (e.g., abortion tracking, ICE access), calling this a nationwide dragnet with weak RBAC and oversight.
  • Some emphasize that surveillance historically was constrained by manpower; AI removes that limit, enabling cheap, total monitoring.

Legal and constitutional angles

  • There is debate over “no expectation of privacy in public”: some say this makes ALPR legal; others cite newer precedents suggesting mass, long‑term location tracking may implicate Fourth Amendment protections.
  • Several stress that stalking and targeted misuse are illegal, but legal regimes treat large‑scale corporate/state data collection differently from individual behavior.
  • One concern is that Bill of Rights protections intended to restrain government are being inverted to justify government‑ and corporate‑run surveillance.

Public access vs exclusive access

  • A minority argue that if such systems must exist, making feeds public could diffuse power, increase awareness, and deter deployment (e.g., when courts deem data public records, cities remove cameras).
  • Critics respond that open feeds radically increase stalking, doxxing, and commercial tracking, shifting power from local individuals to distant actors with compute and storage.

Flock, investors, and “Surveillance Valley”

  • Flock is portrayed as emblematic of venture‑funded surveillance capitalism: aggressive growth goals, dense coverage in some cities, and close alignment with law enforcement.
  • YC and major VCs’ backing—and public defenses from startup figures—are heavily criticized as prioritizing profit and “law and order” optics over civil liberties.
  • Some note ALPR adoption would likely continue even without Flock; others say Flock’s branding, lobbying, and ambition to “blanket” cities make it a natural focal point for pushback.

Proposed responses and pessimism

  • Suggested responses include municipal bans or strict ordinances, using tools like deflock.me and alpr.watch to organize locally, litigation against vendors, and public‑records tactics that make deployments politically toxic.
  • Others mention more direct (and illegal) tactics like vandalizing cameras, arguing the repair burden is asymmetric.
  • Many are pessimistic, comparing this to TSA: an intrusive system normalized over decades, where outrage fades and infrastructure persists.