Flock Hardcoded the Password for America's Surveillance Infrastructure 53 Times

Original Article ↗ Hacker News Discussion ↗

Marketing Claims vs. Reality

  • Flock repeatedly claims it has “never been hacked,” which commenters see as deliberately misleading given repeated basic security failures (e.g., hardcoded credentials, publicly exposed feeds).
  • Several analogies are used: leaving a front door open and insisting the house was “never broken into,” or calling this an “unlocked front door” rather than a backdoor.
  • Prior demos of still-insecure Flock cameras are referenced as evidence that “it’s all fixed now” PR is unreliable.

Nature and Handling of the Vulnerabilities

  • Timeline from the article shows a disclosure in mid‑November with no remediation for over 55 days; many interpret this as clear responsible disclosure and poor response by Flock.
  • Some argue this is not “sheer incompetence” but indifference: fixing it was simply not a priority.
  • Others broaden to systemic causes: underfunded platform/security teams, emphasis on features and marketing over secops, and willful negligence around secret management.
  • A minority questions the article’s technical clarity and notes some screenshots look like client-side JavaScript keys; they suggest impact may be overstated, especially for mapping/ArcGIS-style APIs.

Surveillance Infrastructure Itself

  • Many see Flock’s very existence as the core problem, not just its security: pervasive ALPR and camera networks are framed as unreasonable search and a step toward a “panopticon.”
  • There are calls for a constitutional right to privacy and for updating legal concepts of “no expectation of privacy in public” to account for mass, automated, always‑on surveillance.
  • Debate emerges over whether public camera feeds should be public:
    • Pro side: transparency, self‑protection, and potential to turn people against surveillance.
    • Con side: risk of enabling stalking and abuse; core issue is persistent recording and retention, not mere observation.

Politics, Funding, and Corporate Actors

  • Strong criticism of venture-backed surveillance startups and accelerators that support them; these are described as amoral, profit‑driven, and aligned with an expanding police state.
  • Some note Flock’s late hiring of a CISO and security leadership; a few see this as a positive step, while others argue security for such a system “must be there from day one” and does not mitigate the ethical harm of bulk surveillance.

Local Activism and Resistance

  • Multiple examples are cited of cities canceling or not renewing Flock contracts; organizers describe coordinated campaigns, public education, and exploiting Flock’s own negative press.
  • Commenters describe how vendors cultivate police departments via grants, prewritten policies, and friendly messaging, leading municipalities to swap vendors rather than question surveillance itself.
  • Some report vandalism of cameras and “blade runner”–style resistance, but note legal risk and contracts that stick cities with repair costs.