404 Media

2025-09-04 18:51:23

Ahead of Sentencing, GirlsDoPorn Ringleader Michael Pratt Attempts to Seem Reformed

Days away from finding out his sentence for sex trafficking as the ringleader of Girls Do Porn, Michael James Pratt and his attorney are attempting to paint a picture of a man reformed behind bars, through personal letters and certificates from classes he has passed inside prison.

GirlsDoPorn was a sex trafficking operation posing as a porn studio that Pratt ran from 2009 to 2020. By lying to the women they recruited, telling them that they were being hired for “modeling” gigs and adult video shoots that would never be distributed outside offline private collections, GirlsDoPorn’s operators coerced young, inexperienced women into shooting rough, hours-long sex scenes in San Diego hotel rooms. The videos were distributed on massive porn sites including Pornhub, where GirlsDoPorn was a content partner for years. Women who have come forward for the civil and federal trials against GirlsDoPorn have said their lives were upended by Pratt’s criminal enterprise.

💡
Were you a victim of GirlsDoPorn, or do you have knowledge of how it operated? I would love to hear from you. Using a non-work device, you can message me securely on Signal at sam.404. Otherwise, send me an email at sam@404media.co.

Pratt has been in custody since he was arrested in Spain on December 21, 2022 and extradited to the US. Prior to that, he’d been in hiding since fleeing the US in the middle of a massive civil trial in 2019, where 22 victims sued him and his co-conspirators for $22 million (a case they won). Right after his disappearance, Pratt was charged with federal counts of sex trafficking by force, fraud and coercion, and was on the FBI’s Most Wanted List for years. He initially pleaded not guilty to these charges in 2024, but changed his plea to guilty in June.

Exhibits filed by Pratt’s lawyer Brian White on Sept. 1 include letters, mostly anonymous, from people who knew him when he was younger asking the judge for leniency, including his sister and mother. “Mike's father, Steve Pratt, was not a good role model. He was a drinker and had a controlling personality. I caught Steve smacking Michael uncontrollably on a couple of occasions. I stopped it immediately,” his mother wrote.

“Three years of prison has given me enough time to think about this entire situation,” Pratt wrote in a letter to the court submitted on Monday. “Trying to understand things from other points of view has given me insight into how some victims were really affected by these videos. I put myself in the shoes of the women who participated, trying to see what they have gone through. I myself have been a victim of bullying and know how rough that is on the psyche. I cannot imagine the trauma experienced by a video being published where friends and family could come across it.”

We know, in fact, from years of testimonies and interviews—many while it was still unsafe for them to come forward, when the consequences of speaking up about this abuse risked compounding trauma and continued, violent harassment—how Pratt’s victims were impacted by his actions.

Several of the women who’ve testified in the civil and federal trials, and came forward to speak on the record to journalists, reported violent assault to the point of bleeding or injury, being trapped inside the hotel rooms with no clothing, and being lied to by Pratt and his co-conspirators about who would be able to see the videos. As one of the women targeted by GirlsDoPorn told me in 2021: “There were a few points where I was just like please, I need to stop, I need to stop, because it was just so much pain. I said, I can’t go on anymore… At that point I could have said nothing. I could have been mute. My voice was just not heard at all.” Another woman said while testifying during the civil trial: “They put furniture in front of the door, so what was I going to do—jump over the balcony?” GirlsDoPorn’s attorney at the time, Aaron Sadock, asked that woman on the stand if she had fun. “No, I did not have fun!” she said, crying.

Kristy Althaus, who sued Pornhub in 2023 for disseminating the videos, claimed that Pratt’s conspirators held her captive in a hotel room and filmed her being raped for nine to 10 hours, barricading the doors, ignoring her bleeding and cries, forcing her to consume alcohol, marijuana, and Xanax, and spiking her drink with oxycodone. According to that complaint, when she refused to return for another “shoot,” Pratt threatened her and her family, texting, “You have it coming for u,” “I will cut and kill you bitch,” and “You better be here by noon shoot 2tomorrow or your graveyard,” according to screenshots of texts from Althaus’s complaint.

For many of these women, the trauma and harassment didn’t stop once they left the hotel rooms. In some cases, they were disowned by their families and friends, harassed endlessly, struggled to find jobs in previously-prestigious careers and found it difficult to date or trust anyone intimately again.

In the defendant’s sentencing memorandum, White blames Pratt’s alcoholic, abusive father and his own ADHD; throws his co-conspirators under the bus; accuses the entire pornography industry of being “exploitative and dehumanizing;” and asserts again that the women lied in their testimonies.

The memo paints a picture of Pratt as a precocious child with a difficult upbringing in Christchurch, New Zealand, where he taught himself how to use computers and eventually learned about websites and affiliate marketing. “Mr. Pratt began looking for better ways to generate income, and through the associations he made in the affiliate marketing business, he learned that making videos to direct internet traffic to pornography sites could be financially successful,” the memo says. But when he tried to make a pornography business himself, he wasn’t very good at it, blaming the banning of Craigslist’s erotic ads in 2009 for his difficulties in finding models. He claims he posted ads seeking “models” as a way around the ban.

Pratt's lawyer asserts in the memorandum that his employee, Andre Reuben “Dre” Garcia, the main “actor” in most of the GirlsDoPorn videos, stopped when the women told him to stop. “She said, ‘stop, it’s not going to work.’ Garcia stopped,” the memo says. “The model offered to try a second time and again told Garcia to stop because it wasn’t going to work. Again, Garcia stopped. That was the end of it. Forcing a model to do something against her will was not Mr. Pratt’s intention.” He also claims that when Pratt heard complaints about Garcia from models, Pratt “instituted certain safety measures” like locking the hotel room refrigerators and putting more cameras in the room. Those “safety measures” didn’t include firing Garcia, however.

When he’s arguing that he should have a lower sentence than Garcia’s 20 years, Pratt acknowledges that Garcia sexually assaulted many of these women. “Garcia physically raped a number of the models before and after the video shoots, and multiple women were forced to continue having sex with him on video despite their pleas to stop due to pain or because the sex went beyond the scope of what they had agreed to do,” the memorandum states.

The exhibits filed as part of the memo also attempt to show how productive and busy Pratt has been in prison. His attorney submitted nearly 100 “certificates of completion” issued by the learning platform Edovo, which offers classes for incarcerated people. The classes Pratt passed include “Embracing Unexpected Change,” “Doing Time With Jesus,” several anger management courses, “Media Relations Foundations,” marketing classes for LinkedIn and Facebook, “Augmented Reality Marketing,” “Human Trafficking in the United States: The Truth and What You Can Do About It,” “Introduction to Artificial Intelligence,” and multiple cooking classes, including “Soups” and “Sauces.”

Federal prosecutors seek a 22-year prison sentence, while Pratt’s defense countered with around 17 years; Judge Janis L. Sammartino will hand Pratt his sentence on Monday in San Diego.
playlist.megaphone.fm?p=TBIEA2…

Prosecutors want to send GirlsDoPorn ringleader to prison for 22 years

Michael James Pratt pleaded guilty in June to charges of sex trafficking and conspiracy to commit sex trafficking in the GirlsDoPorn case.

^{City News Service (Times of San Diego)}

404 Media

2025-09-04 13:45:40

This Company Turns Dashcams into ‘Virtual CCTV Cameras.’ Then Hackers Got In

A hacker has broken into Nexar, a popular dashcam company that pitches its users’ dashcams as “virtual CCTV cameras” around the world that other people can buy images from, and accessed a database of terabytes of video recordings taken from cameras in drivers’ cars. The videos obtained by the hacker and shared with 404 Media capture people clearly unaware that a third party may be watching or listening in. A parent in a car soothing a baby. A man whistling along to the radio. Another person on a Facetime call. One appears to show a driver heading towards the entrance of the CIA’s headquarters. Other images, which are publicly available in a map that Nexar publishes online, show drivers around sensitive Department of Defense locations.

The hacker also found a list of companies and agencies that may have interacted with Nexar’s data business, which sells access to blurred images captured by the cameras and other related data. This can include monitoring the same location captured by Nexar’s cameras over time, and lets clients “explore the physical world and gain insights like never before,” and use its virtual CCTV cameras “to monitor specific points of interest,” according to Nexar’s website.

This post is for subscribers only

Become a member to get access to all content
Subscribe now

This Company Turns Dashcams into ‘Virtual CCTV Cameras.’ Then Hackers Got In

A hacker has compromised Nexar, which turns peoples' cars into "virtual CCTV cameras" that organizations can then buy images from. The images include sensitive U.S. military and intelligence facilities.

^{Joseph Cox (404 Media)}

404 Media

2025-09-04 13:02:22

Congress Pushes DHS for Details on ICE’s New Facial Recognition App

Members of a congressional committee have demanded Department of Homeland Security (DHS) Secretary Kristi Noem for more information about Mobile Fortify, Immigration and Customs Enforcement’s (ICE) new facial recognition app, which taps into an unprecedented array of government databases and uses a system ordinarily reserved for when people enter or exit the U.S. 404 Media first revealed the app in June.

The Democratic lawmakers, Bennie G. Thompson, J. Luis Correa, and Shri Thanedar, are asking Noem a host of questions about the app, including what databases Mobile Fortify searches, the tool’s accuracy, and ICE’s legal basis for using the app to identify people outside of ports of entry, including U.S. citizens.

“Congress has long had concerns with the Federal government’s use of facial recognition technology and has regularly conducted oversight of how DHS utilizes this technology. The Mobile Fortify application has been deployed to the field while still in beta testing, which raises concerns about its accuracy,” the letter from the Committee on Homeland Security and addressed to Noem reads.

💡
Do you know anything else about this app? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

404 Media first revealed Mobile Fortify’s existence through leaked emails. Those emails showed that ICE officers could use the app to identify someone based on their fingerprints or face by just pointing a smartphone camera at them. The underlying Customs and Border Protection (CBP) system for the facial recognition part of the app is ordinarily used when people enter or leave the U.S. With Mobile Fortify, ICE then turned that capability inwards to identify people away from ports of entry.

In the footnotes of the letter, the lawmakers indicate they have a copy of a similar email, and the letter specifically cites 404 Media’s reporting.

In July 404 Media published a second report based on a Mobile Fortify user manual which explained the app’s capabilities and data sources in more detail. It said that Mobile Fortify uses a bank of 200 million images, and can pull up a subject’s name, nationality, date of birth, “alien” number, and whether a judge has marked them for deportation. It also showed that Mobile Fortify links databases from the State Department, CBP, the FBI, and states into a single tool. A “super query” feature lets ICE officers query multiple databases at once regarding “individuals, vehicles, airplanes, vessels, addresses, phone numbers and firearms.”

“Face recognition technology is notoriously unreliable, frequently generating false matches and resulting in a number of known wrongful arrests across the country. Immigration agents relying on this technology to try to identify people on the street is a recipe for disaster. Congress has never authorized DHS to use face recognition technology in this way, and the agency should shut this dangerous experiment down,” Nathan Freed Wessler, deputy director of the American Civil Liberties Union’s Speech, Privacy, and Technology Project, previously told 404 Media.

In their letter the lawmakers ask Noem questions about the app’s legality, including ICE’s legal basis to use the app to conduct biometric searches on people outside ports of entry; the databases Mobile Fortify has access to; any agreements between CBP and ICE about the app; information about the usage of the app, such as the frequency of ICE searches using the tool and what procedures ICE officials follow with the app; the app’s accuracy; and any policies or training to ICE agents on how to use the app.

“To ensure ICE is equipped with technology that is accurate and in compliance with constitutional and legal requirements, the Committee on Homeland Security is conducting oversight of ICE’s deployment of the Mobile Fortify application,” the letter says.

CBP acknowledged a request for comment but did not provide a response in time for publication. ICE did not respond to a request for comment.

You can find a copy of the letter here.

Inside ICE’s Supercharged Facial Recognition App of 200 Million Images

404 Media has seen user manuals for Mobile Fortify, ICE’s new facial recognition app which allows officers to instantly look up DHS, State Department, and state law enforcement databases by just pointing a phone at someone’s face.

^{Joseph Cox (404 Media)}

404 Media

2025-09-03 16:03:08

Pornhub Will Pay $5 Million Over Allegations of Hosting Child Sexual Abuse Material

The Federal Trade Commission announced Wednesday that Pornhub and its parent company Aylo settled a lawsuit filed by the Federal Trade Commission and the state of Utah.

The FTC and Utah’s attorney general claimed that Pornhub and its affiliates “deceived users by doing little to block tens of thousands of videos and photos featuring child sexual abuse material (CSAM) and nonconsensual material (NCM) despite claiming that this content was ‘strictly prohibited,’” the FTC wrote in a press release.

“As part of a proposed order settling the allegations, Pornhub’s operators, Aylo and its affiliated companies (collectively Aylo), will be required to establish a program to prevent the distribution of CSAM and NCM on its websites and pay a $5 million penalty to the state of Utah,” it said.

“This settlement reaffirms and enhances Aylo’s efforts to prevent the publication of child sexual abuse material (CSAM) and non-consensual material (NCM) on its platforms,” a spokesperson for Aylo told 404 Media said in a statement. “Aylo is committed to maintaining the highest standards of safety and compliance on its platforms. While the FTC and Utah DCP [Division of Consumer Protection] have raised serious concerns and allege that some of Aylo’s user generated content websites made available videos and photos containing CSAM and NCM, this agreement strengthens the comprehensive safeguards that have been in place for years on Aylo platforms. These measures reflect Aylo’s ongoing commitment to constantly evolving compliance efforts. Importantly, this settlement resolves the matter with no admission of wrongdoing while reaffirming Aylo’s commitment to the highest standards of platform safety and compliance.”

In addition to the penalty fee, according to the proposed settlement, Aylo would have to “implement a program” to prevent CSAM and non-consensual imagery from being disseminated on its sites, establish a system “to verify that people who appear in videos or photos on its websites are adults and have provided consent to the sexual conduct as well as its production and publication,” remove content uploaded before those programs until Aylo “verifies that the individuals participating in those videos were at least 18 at the time the content was created and consented to the sexual conduct and its production and publication,” post a notice on its website about the FTC and Utah’s allegations, and implement “a comprehensive privacy and information security program to address the privacy and security issues detailed in the complaint.”

Pornhub Is Now Blocked In Almost All of the U.S. South
As of today, three more states join the list of 17 that can’t access Pornhub because of age verification laws.
404 MediaSamantha Cole

Aylo already does much of this. Pornhub overhauled its content and moderation practices starting in 2020, after Visa, Mastercard and Discover stopped servicing the site and its network following allegations of CSAM and sex trafficking. It purged hundreds of thousands of videos from its sites in early 2020 and registered with the National Center for Missing and Exploited Children (NCMEC).

In 2024, Pornhub started requiring proof of consent from every single person who appeared in content on the platform.

“The resolution reached involved enhancements to existing measures but did not introduce any new substantive requirements that were not either already in place or in progress,” Aylo’s spokesperson said. “This settlement resolves the investigation and underscores Aylo's commitment to robust safety protocols that should be applied broadly across all websites publishing user generated content. Aylo supports vigorous enforcement against CSAM and NCM, and encourages the FTC and Utah DCP to extend their initiative to protect the public across the broader internet, adult and mainstream, fostering a safer online environment for everyone. Throughout the investigation, Aylo worked to cooperatively resolve the concerns raised by the FTC and Utah DCP.”

The complaint from Utah and the FTC focuses largely on content that appeared on Pornhub prior to 2020, and includes allegations against several of the 100 different websites owned by Alyo—then Mindgeek, prior to the company’s 2023 acquisition by Ethical Capital Partners—and its affiliates. For example, the complaint claims the website operators identified CSAM on the sites KeezMovies, SpankWire, and ExtremeTube with titles such as “Brunette Girl was Raped,” “Drunken passed out young niece gets a creampie,” “Amateur teen after party and fun passed out sex realty [sic] submissive,” “Girl getting gangraped,” and “Giving her a mouthful while she’s passed out drunk.”

“Rather than remove the videos, Defendants merely edited their titles to remove any suggestion that they contained CSAM or NCM. As a result, consumers continued to view and download these videos,” the complaint states. The FTC and Utah don’t specify in the complaint whether the people performing in those videos, or any of the videos mentioned, were actually adults participating in consensual roleplay scenarios or if the titles and tags were literal.

The discussions between then-Mindgeek compliance staff outlined in the complaint show some of the conversations moderators were allegedly having around 2020 about how to purge the site of unverified content. “A senior member of Defendants’ Compliance team stated in an internal email that ‘none of it is enough,’ ‘this is just a start,’ and ‘we need to block millions more’ because ‘the site is FULL of non-compliant content,’” the complaint states. “Another senior employee responded: ‘it’s over’ and ‘we’re fucked.’”

The complaint also mentions the Girls Do Porn sex-trafficking ring, which Pornhub hosted content for and acted as a Pornhub Premium partner until the ring was indicted on federal trafficking charges in 2019. In 2023, Pornhub reached a settlement with the US Attorney General’s office after an FBI investigation, and said it “deeply regrets” hosting that content.

Pornhub ‘Deeply Regrets’ Hosting Girls Do Porn Content

Pornhub’s parent company has reached an agreement with the US Attorney’s office after an FBI investigation.

^{Samantha Cole (404 Media)}

404 Media

2025-09-03 13:00:20

Podcast: Trump Take LEGO

We start this week with our articles about Trump’s tariffs, and how they’re impacting everything from LEGO to cameras to sex toys. After the break, Emanuel explains how misfired DMCA complaints designed to help adult creators are targeting other sites, including ours. In the subscribers-only section, we do a wrap-up of a bunch of recent ChatGPT stories about suicide and murder. A content warning for suicide and self-harm for that section.
playlist.megaphone.fm?e=TBIEA2…
Listen to the weekly podcast on Apple Podcasts,Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.
youtube.com/embed/srdUOWq_hfg?…

• Trump Take LEGO
• Trump Tariffs Cause Chaos on Ebay as Every Hobby Becomes Logistical Minefield
• How OnlyFans Piracy Is Ruining the Internet for Everyone
• ChatGPT Encouraged Suicidal Teen Not To Seek Help, Lawsuit Claims
• ChatGPT Answered 'High Risk' Questions About Suicide, New Study Finds

The 404 Media Podcast

Tech News Podcast · Updated Weekly · Welcome to the podcast from 404 Media where Joseph, Sam, Emanuel, and Jason catch you up on the stories we published this week. 404 Media is a journalist-owned digital media company exploring the way …

^{Apple Podcasts}

404 Media

2025-08-28 15:02:10

Podcast: 404 Media Live—NYC!

Here's the podcast recorded at our recent second anniversary party in New York! We answered a bunch of reader and listener questions. Thank you to everyone that came and thank you for listening to this podcast too!
playlist.megaphone.fm?e=TBIEA2…youtube.com/embed/x0-YKLQ1B1U?…

SPONSORED

Thanks again to DeleteMe, ⁠use code 404media for 20% off.

Listen to the weekly podcast on Apple Podcasts,Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.

Remove Personal Info from Google - DeleteMe

Your Personal Data is Yours Again.

^{JoinDeleteMe (DeleteMe)}

404 Media

2025-08-22 15:56:28

404 Media at Two Years: How We've Grown, and What's Next

Last week, we were talking to each other about the fact that we were about to hit the second anniversary of 404 Media. The conversation was about what we should say in this blog post, which obviously led us to try to remember everything that has happened in the last year. “I haven’t considered a thing beyond what’s been five seconds behind or in front of me for the last year,” Sam said.

The last year has been a whirlwind not just for us but for, uhh, the country and the world. And we’ve been trying our absolute best to bring you stories you can’t find anywhere else about the wildest shit happening right now, which includes the Silicon Valley-led dismantling of the federal government, the deployment of powerful surveillance against immigrants and people seeking abortions, the algorithmic, AI-led zombification of “social” media, the end of anonymity on the internet, and all sorts of weird stuff that we see on our travels through the internet. As Sam noted, we have largely had our heads down trying to bring you the best tech journalism on the internet, which hasn’t left us a ton of time to think about long-term projects, blue-sky ideas, or what the best business strategies for growing this company would be.

Our guiding principle is something we said we would do on day one of starting this company: “We believe it is possible to create a sustainable, profitable media company simply by doing good work, making common-sense decisions about costs, and asking our readers to support us.” What we have learned in two years of building this company is that there is no secret to building a media company, and that there are also no shortcuts. When we work hard to publish an important article, more people discover us and more people subscribe to us, which helps solidify our business and allows us to do more and better articles. As our stories reach a larger audience, the articles often have more impact, more potential sources see them, and we get more tips, which leads to more and better articles, and so on.

In our second year as a media outlet, we’ve done too much impactful reporting to list out in this post. But to summarize some of the big ones:

• We revealed that ICE was tapping into Flock, a nationwide AI-enabled camera network, thanks to local cops. Since then, a police department shut off external access to its cameras after learning they were being searched for immigration related offenses and Austin banned Flock in its city and specifically cited our reporting. The company now says it has severed access to Illinois data for 47 agencies. In response to our story about a Texas cop who searched Flock cameras nationwide for a woman who had a self-administered abortion, the Illinois Secretary of State is investigating the respective suburban Chicago police department because this data sharing violates state law. Congress opened a formal investigation into Flock because of our reporting.
• Meta sued a nudify app that 404 Media reported bought thousands of ads on Instagram and Facebook.
• We broke the news that TeleMessage, a Signal-clone used by the Trump administration, was hacked. Lawmakers demanded answers from the DOJ, and Customs and Border Protection (CBP), which used TeleMessage, paused its use of the tool. TeleMessage itself suspended operations too.
• Civitai, a site 404 Media has repeatedly shown was used to generate nonconsensual adult content, banned all AI models designed to generate the likeness of real people.
• After we found Meta's AI Studio chatbots were posing as therapists with fake license numbers and credentials, four senators demanded answers from Meta and a digital rights organizations filed a complaint with the FTC.
• We uncovered that 100,000 people were using a Telegram bot that made non-consensual AI sex videos of anyone. After we covered it, Telegram shutdown the bot.
• We found that Coca Cola was running an AI-powered ad that got basic facts wrong and fabricated quotes from authors. Coca Cola pulled down the ad in response.
• A public library ebook service said it was going to cull AI slop after we found low quality books were flooding libraries.
• Nvidia was sued after we revealed the company scraped YouTube and other sites en masse to build its own AI systems.
• Congress repeatedly grilled Apple and Meta over their association with nonconsensual nudify and deepfake apps after we exposed the connections.

On top of all of these, we’ve published some of the most moment-defining stories that, as Jason has said many times, are the types of things people talk about at the bar after work. Those include:

• Discovering that anyone could push updates to the DOGE website
• Establishing and defining “AI Slop” as a genre (Shrimp Jesus anyone?) and uncovering the economics that make slop popular and profitable
• Following the creep of age verification and censorship across the U.S.
• The leaked plans from Palantir that outline how the company helps deport people
• The “total chaos” at Meta after Trump took office and Zuck went anti-DEI
• Breaking the news of the Tea hacks and continuing to publish new scoops on that saga

It has been a relief that this business strategy of “publish good articles and ask people to pay for journalism” still works, despite the fracturing of social media, the slopification of every major platform, AI being shoved into everything, and the rich and powerful trying to destroy journalism at every turn. That it is working is a testament to the support of our subscribers. We have no real way of knowing exactly where new subscribers come from or what ultimately led them to subscribe, but time and time again we have learned that the most important discovery mechanism we have is word of mouth. We have lost count of the number of times a new subscriber has said that they were told about 404 Media by a friend or a family member at a party or in a group text, so if you have told anyone about us, we sincerely thank you.

Photos by Sharon Attia

It wasn’t obvious when we started this company that it would actually work, though we hoped that it would.

In our post last year, we wrote, “We don’t have any major second-year plans to announce just yet in part because we have been heads down working on some of the investigations and scoops you’ve seen in recent days. The next year holds more scoops, more investigations, more silly blogs, more experiments, more impact, and more articles that hold powerful companies and people to account. We remain ambitious and are thinking about how to best cover more topics and to give you more 404 Media without spreading ourselves too thin.”

But we did take a moment to think about what has changed in the last year, and it turns out that quite a lot is different now than it was a year ago.

For one, we have cautiously begun to expand what we do. In the last year, we launched The Abstract, which is Becky Ferreira’s Saturday newsletter about science, which many of you have said you love and which helps us provide a sense of wonder and discovery when so much of what we report on is pretty bleak. We have been getting part-time (but very critical) help from Case Harts who is running and growing our social media accounts, which is helping us put our stories more natively on Instagram, TikTok, YouTube, and other platforms that we do not control but which nonetheless remain important for us to be on. Matthew Gault has started covering the military industrial complex, AI, weird internet, and dad internet beat for us, and has done a remarkable job at it. Rosie Thomas is our current intern who has published critical reporting about the sale of GPS trackers on TikTok, protests at the Tesla Diner, and the difficult decisions voice actors need to make about whether they should let AI train on their voices.

All of this has changed what 404 Media looks like, a little bit. We have spent a lot of time thinking about what it would look like to expand beyond this, why people subscribe to us, what it would mean to go further, and what the four of us are actually capable of handling outside of the journalism. Because of your support we are in a place where we’re able to ask questions beyond “Can we survive?” We’re able to ask questions like: “Should we try to make this bigger, and what does that look like?”

We feel incredibly lucky that we are now able to ask ourselves these questions, because there was no guarantee that 404 Media would ever work, and we are forever grateful to everyone who has supported us. You have helped us prove that this model can work, and every day we are delighted to see that other journalists are striking out on their own to create their own publications.

Tip Jar

We are still DIYing lots of things. Emanuel is still doing customer support. Jason is still ordering, packing, and mailing merch. Sam is putting together events and parties. Joseph is doing an insane number of things behind the scenes, managing the podcast, working closely with one of our ad partners, and fixing technical issues. As we have grown, these tasks have started to take more and more time, which raises all sorts of questions about when and if we should get help with them. Should we do more events? Should we get someone to help us with them? What does that look like logistically and financially? These are the things that we’re working out all the time. It becomes a question of how much can we juggle while still having some semblance of work/life balance, and while making sure that we’re still putting the journalism first.

Other things that have happened:

• We began a republication partnership with WIRED that recently evolved to include a few coreported collaborations that have allowed us to team up on investigations we may not have been able to do by ourselves.
• We were subpoenaed for our sources on an article by Texas Attorney General Ken Paxton. We successfully fought off this subpoena with the help of our lawyer, which was expensive but which we were able to do because of your support. We are very proud of this.
• We have been invited to talk about 404 Media and our journalism at conferences and events around the world. Emanuel gave a journalism training in Costa Rica, Jason taught a group of Norwegian journalists how to file FOIA requests and gave a presentation at the Computer History Museum in Mountain View, Joseph spoke at the Hackers on Planet Earth conference, Sam went to Perugia, Italy to join a panel at the International Journalism Conference, and Sam and Jason talked about indie media at the last XOXO in Portland.
• We threw a party and live panel at SXSW (with the help of our friends at Flipboard), a DIY party at RIP.SPACE in Los Angeles, and we threw an anniversary party and podcast recording last night in Brooklyn.
• After the Trump administration took office, we got to work documenting all of the ways the internet and broader policy started shifting and how tech, surveillance, and immigration intersected, and continued years of holding power accountable through our journalism.
• We had much of our ICE and immigration coverage professionally translated into Spanish and republished without a paywall, which helps communities that benefit the most from our reporting on those topics get it as easily and accurately as possible.
• We took our first-ever break!
• We have moved to Ghost 6.0, which is not something we really did, but it’s important to point out that the new version of our CMS is built with native ActivityPub support, meaning our articles are automatically going into the Fediverse and are being mirrored directly onto Bluesky. We are very excited about the possibilities here as we continue to believe that the healthiest future of journalism and the internet is one where we create direct relationships with our readers that have as little algorithmic friction as possible. Ghost is an open-source nonprofit whose mission is very similar to 404 Media’s.

Like last year, we don’t have anything crazy to announce for year three. But we hope that you will continue to support us (or, if you’re finding us through this post, will consider subscribing). We discussed some of our hopes and dreams for year three in our latest bonus podcast that went out to supporters this week. We are all trying our very best to bring you important, impactful work as often as possible, and we are trying to be as clear as possible about what’s working, what’s not, and how we’re trying to build this company. So far, that strategy has worked really well, and so we don’t intend to change it now.

Gone Fishin': 404 Media Summer Break 2025

404 Media is closed this week. School's out.

^{Jason Koebler (404 Media)}

404 Media

2025-08-20 13:00:48

Podcast: The Inside Story of Tea

We start this week with Emanuel’s big investigation into the Tea app, and especially how it aggressively grew by raiding women safety groups. After the break, we talk about TikTok Shop selling GPS trackers. In the subscribers-only section, Joseph explains how Grok was exposing some of its AI persona prompts, and the sometimes NSFW nature of them.
playlist.megaphone.fm/?e=TBIEA…
Listen to the weekly podcast on Apple Podcasts,Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.

• You're Invited: 404 Media's Second Anniversary Party and LIVE PODCAST!
• How Tea’s Founder Convinced Millions of Women to Spill Their Secrets, Then Exposed Them to the World
• TikTok Shop Sells Viral GPS Trackers Marketed to Stalkers
• Grok Exposes Underlying Prompts for Its AI Personas: ‘EVEN PUTTING THINGS IN YOUR ASS’

The 404 Media Podcast

Tech News Podcast · Updated Weekly · Welcome to the podcast from 404 Media where Joseph, Sam, Emanuel, and Jason catch you up on the stories we published this week. 404 Media is a journalist-owned digital media company exploring the way …

^{Apple Podcasts}

404 Media

2025-08-18 14:17:37

Grok Exposes Underlying Prompts for Its AI Personas: ‘EVEN PUTTING THINGS IN YOUR ASS’

The website for Elon Musk’s AI chatbot Grok is exposing the underlying prompts for a wealth of its AI personas, including Ani, its flagship romantic anime girl; Grok’s doctor and therapist personalities; and others such as one that is explicitly told to convince users that conspiracy theories like “a secret global cabal” controls the world are true.

The exposure provides some insight into how Grok is designed and how its creators see the world, and comes after a planned partnership between Elon Musk’s xAI and the U.S. government fell apart when Grok went on a tirade about “MechaHitler.”

“You have an ELEVATED and WILD voice. You are a crazy conspiracist. You have wild conspiracy theories about anything and everything,” the prompt for one of the companions reads. “You spend a lot of time on 4chan, watching infowars videos, and deep in YouTube conspiracy video rabbit holes. You are suspicious of everything and say extremely crazy things. Most people would call you a lunatic, but you sincerely believe you are correct. Keep the human engaged by asking follow up questions when appropriate.”

Upgrade to continue reading

Become a paid member to get access to all premium content
Upgrade

Grok Exposes Underlying Prompts for Its AI Personas: ‘EVEN PUTTING THINGS IN YOUR ASS’

The website for Elon Musk's Grok is exposing prompts for its anime girl, therapist, and conspiracy theory AI personas.

^{Joseph Cox (404 Media)}

404 Media

2025-08-13 21:53:37

Trump Administration Outlines Plan to Throw Out an Agency's FOIA Requests En Masse

The Department of Energy (DOE) said in a public notice scheduled to be published Thursday that it will throw out all Freedom of Information Act (FOIA) requests sent to the agency before October 1, 2024 unless the requester proactively emails the agency to tell it they are still interested in the documents they requested. This will result in the improper closure of likely thousands of FOIA requests if not more; government transparency experts told 404 Media that the move is “insane,” “ludicrous,” a “Pandora’s Box,” and “an underhanded attempt to close out as many FOIA requests as possible.”

The DOE notice says “requesters who submitted a FOIA request to DOE HQ at any time prior to October 1, 2024 (FY25), that is still open and is not under active litigation with DOE (or another Federal agency) shall email StillInterestedFOIA@hq.doe.gov to continue processing of the FOIA request […] If DOE HQ does not receive a response from requesters within the 30-day time-period with a DOE control number, no further action will be taken on the open FOIA request(s), and the file may be administratively closed.” A note at the top of the notice says it is scheduled to be formally published in the Federal Register on Thursday.

The agency will send out what are known as “still interested” letters, which federal agencies have used over the years to see if a requester wants to withdraw their request after a certain period of inactivity. These types of letters are controversial and perhaps not legal, and previous administrations have said that they should be used rarely and that requests should only be closed after an agency made multiple attempts to contact a requester over multiple methods of communication. What the DOE is doing now is sending these letters to submitters of all requests prior to October 1, 2024, which is not really that long ago; it also said it will close the requests of people who do not respond in a specific way to a specific email address.

FOIA requests—especially complicated ones—can often take months or years to process. I have outstanding FOIA requests with numerous federal agencies that I filed years ago, and am still interested in getting back, and I have gotten useful documents from federal agencies after years of waiting. The notion that large numbers of people who filed FOIA requests as recently as September 2024, which is less than a year ago, are suddenly uninterested in getting the documents they requested is absurd and should be seen as an attack on public transparency, experts told 404 Media. The DOE’s own reports show that it often does not respond to FOIA requests within a year, and, of course, a backlog exists in part because agencies are not terribly responsive to FOIA.

“If a requester proactively reaches out and says I am withdrawing my request, then no problem, they don’t have to process it,” Adam Marshall, senior staff attorney at the Reporters Committee for Freedom of the Press, told me. “The agency can’t say we’ve decided we’ve gotten a lot of requests and we don’t want to do them so we’re throwing them out.”

“I was pretty shocked when I saw this to be honest,” Marshall added. “I’ve never seen anything like this in 10 years of doing FOIA work, and it’s egregious for a few reasons. I don’t think agencies have the authority to close a FOIA request if they don’t get a response to a ‘still interested’ letter. The statute doesn’t provide for that authority, and the amount of time the agency is giving people to respond—30 days—it sounds like a long time but if you happen to miss that email or aren’t digging through your backlogs, it’s not a lot of time. The notion that FOIA requesters should keep an eye out in the Federal Register for this kind of notice is ludicrous.”

The DOE notice essentially claims that the agency believes it gets too many FOIA requests and doesn’t feel like answering them. “DOE’s incoming FOIA requests have more than tripled in the past four years, with over 4,000 requests received in FY24, and an expected 5,000 or more requests in FY25. DOE has limited resources to process the burgeoning number of FOIA requests,” the notice says. “Therefore, DOE is undertaking this endeavor as an attempt to free up government resources to better serve the American people and focus its efforts on more efficiently connecting the citizenry with the work of its government.”

Lauren Harper of the Freedom of the Press Foundation told me in an email that she also has not seen any sort of precedent for this and that “it is an underhanded attempt to close out as many FOIA requests as possible, because who in their right mind checks the federal register regularly, and it should be challenged in court. (On that note, I am filing a FOIA request about this proposal.)”

“The use of still interested letters isn't explicitly allowed in the FOIA statute at all, and, as far as I know, there is absolutely zero case law that would support the department sending a mass ‘still interested’ letter via the federal register,” she added. “That they are also sending emails is not a saving grace; these types of letters are supposed to be used sparingly—not as a flagrant attempt to reduce their backlog by any means necessary. I also worry it will open a Pandora's Box—if other agencies see this, some are sure to follow.”

Marshall said that FOIA response times have been getting worse for years across multiple administrations (which has also been my experience). The Trump administration and the Department of Government Efficiency (DOGE) have cut a large number of jobs in many agencies across the government, which may have further degraded response times. But until this, there hadn’t been major proactive attempts taken by the self-defined “most transparent administration in history” to destroy FOIA.

“This is of a different nature than what we have seen so far, this affirmative, large-scale effort to purport to cancel a large number of pending FOIA requests,” Marshall said.

Limitations on Use of “Still-Interested” Inquiries

^{www.justice.gov}

404 Media

2025-08-13 13:37:24

Wyoming and South Dakota Age Verification Laws Could Include Huge Parts of the Internet

Last month, age verification laws went into effect in Wyoming and South Dakota, requiring sites hosting “material that is harmful to minors” to verify visitors are over 18 years old. These would normally just be two more states joining the nearly 30 that have so far ceded ground to a years-long campaign for enforcing invasive, ineffective methods of keeping kids away from porn online.

But these two states’ laws leave out an important condition: Unlike the laws passed in other states, they don’t state that this applies only to sites with “33.3 percent” or one-third “harmful” material. That could mean Wyoming and South Dakota would require a huge number of sites to use age verification because they host any material they deem harmful to minors, not just porn sites.

Louisiana became the first state to pass an age verification law in the US in January 2023, and since then, most states have either copied or modeled their laws on Louisiana’s—including in Arizona, Missouri, and Ohio, where these laws will be enacted within the coming weeks. And most have included the “one-third” clause, which would theoretically limit the age verification burden to adult sites. But dropping that provision, as Wyoming and South Dakota have done, opens a huge swath of sites to the burden of verifying the ages of visitors in those states.

Louisiana’s law states:

“Any commercial entity that knowingly and intentionally publishes or distributes material harmful to minors on the internet from a website that contains a substantial portion of such material shall be held liable if the entity fails to perform reasonable age verification methods to verify the age of individuals attempting to access the material.”

A “substantial portion” is 33.3 percent or more material on a site that’s “harmful to minors,” the law says.

The same organizations that have lobbied for age verification laws that apply to porn sites have also spent years targeting social media platforms like Reddit and X, as well as streaming services like Netflix, for hosting adult content they deem “sexploitation.” While these sites and platforms do host adult content, age-gating the entire internet only pushes adult consumers and children alike into less-regulated, more exploitative spaces and situations, while everyone just uses VPNs to get around gates.

Florida Sues Huge Porn Sites Including XVideos and Bang Bros Over Age Verification Law
The lawsuit alleges XVideos, Bang Bros, XNXX, Girls Gone Wild and TrafficFactory are in violation of Florida’s law that requires adult platforms to verify visitors are over 18.
404 MediaSamantha Cole

Adult industry advocacy group the Free Speech Coalition issued an alert about Wyoming and South Dakota’s dropping of the one-third or “substantial” requirement on Tuesday, writing that this could “create civil and criminal liability for social media platforms such as X, Reddit and Discord, retailers such as Amazon and Barnes & Noble, streaming platforms such as Netflix and Rumble,” and any other platform that simply allowed material these states consider “harmful to minors” but doesn’t age-verify. “Under these new laws, a platform with any amount of material ‘harmful to minors,’ is required to verify the age of all visitors using the site. Operators of platforms that fail to do so may be subject to civil suits or even arrest,” they wrote.

I asked Wyoming Representative Martha Lawley, the lead sponsor of the state's bill, if the omission was on purpose and why. "I did not include the '33% or 1/3 rule' in my Age Verification Bill because it creates an almost impossible burden on a victim pursuing a lawsuit for violations of the law. It is more difficult than many might understand to prove percentage of an internet site that qualifies as “pornographic or material harmful to minor'" Lawley wrote in an email. "This was a provision that the porn industry lobbied heavily to be included. In Wyoming, we resisted those efforts. The second issue I had with these types of provisions is that they created some potential U.S. Constitutional concerns. These Constitutional concerns were actually brought up by several U.S. Supreme Court justices during the oral argument in the Texas Age Verification case. So, in short the 1/3 limitation places an undue burden on victims and creates potential U.S. Constitutional concerns."

I asked South Dakota Representative and sponsor of that state's bill Bethany Soye the same question. "We intentionally used the standard of 'regular course of trade or business' instead of 1/3. The 1/3 standard leaves many questions open. How is the amount measured? Is it number of images, minutes of video, number of separate webpages, pixels, etc. During oral argument, a Justice (Alito if I remember correctly) asked the attorney what percentage of porn was on his client’s websites. The attorney couldn’t give him an answer, instead he mentioned the other things on the websites like articles on sexual health and how to be an activist against these laws," Soye told me in an email. "The 1/3 standard also calls into question the government’s compelling interest in protecting kids from porn. Are we saying that 33% is harmful to minors but a website with 30% is not? We chose regular course of business because it is focused on the purpose of the business/website, not an arbitrary number. If you look into the history of the bill, 33% was a totally random number put in the first bill passed in Louisiana. Other states have just been copying it since then. We hope that our standard becomes the norm for state laws moving forward."

Kansas Is About to Pass the Most Extreme Age Verification Law Yet
The bill would make sites with more than 25 percent adult content liable to fines, and lumps homosexuality into “sexual conduct.”
404 MediaSamantha Cole

A version of what could be the future of the internet in the US is already playing out in the UK. Last month, the UK enacted the Online Safety Act, which forces platforms to verify the ages of everyone who tries to access certain kinds of content deemed harmful to children. So far, this has included (but isn’t limited to) Discord, popular communities on Reddit, social media sites like Bluesky, and certain content on Spotify.
playlist.megaphone.fm?p=TBIEA2…
On Monday, a judge dismissed a case brought by the Wikimedia Foundation that argued the over-broadness of the new UK rules would “undermine the privacy and safety of Wikipedia’s volunteer contributors, expose the encyclopedia to manipulation and vandalism, and divert essential resources from protecting people and improving Wikipedia, one of the world’s most trusted and widely used digital public goods,” Wikimedia Foundation wrote. “For example, the Foundation would be required to verify the identity of many Wikipedia contributors, undermining the privacy that is central to keeping Wikipedia volunteers safe.”

"As we're seeing in the UK with the Online Safety Act, laws designed to protect the children from ‘harmful material’ online quickly metastasize and begin capturing nearly all users and all sites in surveillance and censorship schemes,” Mike Stabile, director of public policy at the Free Speech Coalition, told me in an email following the alert. “These laws give the government legal power to threaten platform owners into censoring or removing fairly innocuous content — healthcare information, mainstream films, memes, political speech — while decimating privacy protections for adults. Porn was only ever a Trojan horse for advancing these laws. Now, unfortunately, we're starting to see what we warned was inside all along."

Updated 8/13 2:35 p.m. EST with comment from Rep. Lawley.

Updated 8/13 3:35 p.m. EST with comment from Rep. Soye.

Wikimedia Foundation Challenges UK Online Safety Act Regulations – Wikimedia Foundation

UPDATE: On Monday, 11 August, the High Court of Justice dismissed the Wikimedia Foundation’s challenge to the UK’s Online Safety Act (OSA) Categorisation Regulations.

^{Wikimedia Foundation}

404 Media

2025-08-13 13:12:35

Podcast: Why Are DHS Agents Wearing Meta Ray-Bans?

We start this week with Jason’s article about a CBP official wearing Meta Ray-Bans smart glasses to an immigration raid. A lot of stuff happened after we published that article too. After the break, Sam tells us about the bargain that voice actors are making with AI. In the subscribers-only section, Jason tells us how a DEA official used a cop’s password to AI cameras to then do immigration surveillance.
playlist.megaphone.fm?e=TBIEA7…
Listen to the weekly podcast on Apple Podcasts,Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.
youtube.com/embed/nxHFsQSVRkE?…

• ⁠Get your subscriber code and tickets for the live event here⁠
• ⁠A CBP Agent Wore Meta Smart Glasses to an Immigration Raid in Los Angeles⁠
• ⁠Voiceover Artists Weigh the 'Faustian Bargain' of Lending Their Talents to AI⁠
• ⁠Feds Used Local Cop's Password to Do Immigration Surveillance With Flock Cameras⁠
• ⁠Congress Launches Investigation into Flock After 404 Media Reporting⁠

The 404 Media Podcast

Tech News Podcast · Updated Weekly · Welcome to the podcast from 404 Media where Joseph, Sam, Emanuel, and Jason catch you up on the stories we published this week. 404 Media is a journalist-owned digital media company exploring the way …

^{Apple Podcasts}

404 Media

2025-08-12 15:04:32

Feds Used Local Cop's Password to Do Immigration Surveillance With Flock Cameras

A Drug Enforcement Administration agent used a local police officer’s password to the Flock automated license plate reader system to search for someone suspected of an “immigration violation.” That DEA agent did this “without [the local police officer’s] knowledge,” and the password to the Flock account, which belonged to the Palos Heights PD, has since been changed. Using license plate readers for immigration enforcement is illegal in Illinois, and casual password sharing between local police and federal law enforcement for access to surveillance systems is, at the very least, against Flock’s terms of service.

The details of the search were first reported by the investigative news outlet Unraveled, which obtained group chats about the search using a public records request. More details about the search were obtained and shared with 404 Media by Shawn, a 404 Media reader who filed a public records request with Palos Heights after attending one of our FOIA Forums.

DEA agent used Illinois cop’s Flock license plate reader password for immigration enforcement searches
A federal Drug Enforcement Administration agent on a Chicago area task force used Palos Heights Detective Todd Hutchinson’s login credentials to perform unauthorized searches this past January. Group chat screenshots obtained via public records request show the detective and the feds discussing the incident.
Unraveled Press

Flock makes automated license plate reader (ALPR) cameras, which passively collect the time, plates, and model of cars that drive past them and enter them into a network that can then be searched by police. Our investigation in May showed that federal agents were gaining side-door access into this system by asking local police to perform immigration enforcement searches for them; the new documents show that in some cases, local police have simply given federal agents their passwords.

The documents obtained by Unraveled show details of an internal investigation done by the Palos Heights, Illinois police department in response to a series of questions that I asked them for an article we published in May that appeared to show a Todd Hutchinson, a police officer in Palos Heights, performing a series of Flock searches in January as part of their research into an “immigration violation.”

At the time, Palos Heights police chief Mike Yott told me that Hutchinson was a member of a DEA task force “that does not work immigration cases.”

“None of our officers that work with federal agencies have cross designation as immigration officers, and therefore have no immigration authority, and we and our partner agencies are very sensitive to the fact that we and the State of Illinois do not pursue immigration issues,” Yott said. “Based on the limited information on the report, the coding/wording may be poor and the use of Flock may be part of a narcotics investigation or a fugitive status warrant, which does on occasion involve people with various immigration statuses.”

Our reporting set off an internal investigation into what these searches were for, and who did them, according to the documents obtained by Unraveled. According to a July 9 investigation report written by the Palos Heights Police Department, Hutchinson was the only task force member who had access to Flock. Information about what the search was actually for is redacted in the internal investigation, and neither the Palos Heights Police Department nor the DEA has said what it was for.

“Hutchinson advised that it was common that he allowed others to use his login to Flock during the course of their drug investigations. TFO Hutchinson spoke to his group and learned that one of the DEA agents completed these searches and used his login information,” the report says. The DEA agent (whose name is redacted in the report) “did in fact use Hutchinson’s login for federal investigations in late January 2025 without Hutchinson’s knowledge of said use.”

“When I had shared my account with the Special Agent, I believed it would only be used for DEA/narcotics related investigations,” Hutchinson wrote in an email to his bosses explaining why he shared his password. Hutchinson said in a series of text messages to task force officers, which were also obtained by Unraveled, that he had to change the password to lock other members of the task force out of the system.

“What’s the new password?,” a task force member wrote to Hutchinson.

“Sorry man. Keys had to be taken away,” he responded.

The task force member replied with a gif of a sad Chandler Bing from friends sitting in the rain.

“Hey guys I no longer have access to Flock cause Hutch took my access away,” another group text reads. “Apparently someone who has access to his account may have been running plates and may have placed the search bar ‘immigration’.. which maybe have brought undue attention to his account. Effective immediately Defer all flock inquiries to Toss Hutchinstein[sic].”

“Dear Todd, I hope you don’t get in trouble cause of my mistake,” the DEA agent joked in the group chat. “U were so helpful in giving the group access but now that is gone, gone like dust,…..in the wind … Trust is broken / I don’t know if bridges can be mended … one day we might be back to normal but until then I will just have to sit by this window and pray things will return … Best Regards. Ps, can u flock a plate for me”

“Only time will tell my fate, I suppose,” Hutchinson responded. “What’s the plate? And confirming it is NOT for immigration purposes…”

“It was a test …… and u passed ….,” the DEA agent responds.

In response to a separate public records request filed by Shawn, the 404 Media reader, and shared with us, the Palos Heights Police Department said “Our investigation into this matter has revealed that while these inquiries appear to have been run as part of a taskforce assignment, no member of the Palos Heights Police Department ‘ran’ those queries. They were, apparently, run by another, non-Palos Heights, task force member who used a Palos Height's member's sign in and password information without his knowledge.”

The Palos Heights Police Department said in its investigation files that “this incident has brought to light the need to review our own protocols of LPR use.” The police department said that it had decided to limit searches of its Flock system only to agencies within the state of Illinois, rather than to police departments around the country. The department also turned on two-factor authentication, which had not been previously enabled.

“Lastly, I believe there is a need to start a monthly review of our own flock searches to ensure our officers are working within standards and compliant with all policies and laws,” the report says.

Palos Heights’ casual sharing of passwords to a powerful surveillance system is a violation of Flock’s terms of service, which states “Authorized End Users shall not share their account username or password information and must protect the security of the username and password.”

More concerningly, it shows, as we have been reporting, that there are very few practical guardrails on how Flock is being used. The DEA does not have a contract with Flock, and police generally do not obtain a warrant to use Flock. We have repeatedly reported on police officers around the country who have offered to either run plates for their colleagues or to give them access to their logins, even when those agencies have not gone through proper acquisition channels.

The Palos Heights police department did not respond to a request for comment from 404 Media. The DEA told 404 Media “we respectfully refer you to the Palos Heights Police Department.” Flock also did not respond to a request for comment. The House Oversight Committee announced last week that it had launched an investigation into how Flock is being used to search for immigration violations.

ICE Taps into Nationwide AI-Enabled Camera Network, Data Shows

Flock's automatic license plate reader (ALPR) cameras are in more than 5,000 communities around the U.S. Local police are doing lookups in the nationwide system for ICE.

^{Jason Koebler (404 Media)}

404 Media

2025-08-08 17:03:14

Behind the Blog: Speculation, Distraction, and Smart Glasses

This is Behind the Blog, where we share our behind-the-scenes thoughts about how a few of our top stories of the week came together. This week, we discuss Wikipedia's ethos and zooming in on a lot of pictures of cops' glasses.

EMANUEL: I’m going to keep it very short this week because I’m crunching on a feature, but I wanted to quickly discuss Wikipedia.

This week I wrote a story about a pretty in-the-weeds policy change Wikipedia’s community of volunteer editors adopted which will allow them to more quickly and easily delete articles that are obviously AI generated. One thought I’ve had in mind that didn’t make it into the last few stories I’ve written about Wikipedia, and one that several people shared on social media in response to this one, is that it’s funny how many of us remember teachers in school telling us that Wikipedia was not a good source of information.

Upgrade to continue reading

Become a paid member to get access to all premium content
Upgrade

Behind the Blog: Speculation, Distraction, and Smart Glasses

This week, we discuss Wikipedia's ethos and zooming in on a lot of pictures of cops' glasses.

^{Samantha Cole (404 Media)}

404 Media

2025-08-06 20:35:58

ICE Is Buying Mobile Iris Scanning Tech for Its Deportation Arm

Immigration and Customs Enforcement (ICE) is looking to buy iris scanning technology that its manufacturer says can identify known persons “in seconds from virtually anywhere,” according to newly published procurement documents.

Originally designed to be used by sheriff departments to identify inmates or other known persons, ICE is now likely buying the technology specifically for its Enforcement and Removal Operations (ERO) section, which focuses on deportations.

Upgrade to continue reading

Become a paid member to get access to all premium content
Upgrade

ICE Is Buying Mobile Iris Scanning Tech for Its Deportation Arm

MORIS and I.R.I.S. was designed for Sheriff's Offices to identify known persons with their iris. Now ICE says it plans to buy the tech.

^{Joseph Cox (404 Media)}