404 Media

2025-09-30 21:46:34

ICE to Buy Tool that Tracks Locations of Hundreds of Millions of Phones Every Day

Immigration and Customs Enforcement (ICE) has bought access to a surveillance tool that is updated every day with billions of pieces of location data from hundreds of millions of mobile phones, according to ICE documents reviewed by 404 Media.

The documents explicitly show that ICE is choosing this product over others offered by the contractor’s competitors because it gives ICE essentially an “all-in-one” tool for searching both masses of location data and information taken from social media. The documents also show that ICE is planning to once again use location data remotely harvested from peoples’ smartphones after previously saying it had stopped the practice.

Surveillance contractors around the world create massive datasets of phones’, and by extension people’s movements, and then sell access to the data to government agencies. In turn, U.S. agencies have used these tools without a warrant or court order.

“The Biden Administration shut down DHS’s location data purchases after an inspector general found that DHS had broken the law. Every American should be concerned that Trump's hand-picked security force is once again buying and using location data without a warrant,” Senator Ron Wyden told 404 Media in a statement.

💡
Do you know anything else about this contract or others? Do you work at Penlink or ICE? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

The ICE document is redacted but says a product made by a contractor called Penlink “leverages a proprietary data platform to compile, process, and validate billions of daily location signals from hundreds of millions of mobile devices, providing both forensic and predictive analytics.” The products the document is discussing are Tangles and Webloc.

Forbes previously reported that ICE spent more than $5 million on these products, including $2 million for Tangles specifically. Tangles and Webloc used to be run by an Israeli company called Cobwebs. Cobwebs joined Penlink in July 2023.

The new documents provide much more detail about the sort of location data ICE will now have access to, and why ICE chose to buy access to this vast dataset from Penlink specifically.

“Without an all-in-one tool that provides comprehensive web investigations capabilities and automated analysis of location-based data within specified geographic areas, intelligence teams face significant operational challenges,” the document reads. The agency said that the issue with other companies was that they required analysts to “manually collect and correlate data from fragmented sources,” which increased the chance of missing “connections between online behaviors and physical movements.”
A screenshot from the document.
ICE’s Homeland Security Investigations (HSI) conducted market research in May and June, according to the document. The document lists two other companies, Babel Street and Venntel, which also sell location data but which the agency decided not to partner with.

404 Media and a group of other media outlets previously obtained detailed demonstration videos of Babel Street in action. They showed it was possible for users to track phones visiting and leaving abortion clinics, places of worship, and other sensitive locations. Venntel, meanwhile, was for some years a popular choice among U.S. government agencies looking to monitor the location of mobile phones. Its clients have included ICE, CBP, and the FBI. Its contracts with U.S. law enforcement have dried up in more recent years, with ICE closing out its work with the company in August, according to procurement records reviewed by 404 Media.

Companies that obtain mobile phone location data generally do it in two different ways. The first is through software development kits (SDKs) embedded in ordinary smartphone apps, like games or weather forecasters. These SDKs continuously gather a user’s granular location, transfer that to the data broker, and then sell that data onward or repackage it and sell access to government agencies.

The second is through real-time bidding (RTB). When an advert is about to be served to a mobile phone user, there is a near instantaneous, and invisible, bidding process in which different companies vie to have their advert placed in front of certain demographics. A side-effect is that this demographic data, including mobile phones’ location, can be harvested by surveillance firms. Sometimes spy companies buy ad tech companies out right to insert themselves into this data supply chain. We previously found at least thousands of apps were hijacked to provide location data in this way.

Penlink did not respond to a request for comment on how it gathers or sources its location data.
playlist.megaphone.fm?p=TBIEA2…
Regardless, the documents say that “HSI INTEL requires Penlink's Tangles and Weblocas [sic] an integral part of their investigations mission.” Although HSI has historically been focused on criminal investigations, 90 percent of HSI have been diverted to carry out immigration enforcement, according to data published by the Cato Institute. Meaning it is unclear whether use of the data will be limited to criminal investigations or not.

After this article was published, DHS Assistant Secretary Tricia McLaughlin told 404 Media in a statement “DHS is not going to confirm or deny law enforcement capabilities or methods. The fact of the matter is the media is more concerned with peddling narratives to demonize ICE agents who are keeping Americans safe than they are with reporting on the criminals who have victimized our communities.” This is a boilerplate statement that DHS has repeatedly provided 404 Media when asked about public documents detailing the agency’s surveillance capabilities, and which inaccurately attacks the media.

In 2020, The Wall Street Journal first revealed that ICE and CBP were using commercially smartphone location data to investigate various crimes and for border enforcement. I then found CBP had a $400,000 contract with a location data broker and that the data it bought access to was “global.” I also found a Muslim prayer app was selling location data to a data broker whose clients included U.S. military contractors.

In October 2023, the Department of Homeland Security (DHS) Inspector General published a report that found ICE, CBP, and the Secret Service all broke the law when using location data harvested from phones. The oversight body found that those DHS components did not have sufficient policies and procedures in place to ensure that the location data was used appropriately. In one case, a CBP official used the technology to track the location of coworkers, the report said.

The report recommended that CBP stop its use of such data; CBP said at the time it did not intend to renew its contracts anyway. The Inspector General also recommended that ICE stop using such data until it obtained the necessary approvals. But ICE’s response in the report said it would continue to use the data. “CTD is an important mission contributor to the ICE investigative process as, in combination with other information and investigative methods, it can fill knowledge gaps and produce investigative leads that might otherwise remain hidden. Accordingly, continued use of CTD enables ICE HSI to successfully accomplish its law enforcement mission,” the response at the time said.

In January 2024, ICE said it had stopped the purchase of such “commercial telemetry data,” or CTD, which is how DHS refers to location data.

Update: this piece has been updated with a statement from DHS.

ICE says it’s stopped using commercial telemetry data

Spokesperson for Immigration and Customs Enforcement tells FedScoop that the agency is no longer using commercial telemetry data, but regulations are still scant.

^{Rebecca Heilweil (FedScoop)}

404 Media

2025-09-29 14:53:21

Landlords Demand Tenants’ Workplace Logins to Scrape Their Paystubs

Landlords are using a service that logs into a potential renter’s employer systems and scrapes their paystubs and other information en masse, potentially in violation of U.S. hacking laws, according to screenshots of the tool shared with 404 Media.

The screenshots highlight the intrusive methods some landlords use when screening potential tenants, taking information they may not need, or legally be entitled to, to assess a renter.

“This is a statewide consumer-finance abuse that forces renters to surrender payroll and bank logins or face homelessness,” one renter who was forced to use the tool and who saw it taking more data than was necessary for their apartment application told 404 Media. 404 Media granted the person anonymity to protect them from retaliation from their landlord or the services used.

💡
Do you know anything else about any of these companies or the technology landlords are using? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

“I am livid,” they added.

This post is for subscribers only

Become a member to get access to all content
Subscribe now

Landlords Demand Tenants’ Workplace Logins to Scrape Their Paystubs

^{Joseph Cox (404 Media)}

404 Media

2025-09-25 18:20:10

Pissed-off Fans Flooded the Twin Peaks Reddit With AI Slop To Protest Its AI Policies

People on r/twinpeaks flooded the subreddit with AI slop images of FBI agent Dale Cooper and ChatGPT generated scripts after the community’s moderators opened the door to posting AI art. The tide of terrible Twin Peaks related slop lasted for about two days before the subreddit’s mods broke, reversed their decision, and deleted the AI generated content.

Twin Peaks is a moody TV show that first aired in the 1990s and was followed by a third season in 2017. It’s the work of surrealist auteur David Lynch, influenced lots of TV shows and video games that came after and has a passionate fan base that still shares theories and art to this day. Lynch died earlier this year and since his passing he’s become a talking point for pro-AI art people who point to several interviews and second hand stories they claim show Lynch had embraced an AI-generated slop future.

On Tuesday, a mod posted a long announcement that opened the doors to AI on the sub. In a now deleted post titled “Ai Generated Content On r/twinpeaks,” the moderator outlined the position that the sub was a place for everyone to share memes, theories, and “anything remotely creative as long as it has a loose string to the show or its case or its themes. Ai generated content is included in all of this.”

The post went further. “We are aware of how Ai ‘art’ and Ai generated content can hurt real artists,” the post said. “Unfortunately, this is just the reality of the world we live in today. At this point I don’t think anything can stop the Ai train from coming, it’s here and this is only the beginning. Ai content is becoming harder and harder to identify.”

The mod then asked Redditors to follow an honor system and label any post that used AI with a special new flair so people could filter out those posts if they didn’t want to see them. “We feel this is a best of both worlds compromise that should keep everyone fairly happy,” the mod said.

An honor system, a flair, and a filter did not mollify the community. In the following 48 hours Lynch fans expressed their displeasure by showing r/twinpeaks what it looks like when no one can “stop the Ai train from coming.” They filled the subreddit with AI-generated slop in protest, including horrifying pictures of series protagonist Cooper doing an end-zone dance on a football field while Laura Palmer screamed in the sky and more than a few awful ChatGPT generated scripts.
Image via r/twinpeaks.
Free-IDK-Chicken, a former mod of r/twinpeaks who resigned over the AI debacle, said the post wasn’t run by other members of the mod team. “It was poorly worded. A bad take on a bad stance and it blew up in their face,” she told 404 Media. “It spiraled because it was condescending and basically told the community--we don’t care that it’s theft, that it’s unethical, we’ll just flair it so you can filter it out…they missed the point that AI art steals from legit artists and damages the environment.”

According to Free-IDK-Chicken, the subreddit’s mods had been fighting over whether or not to ban AI art for months. “I tried five months ago to get AI banned and was outvoted. I tried again last month and was outvoted again,” she said.

On Thursday morning, with the subreddit buried in AI slop, the mods of r/twinpeaks relented, banned AI art, and cleaned up the protest spam. “After much thought and deliberation about the response to yesterday's events, the TP Mod Team has made the decision to reverse their previous statement on the posting of AI content in our community,” the mods said in a post announcing the new policy. “Going forward, posts including generative AI art or ChatGPT-style content are disallowed in this subreddit. This includes posting AI google search results as they frequently contain misinformation.”

Lynch has become a mascot for pro AI boosters. An image on a pro-AI art subreddit depicts Lynch wearing an OpenAI shirt and pointing at the viewer. “You can’t be punk and also be anti-AI, AI-phobic, or an AI denier. It’s impossible!” reads a sign next to the AI-generated picture of the director.
Image via r/slopcorecirclejerk
As evidence, they point to aBritish Film Institute interview published shortly before his death where he lauds AI and calls it “incredible as a tool for creativity and for machines to help creativity.” AI boosters often leave off the second part of the quote. “I’m sure with all these things, if money is the bottom line, there’d be a lot of sadness, and despair and horror. But I’m hoping better times are coming,” Lynch said.
Image via r/slopcorecirclejerk
The other big piece of evidence people use to claim Lynch was pro-AI is a secondhand account given to Vulture by his neighbor, the actress Natasha Lyonne. According to the interview in Vulture, Lyonne asked Lynch for his thoughts on AI and Lynch picked up a pencil and told her that everyone has access to it and to a phone. “It’s how you use the pencil. You see?” He said.

Setting aside the environmental and ethical arguments against AI-generated art, if AI is a “pencil,” most of what people make with it is unpleasant slop. Grotesque nonsense fills our social media feeds and AI-generated Jedis and Ghiblis have become the aesthetic of fascism.

We've seen other platforms and communities struggle with keeping AI art at bay when they've allowed it to exist alongside human-made content. On Facebook, Instagram, and Youtube, low-effort garbage is flooding online spaces and pushing productive human conversation to the margins, while floating to the top of engagement algorithms.

Other artist communities are pushing back against AI art in their own ways: Earlier this month, DragonCon organizers ejected a vendor for displaying AI-generated artwork. Artists’ portfolio platform ArtStation banned AI-generated content in 2022. And earlier this year, artists protested the first-ever AI art auction at Christie’s.

Artists Are Revolting Against AI Art on ArtStation 

Artists are fed up with AI art on the portfolio platform, which is owned by Epic Games, but the company isn't backing down.

^{Chloe Xiang (VICE)}

404 Media

2025-09-25 13:53:05

How Surveillance Firms Use ‘Democracy’ As a Cover for Serving ICE and Trump

In a blog post published in June, Garrett Langley, the CEO and co-founder of surveillance company Flock, said “We rely on the democratic process, on the individuals that the majority vote for to represent us, to determine what is and is not acceptable in cities and states.” The post explained that the company believes the laws of the country and individual states and municipalities, not the company, should determine the limits of what Flock’s technology can be used for, and came after 404 Media revealed local police were tapping into Flock’s networks of AI-enabled cameras for ICE, and that a sheriff in Texas performed a nationwide search for a woman who self-administered an abortion.

💡
Do you work at any of these companies or others like them? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

Langley’s statement echoes a common refrain surveillance and tech companies selling their products to Immigration and Customs Enforcement (ICE) or other parts of the U.S. government have said during the second Trump administration: we live in a democracy. It is not our job to decide how our powerful capabilities, which can track peoples’ physical location, marry usually disparate datasets together, or crush dissent, can or should be used. At least, that’s the thrust of the argument. That is despite the very clear reality that the first Trump administration was very different to the Biden administration, and both pale in comparison to Trump 2.0, with the executive branch and various agencies flaunting ordinary democratic values. The idea of what a democracy is capable of has shifted.

This post is for subscribers only

Become a member to get access to all content
Subscribe now

How Surveillance Firms Use ‘Democracy’ As a Cover for Serving ICE and Trump

^{Joseph Cox (404 Media)}

404 Media

2025-09-18 17:46:58

Contractor Used Classified CIA Systems as ‘His Own Personal Google’

This article was produced in collaboration with Court Watch, an independent outlet that unearths overlooked court records. Subscribe to them here.

A former CIA official and contractor, who at the time of his employment dug through classified systems for information he then sold to a U.S. lobbying firm and foreign clients, used access to those CIA systems as “his own personal Google,” according to a court record reviewed by 404 Media and Court Watch.

💡
Do you know anything else about this case? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

Dale Britt Bendler, 68, was a long running CIA officer before retiring in 2014 with a full pension. He rejoined the agency as a contractor and sold a wealth of classified information, according to the government’s sentencing memorandum filed on Wednesday. His clients included a U.S. lobbying firm working for a foreigner being investigated for embezzlement and another foreign national trying to secure a U.S. visa, according to the court record.

This post is for subscribers only

Become a member to get access to all content
Subscribe now

Contractor Used Classified CIA Systems as ‘His Own Personal Google’

Dale Britt Bendler “​​earned approximately $360,000 in private client fees while also working as a full-time CIA contractor with daily access to highly classified material that he searched like it was his own personal Google,” according to a court re…

^{Joseph Cox (404 Media)}

404 Media

2025-09-18 17:19:49

Union Warns Professors About Posting In the ‘Current Climate’

A union that represents university professors and other academics published a guide on Wednesday tailored to help its members navigate social media during the “current climate.” The advice? Lock down your social media accounts, expect anything you post will be screenshotted, and keep things positive. The document ends with links to union provided trauma counseling and legal services.

The American Association of University Professors (AAUP) published the two page document on September 17, days after the September 10 killing of right-wing pundit Charlie Kirk. The list of college professors and academics who've been censured or even fired for joking about, criticizing, or quoting Kirk after his death is long.
playlist.megaphone.fm?p=TBIEA2…
Clemson University in South Carolina fired multiple members of its faculty after investigating their Kirk-related social media posts. On Monday the state’s Attorney General sent the college a letter telling it that the first amendment did not protect the fired employees and that the state would not defend them. Two universities in Tennessee fired multiple members of the staff after getting complaints about their social media posts. The University of Mississippi let a member of the staff go because they re-shared a comment about Kirk that people found “insensitive.” Florida Atlantic University placed an art history professor on administrative leave after she posted about Kirk on social media. Florida's education commissioner later wrote a letter to school superintendents warning them there would be consequences for talking about Kirk in the wrong way. “Govern yourselves accordingly,” the letter said.

AAUP’s advice is meant to help academic workers avoid ending up as a news story. “In a moment when it is becoming increasingly difficult to predict the consequences of our online speech and choices, we hope you will find these strategies and resources helpful,” it said.

Here are its five explicit tips: “1. Set your personal social media accounts to private mode. When prompted, approve the setting to make all previous posts private. 2. Be mindful that anything you post online can be screenshotted and shared. 3. Before posting or reposting online commentary, pause and ask yourself: a. Am I comfortable with this view potentially being shared with my employer, my students, or the public? Have I (or the person I am reposting) expressed this view in terms I would be comfortable sharing with my employer, my students, or the public?”

The advice continues: “4. In your social media bios, state that the views expressed through the account represent your own opinions and not your employer. You do not need to name your employer. Consider posting positive statements about positions you support rather than negative statements about positions you disagree with. Some examples could be: ‘Academic freedom is nonnegotiable,’ ‘The faculty united will never be divided,’ ‘Higher ed research saves lives,’ ‘Higher ed transforms lives,’ ‘Politicians are interfering with your child’s education.’”

The AAUPthen provides five digital safety tips that include setting up strong passwords, installing software updates as soon as they’re available, using two-factor authentication, and never using employer email addresses outside of work.

The last tip is the most revealing of how academics might be harassed online through campaigns like Turning Point USA’s “Professor Watchlist.” “Search for your name in common search engines to find out what is available about you online,” AAUP advises. “Put your name in quotation marks to narrow the search. Search both with and without your institution attached to your name.”

After that, the AAUP provided a list of trauma, counseling, and insurance services that its members have access to and a list of links to other pieces of information about protecting themselves.

“It’s good basic advice given that only a small number of faculty have spent years online in my experience, it’s a good place to start,” Pauline Shanks Kaurin, the former military ethics professor at the U.S. Naval War College told 404 Media. Kaurin resigned her position at the college earlier this year after realizing that the college would not defend academic freedom during Trump’s second term.

“I think this reflects the heightened level of scrutiny and targeting that higher ed is under,” Kaurin said. “While it’s not entirely new, the scale is certainly aided by many platforms and actors that are engaging on [social media] now when in the past faculty might have gotten threatening phone calls, emails and hard copy letters.”

The AAUP guidance was co-written by Isaac Kamola, an associate professor at Trinity College and the director of the AAUP’s Center for Academic Freedom. Kamola told 404 Media that the recommendations came for years of experience working with faculty who’ve been on the receiving end of targeted harassment campaigns. “That’s incredibly destabilizing,” he said. “It’s hard to explain what it’s like until it happens to you.”

Kamola said that academic freedom was already under threat before Kirk’s death. “It’s a multi-decade strategy of making sure that certain people, certain bodies, certain dies, are not in higher education, so that certain other ones can be, so that you can reproduce the ideas that a political apparatus would prefer existed in a university,” he said.

It’s telling that the AAUP felt the need to publish this, but the advice is practical and actionable, even for people outside of academia. Freedom of expression is under attack in America and though academics and other public figures are perhaps under the most threat, they aren’t the only ones. Secretary of Defense Pete Hegseth said the Pentagon is actively monitoring the social media activity of military personnel as well as civilian employees of the Department of Defense.

“It is unacceptable for military personnel and Department of War civilians to celebrate or mock the assassination of a fellow American,” Sean Parnell, public affairs officer at the Pentagon, wrote on X, using the new nickname for the Department of Defense. In the private sector, Sony fired one of its video game developers after they made a joke on X about Kirk’s death and multiple journalists have been fired for Kirk related comments.

AAUP did not immediately respond to 404 Media’s request for comment.

MSNBC fires analyst Matthew Dowd over Charlie Kirk shooting remarks

Dowd said the slain activist’s words may have fueled the violence that claimed his life, sparking backlash

^{Joseph Gedeon (The Guardian)}

404 Media

2025-09-04 13:45:40

This Company Turns Dashcams into ‘Virtual CCTV Cameras.’ Then Hackers Got In

A hacker has broken into Nexar, a popular dashcam company that pitches its users’ dashcams as “virtual CCTV cameras” around the world that other people can buy images from, and accessed a database of terabytes of video recordings taken from cameras in drivers’ cars. The videos obtained by the hacker and shared with 404 Media capture people clearly unaware that a third party may be watching or listening in. A parent in a car soothing a baby. A man whistling along to the radio. Another person on a Facetime call. One appears to show a driver heading towards the entrance of the CIA’s headquarters. Other images, which are publicly available in a map that Nexar publishes online, show drivers around sensitive Department of Defense locations.

The hacker also found a list of companies and agencies that may have interacted with Nexar’s data business, which sells access to blurred images captured by the cameras and other related data. This can include monitoring the same location captured by Nexar’s cameras over time, and lets clients “explore the physical world and gain insights like never before,” and use its virtual CCTV cameras “to monitor specific points of interest,” according to Nexar’s website.

This post is for subscribers only

Become a member to get access to all content
Subscribe now

This Company Turns Dashcams into ‘Virtual CCTV Cameras.’ Then Hackers Got In

A hacker has compromised Nexar, which turns peoples' cars into "virtual CCTV cameras" that organizations can then buy images from. The images include sensitive U.S. military and intelligence facilities.

^{Joseph Cox (404 Media)}

404 Media

2025-08-25 13:06:49

Citizen Is Using AI to Generate Crime Alerts With No Human Review. It’s Making a Lot of Mistakes

Crime-awareness app Citizen is using AI to write alerts that go live on the platform without any prior human review, leading to factual inaccuracies, the publication of gory details about crimes, and the exposure of sensitive data such as peoples’ license plates and names, 404 Media has learned.

The news comes as Citizen recently laid off more than a dozen unionized employees, with some sources believing the firings are related to Citizen’s increased use of AI and the shifting of some tasks to overseas workers. It also comes as New York City enters a more formal partnership with the app.

💡
Do you know anything else about how Citizen or others are using AI? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

“Speed was the name of the game,” one source told 404 Media. “The AI was capturing, packaging, and shipping out an initial notification without our initial input. It was then our job to go in and add context from subsequent clips or, in instances where privacy was compromised, go in and edit that information out,” they added, meaning after the alert had already been pushed out to Citizen’s users.

This post is for subscribers only

Become a member to get access to all content
Subscribe now

Citizen Is Using AI to Generate Crime Alerts With No Human Review. It’s Making a Lot of Mistakes

^{Joseph Cox (404 Media)}