404 Media

2025-10-07 13:25:06

Sora 2 Watermark Removers Flood the Web

Sora 2, Open AI’s new AI video generator, puts a visual watermark on every video it generates. But the little cartoon-eyed cloud logo meant to help people distinguish between reality and AI-generated bullshit is easy to remove and there are half a dozen websites that will help anyone do it in a few minutes.

A simple search for “sora watermark” on any social media site will return links to places where a user can upload a Sora 2 video and remove the watermark. 404 Media tested three of these websites, and they all seamlessly removed the watermark from the video in a matter of seconds.
playlist.megaphone.fm?p=TBIEA2…
Hany Farid, a UC Berkeley professor and an expert on digitally manipulated images, said he’s not shocked at how fast people were able to remove watermarks from Sora 2 videos. “It was predictable,” he said. “Sora isn’t the first AI model to add visible watermarks and this isn’t the first time that within hours of these models being released, someone released code or a service to remove these watermarks.”
youtube.com/embed/QvkJlMWUUxU?…
Hours after its release on September 30, Sora 2 emerged as a copyright violation machine full of Nazi SpongeBobs and criminal Pickachus. Open AI has tamped down on that kind of content after the initial thrill of seeing Rick and Morty shill for crypto sent people scrambling to download the app. Now that the novelty is wearing off we’re grappling with the unpleasant fact that Open AI’s new tool is very good at making realistic videos that are hard to distinguish from reality.

To help us all from going mad, Open AI has offered watermarks. “At launch, all outputs carry a visible watermark,” Open AI said in a blog post. “All Sora videos also embed C2PA metadata—an industry-standard signature—and we maintain internal reverse-image and audio search tools that can trace videos back to Sora with high accuracy, building on successful systems from ChatGPT image generation and Sora 1.”

But experts say that those safeguards fall short. “A watermark (visual label) is not enough to prevent persistent nefarious users attempting to trick folks with AI generated content from Sora,” Rachel Tobac, CEO of SocialProof Security, told 404 Media.

Tobac also said she’s seen tools that dismantle AI-generated metadata by altering the content’s hue and brightness. “Unfortunately we are seeing these Watermark and Metadata Removal tools easily break that standard,” Tobac said of the C2PA metadata. “This standard will still work for less persistent AI slop generators, but will not stop dedicated bad actors from tricking people.”

As an example of how much trouble we’re in, Tobac pointed to an AI-generated video that went viral on TikTok over the weekend she called “stranger husband train.” In the video, a woman riding the subway cutely proposes marriage to a complete stranger sitting next to her. He accepts. One instance of the video has been liked almost 5 million times on TikTok. It didn’t have a watermark.

“We're already seeing relatively harmless AI Sora slop confusing even the savviest of Gen Z and Millennial users,” Tobac said. “With many typically-savvy commenters naming how ‘cooked’ we are because they believed it was real. This type of viral AI slop account will attempt to make as much money from the creator fund as possible before social media companies learn they need to invest in detecting and limiting AI slop, before their platform succumbs to the Slop Fest.”

But it’s not just the slop. It’s also the scams. “At its most innocuous, AI generated content without watermarking and metadata accelerates the enshittification of the internet and tricks people with inflammatory content,” Tobac said. “At its most malignant, AI generated content without watermarking and metadata could lead to every day people losing their savings in scams, becoming even more disenfranchised during election season, could tank a stock price within a few hours, could increase the tension between differing groups of people, and could inspire violence, terrorism, stampede or panic amongst everyday folks.”

Tobac showed 404 Media a few horrifying videos to illustrate her point. In one, a child pleads with their parents for bail money. In another, a woman tells the local news she’s going home after trying to vote because her polling place was shut down. In a third, Sam Altman tells a room that he can no longer keep Open AI afloat because the copyright cases have become too much to handle. All of the videos looked real. None of them have a watermark.

“All of these examples have one thing in common,” Tobac said. “They’re attempting to generate AI content for use off Sora 2’s platform on other social media to create mass or targeted confusion, harm, scams, dangerous action, or fear for everyday folk who don’t understand how believable AI can look now in 2025.”

Farid told 404 Media that Sora 2 wasn’t uniquely dangerous. It’s just one among many. “It is part of a continuum of AI models being able to create images and video that are passing through the uncanny valley,” he said. “Having said that, both Veo 3 and Sora 2 are big steps in our ability to create highly visual compelling videos. And, it seems likely that the same types of abuses we’ve seen in the past will be supercharged by these new powerful tools.”

According to Farid, Open AI is decent at employing strategies like watermarks, content credentials, and semantic guardrails to manage malicious use. But it doesn’t matter. “It is just a matter of time before someone else releases a model without these safeguards,” he said.

Both Tobac and Farid said that the ease at which people can remove watermarks from AI-generated content wasn’t a reason to stop using watermarks. “Using a watermark is the bare minimum for an organization attempting to minimize the harm that their AI video and audio tools create,” Tobac said, but she thinks the companies need to go further. “We will need to see a broad partnership between AI and Social Media companies to build in detection for scams/harmful content and AI labeling not only on the AI generation side, but also on the upload side for social media platforms. Social Media companies will also need to build large teams to manage the likely influx of AI generated social media video and audio content to detect and limit the reach for scammy and harmful content.”

Tech companies have, historically, been bad at that kind of moderation at scale.

“I’d like to know what OpenAI is doing to respond to how people are finding ways around their safeguards,” Farid said. “We are seeing, for example, Sora not allowing videos that reference Hitler in the prompt, but then users are finding workarounds by simply describing what Hitler looks like (e.g., black hair, black military outfit and a Charlie Chaplin mustache.) Will they adapt and strengthen their guardrails? Will they ban users from their platforms? If they are not aggressive here, then this is going to end badly for us all.”

Open AI did not respond to 404 Media’s request for comment.

Megaphone Embeddable Player

^{playlist.megaphone.fm}

404 Media

2025-10-07 13:01:32

Police Said They Surveilled Woman Who Had an Abortion for Her 'Safety.' Court Records Show They Considered Charging Her With a Crime

In May, 404 Media reported that the Johnson County Sheriff’s Office in Texas searched a nationwide network of Flock cameras, a powerful AI-enabled license plate surveillance tool, to look for a woman who self-administered an abortion. At the time, the sheriff told us that the search had nothing to do with criminality and that they were concerned solely about the woman’s safety, specifically the idea that she could be bleeding to death from the abortion. Flock itself said “she was never under criminal investigation by Johnson County. She was being searched for as a missing person, not as a suspect of a crime.”

But newly unearthed court documents about the incident show that when the search was performed, police were conducting a “death investigation” into the death of the fetus, and police discussed whether they could charge the woman with a crime with the District Attorney’s office on the same day that they performed the Flock search. The documents, obtained by the Electronic Frontier Foundation (EFF) and shared with 404 Media, also show that the Flock search was performed more than two weeks after the woman had the abortion. The documents were created as part of an arrest affidavit against the woman’s partner, who was arrested for allegedly abusing and threatening her at gunpoint on the day she took the abortion pill.

In documents created prior to the publication of our article, there is zero mention of concern about the woman’s safety. The records show that the police retroactively created a separate document about the Flock search a week after our article was published, in which they justify the search by saying they were concerned for her safety.

404 Media’s initial reporting on the incident became national news, has been cited in several government investigations into how Flock is used by police, and has led to several reforms by Flock itself. The company and its CEO, Garrett Langley, have repeatedly used it as a high-profile example of an ‘activist’ media that is biased against his company. The documents show that the narrative pushed by the Johnson County Sheriff’s Office and repeated by Flock is not the full story, and that police did consider charging the woman with a crime.

“For months, Flock Safety and the Johnson County Sheriff insisted that she was being searched for as a missing person and accused journalists and advocates of spreading 'clickbait' misinformation,” Rin Alajaji, legislative activist at the EFF, told 404 Media. “Now we have the official records, and they prove the exact opposite: Texas deputies did investigate this woman's abortion as a ‘death investigation,’ they did use Flock Safety’s ALPR network to track her down, and they did consult prosecutors about charging her. The only misinformation came from the company and the sheriff trying to cover their tracks. We’ve warned about this for over a decade now: when a single search can access more than 83,000 cameras across nearly the entire country, the potential for abuse is enormous. This makes it crystal clear that neither the companies profiting from this technology nor the agencies deploying it can be trusted to tell the full story about how it's being used.”

The documents highlight how Flock, whose cameras are installed in thousands of communities around the country, and which 404 Media has revealed police use on behalf of ICE, ultimately may not know what its customers are using the technology for. Flock declined to comment for this article.

According to the documents obtained by the EFF and shared with 404 Media, police came to the woman’s house to investigate the incident on May 9, after the woman’s partner called the police to report that she had an abortion on April 23, more than two weeks earlier. The arrest report states that they had opened a “death investigation case” regarding the fetus. The woman was not at the house at the time, though there is no indication in the arrest report that the man or the police were concerned about her whereabouts at the time.

“The incident of the abortion/miscarriage occurred on April 23, 2025,” an affidavit for the arrest of her partner says. The partner told police that he was “unaware” that the woman “had ordered a medication, off the internet, from California, that would cause her to abort or miscarry.”

The woman “aborted/miscarried while he was outside and he came in and found blood in the bathroom with what he believed was the non-viable fetus,” it says. They “got into a verbal argument and she left and had not been back to [the house] since that day. [He] collected what he thought was the fetus and put it in the freezer. When [he] was asked why he waited so long to report the incident, his answer was he had to process the event and call his family attorney.”

“Detective [Calvin] Miller [a detective on the scene] was provided FedEx packaging the pill was sent in, photographs of what [the man] believed to be a fetus and the instructions on how to take the medication,” it adds.

Crucially, the affidavit notes “it was discussed at the time with the District Attorney’s Office and learned the State could not statutorily charge [the woman] for taking the pill to cause the abortion or miscarriage of the non-viable fetus.”

That same day, Johnson County Sheriff’s Department officials searched the national Flock network—consisting at the time of 88,345 cameras across the country—for the license plate belonging to a Land Rover. The stated reason was “had an abortion, search for female.” The documents do not say the time when the conversation with the District Attorney about possibly charging the woman took place, so it is unclear whether this happened before or after the Flock search. The Johnson County Sheriff’s Office and District Attorney’s Office did not respond to requests for comment for this article sent via email, phone, and fax.

Several days later, on May 14, the woman went to the police and told them that she wanted to tell them her side of the story. According to the affidavit, she said that her partner assaulted her the day she took the pill, and she showed them text messages “where they discussed her ordering the pill and taking the pill.” At some point on April 23, the day she took the pill, the two began arguing. The woman said the man allegedly put a gun to her head in front of the couple’s toddler. She says that he hit her with the butt of the gun, threw her on the bed, choked her, put the gun to her head and demanded that she “beg for your life.” “Scream all you want, no one can hear you, no one is coming to help you,” he said, according to the arrest report. “I’ll kill you right now and take off with the baby.” The man was arrested and charged with assault on May 22.

On May 28, nearly a week after the woman’s partner was arrested for assault, 404 Media learned of the May 9 Flock search by the Johnson County Sheriff’s Office using records that were obtained using a public records request. The documents showed thousands of Flock searches throughout the United States, and the reason police stated for doing a given search. We learned that Johnson County performed a search on a Land Rover for the reason of “had an abortion, search for female,” which was particularly notable because abortion rights experts have worried that police surveillance would be turned against women seeking abortions.

On May 29, we reached out to Flock for comment on the incident. Flock told us that the stated reason for the search was not the full story, and that we should call Johnson County Sheriff Adam King to learn more (we had already reached out to the sheriff’s office for comment). “According to the sheriff's office, the deputy did not search for a woman seeking an abortion. In fact, it appears as though the woman may have had self-induced wounds from an unsafe abortion, and the family called the sheriff's office looking for her because she went missing,” a Flock spokesperson said at the time.

404 Media called King, and had a nine-minute phone call with him, during which he asked multiple members of his staff for details about why the search was done and what happened. King told 404 Media that “I wanted to make sure y’all understood what that was: It wasn’t us trying to block a woman from having an abortion. It was a self-administered abortion she gave herself and her family was worried that she was going to bleed to death, and we were trying to find her to get her to a hospital. We weren’t trying to block her from leaving the state or whatever. That wasn’t the case. We just wanted to get her some medical help and that’s why we did the query on Flock.”

“The family was worried she was bleeding and needed immediate medical attention and we weren’t able to get her on the phone, they weren’t able to get her on the phone, that’s why we were checking Flock trying to find her, but it was for her safety,” he said. “That’s all it was about, her safety.”

The only family member mentioned in the court documents is the woman’s partner, who was arrested for allegedly abusing and threatening her. The Flock search is also not mentioned in the court documents, but it makes clear that the police were told at the time they learned about the abortion that it had actually taken place more than two weeks prior. There is no mention of concern about the woman’s safety in the narrative of events in the arrest report, though there is discussion of police considering whether they would be allowed to charge her with a crime.

On June 5, more than a week after 404 Media’s article was published and following subsequent national attention on the story, the Johnson County Sheriff’s Office created a new “supplemental report” about the incident in which the officer who ran the Flock search retroactively explained that he was worried about the woman’s safety and used both Flock and another powerful surveillance tool, TLO, to look her up. This supplemental report was also obtained by the EFF and shared with 404 Media.

“Deputies started to ask communication’s [sic] about looking up the victim due to a large amount of blood being found in the residence,” it states. “I never made scene on this call, just was assisting with trying to locate the victim and her children to check their welfare. I began to believe the victim may have been hurt by the [reporting person, the woman’s partner] due to the call and it not making sense […] I wanted to use resources available to help find where the victim and her children could be to make sure they were okay.”

The report, which does not mention the word “abortion” anywhere, then states that they found her license plate and an address in Dallas. The officer ran a Flock search as well as “a TLO report,” which gave him an additional address to search. TLO is a powerful lookup tool that uses information pulled from credit report header data. 404 Media has reported extensively on this tool in the past.
The case supplemental report shows it was created only after our article was initially publishedFrom the case supplemental report, created June 5
“I entered the vehicle into FLOCK to see if we could see where the victim and her children might be at due to multiple different locations being given for the victim and her children. Deputies had attempted to try and contact the female, but were unsuccessful. The FLOCK hit showed the victim had been in Dallas prior but nothing recent. The reason for the FLOCK search was to find out what city the victim and her children might be in and give us an idea of where to look for them, due to the large area of where the victim and her children cold [sic] be at.”

On June 13, King separately told the Dallas Morning News that “There was no big conspiracy there to be the abortion police [...] That wasn’t our deal, it was all about her safety.” The Dallas Morning News cited a “partial report” that it obtained which appears to be this June 5 document, which notes the “large amount of blood.”

Since we first reported on this incident, Flock and its CEO, Garrett Langley, have repeatedly stated that our reporting on the incident and an EFF blog post about it was “clickbait,” misleading, and that it oversold what happened in Johnson County. It is not clear if Flock has seen the arrest report or what Johnson County Sheriff’s Office told the company. But Flock and Langley have used King’s initial narrative of the incident to criticize media reporting of the company.

“In this case, it was an unfortunate example of where an activist journalist had a narrative in their mind and they didn’t want to look at the facts of the story, because the facts are, we have one of the most transparent systems one could build,” Langley told Forbes last month. “There was a single word ‘abortion,’ in the search. The natural conclusion is, ‘Oh, they’re searching for this woman because she had an abortion.’ But when you talk to the police department, it’s actually quite a more nuanced story, which is the family called the police department because they were worried for her well-being. It was a missing person’s case because she did administer a self-abortion. They found that woman not too far away eventually. And so when I look at this, I go ‘This is everything’s working as it should be.’”

“A family was concerned for a family member. They used Flock to help find her when she could have been unwell. She was physically OK, which is great, but due to the current political climate, this was really good clickbait,” Langley said.

The only adult “family member” of the woman who’s mentioned in police reports is her partner, who the woman left after he attacked her with a gun.

Flock and Langley also posted a blog in the aftermath of our reporting and the EFF’s own blog post about the incident in which he said the story was “clickbait-driven reporting and social media rumors,” about the case, and that the Texas abortion case “was purposefully misleading reporting.”

The EFF, he wrote, “is actively perpetuating narratives that have been proven false, even after the record has been corrected.”

“The Sheriff’s Office has reported that a local family called to ask for help–a relative had self-administered an abortion and subsequently ran away. Her family feared she was hurt and asked the Sheriff’s deputy to search for her to the best of their abilities. Deputies performed a nationwide search in Flock, the broadest search possible within the system, to try to locate her as quickly as they could,” Langley wrote. “Luckily, she was found safe and healthy in Dallas a couple of days later. No charges were ever filed against the woman and she was never under criminal investigation by Johnson County. She was being searched for as a missing person, not as a suspect of a crime.”

King, the Johnson County Sheriff, previously told 404 Media Flock was not responsible for ultimately finding the woman.

Separately, King was arrested by his own deputies in August on charges of harassing multiple female members of his staff and threatening to arrest them after they reported the harassment. King allegedly made repeated comments about the women’s appearance. Last week, King was additionally charged with aggravated perjury after allegedly lying to a grand jury about what happened. As part of his bond agreement, he has been ordered by a court to not perform background checks on his alleged victims, is not allowed access to “Global Positioning System Data” from Johnson County, and is not allowed access to a video surveillance system owned by the county.

“This update is so disappointing,” a Flock source said when 404 Media told them about the new details of the case. 404 Media granted multiple current and former Flock employees anonymity because they were not permitted to speak to the press. “As much as Flock tries to be good stewards of the powerful tech we sell, this shows it really is up to users to serve their communities in good faith. Selling to law-enforcement is tricky because we assume they will use our tech to do good and then just have to hope we're right.”

The Flock source added “Even if Flock took a stance on permitted use-cases, a motivated user could simply lie about why they're performing a search. We can never 100% know how or why our tools are being used.” A second Flock source said they believe Flock should develop a better idea of what its clients are using the company’s technology for.

“Reproductive dragnets are not hypothetical concerns. These surveillance tactics open the door for overzealous, anti-abortion state actors to amass data to build cases against people for their abortion care and pregnancy outcomes,” Ashley Kurzweil, senior policy analyst in reproductive health and rights at the National Partnership for Women & Families, told 404 Media. “Law enforcement exploitation of mass surveillance infrastructure for reproductive health criminalization promises to be increasingly disruptive to the entire abortion access and pregnancy care landscape. The prevalence of these harmful data practices and risks of legal action drive real fear among abortion seekers and helpers—even intimidating people from getting the care they need,” she added.

“Given Flock's total failure to prevent abuses, law enforcement that have paid for this surveillance technology should immediately lock down their settings for which other agencies can access their data, and should seriously reconsider whether this technology should be installed in their communities in the first place,” Senator Ron Wyden told 404 Media in a statement. “And Republican officials need to stop harassing and harming women.”

Johnson County sheriff allowed to return to work after latest indictment

King was elected sheriff in 2016. He previously served as commander of the South Texas Officers and Prosecutors Human Trafficking Task Force.

^{Doug Myers (CBS Texas)}