404 Media

2026-02-24 15:40:49

This App Warns You if Someone Is Wearing Smart Glasses Nearby

A new hobbyist developed app warns if people nearby may be wearing smart glasses, such as Meta’s Ray-Ban glasses, which stalkers and harassers have repeatedly used to film people without their knowledge or consent. The app scans for smart glasses’ distinctive Bluetooth signatures and sends a push alert if it detects a potential pair of glasses in the local area.

The app comes as companies such as Meta continue to add AI-powered features to their glasses. Earlier this month The New York Times reported Meta was working on adding facial recognition to its smart glasses. “Name Tag,” as the feature is called, would let smart glasses wearers identify people and get information about them from Meta’s AI assistant, the report said.

“I consider it to be a tiny part of resistance against surveillance tech,” Yves Jeanrenaud, the hobbyist developer and sociologist who made the app, told 404 Media.

To use the app, called Nearby Glasses, users download it from the Google Play Store or GitHub. They may need to tweak some settings such as “enable foreground service” to keep the app scanning. Then they press “Start Scanning” and a debug log will show the app’s activity. If it detects what it believes to be a pair of smart glasses, the app will send a notification: “⚠️ Smart Glasses are probably nearby,” it reads, according to a screenshot posted to the app’s Play Store page.

💡
Do you work at Meta or know anything else about its smart glasses? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

The app works by looking for Bluetooth “advertising frames,” which are small bits of data devices regularly broadcast as part of their normal operation. Jeanrenaud said he referenced a directory of Bluetooth Low Energy (BLE) manufacturers, then made the app scan for Meta, Luxottica Group S.p.A which partners with Meta on its smart glasses, and Snap, which has its own smart glasses offering.

“If it sees an advertising frame of these manufacturers, it notifies you. That’s basically it,” Jeanrenaud said. The Play Store page says the app likely generates false positives, such as from VR headsets. That is what happened in 404 Media’s test too: We ran the app near a Meta Quest 2 headset; the app detected the device, with its debug log saying “Meta Quest 2,” and the app sent a notification saying smart glasses were nearby. Of course, when walking around in public, it is less likely that someone is going to be wearing a VR headset than a pair of smart glasses.

“This is a tech solution to a social problem exaggerated by tech. I do not want to promote techsolutionism nor do I want people to feel falsely secure. It's still imperfect,” Jeanrenaud added.
playlist.megaphone.fm?p=TBIEA2…
Jeanrenaud said he decided to make the app after reading some of 404 Media’s coverage of how people are using Meta’s Ray-Ban smart glasses. He specifically pointed to this article, about how men are filming women inside massage parlors seemingly without their consent. Jeanrenaud also referenced 404 Media’s coverage showing multiple Customs and Border Protection (CBP) officials wore the AI glasses during immigration raids, including with the recording light clearly illuminated.

“Obviously, surveillance tech is not only abused by government thugs, it's also a tech boosting misogynist behaviour and rape culture,” Jeanrenaud said.

404 Media has also reported how two students coupled Meta’s Ray-Bans with off-the-shelf facial recognition technology and people search sites to turn them into glasses that instantly doxed people; and shown how a $60 mod easily disables the privacy-protecting recording light in the glasses, making it easier for wearers to film people without them knowing.

Neither Meta nor Google responded to a request for comment about the new app.

When Google released Google Glass, the first substantive pair of consumer smart glasses more than ten years ago, some people heckled or ripped the glasses from wearers’ faces. Those glasses looked very distinct. Meta’s Ray-Ban glasses, meanwhile, are designed to look just like any other pair of glasses, making it more difficult for passersby to know if someone is wearing a smart device or not. Not impossible, though: in December, a woman on the New York subway allegedly broke a man’s pair of Meta's smart glasses while he was filming a piece of content.

The app’s Play Store page says after identifying a device, a user “may act accordingly.”

Jeanrenaud said he can imagine that including what the woman on the subway allegedly did. “Or people just tell them politely to fuck off.”

I Was Assaulted For Wearing Google Glass

It happened in an instant.

^{Kyle Russell (Business Insider)}

404 Media

2026-02-16 14:00:36

Underground Facial Recognition Tool Unmasks Camgirls

An underground site uses facial recognition to reveal the site a camgirl streams on, potentially letting someone take a woman’s photo from social media, then use the site to out their sex work.

The site presents a serious privacy risk to sex workers, some who may not want stalkers, harassers, or employers to discover their profiles. The site’s creator claimed to 404 Media that millions of searches are done each month on the site.

“The site was created to help users find the models they like. For example, if they saw a random video or image on the internet without attribution,” the creator, who did not provide their name, said in an email. “Or just to see on which other platforms a model is active.”

Camgirlfinder has been running for several years, with most adult streaming platforms being added in 2021, the site says. It claims to have a database of 2,187,453,798 faces from 7,050,272 persons. The site says the database it uses contains faces from a wide variety of adult streaming platforms, including Chaturbate, MyFreeCams, and LiveJasmin. Of course, sex workers often have multiple accounts on multiple sites.

💡
Do you know anything else about this site or others like it? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

404 Media tested the service by uploading a photo of a camgirl who streams publicly. The site then successfully found her other profiles on other streaming platforms.

The results page shows other similar faces the site detected. The results include the model’s username on the streaming platform; the probability of the face match; and the last time their account was online. “Additionally you can see the most similar persons for each individual person of this model account. This is a great way to find all other accounts of a model,” the site says.

Users can also search the database of models by their username or a term similar to it. The database appears to include sex workers who may not have streamed for years, creating the risk that someone may use the site to find them even if they decided to not stream anymore. The site then sells all images it has of a particular person for $1 per model.
playlist.megaphone.fm?p=TBIEA2…
Asked about how this site impacts camgirls’ privacy, and how someone could take a photo from social media then unmask a person’s channels, the creator said, “If that is a problem for you then the sad reality is this job is not for you. If you publicly stream your face for everyone to see to the internet, people will obviously see it.”

“One consequence of this job is you can not publish images of yourself on your private social media accounts, if you want to keep them private (just for friends and family). This is similar to actors, politicians, youtubers or other public figures. If you stream content to the public internet you become a public figure yourself,” they said.

The site says models can opt-out from their results appearing if they fill out a form. The creator claimed to 404 Media that around 25,000 accounts have opted-out, with most models having multiple accounts across different platforms. “Yes, their images get deleted,” they claim.

The creator told 404 Media the site uses AdaFace, an open source face matching algorithm.

Over the last several years, facial recognition technology has morphed from a government surveillance tool, to one that members of the public use regularly against one another. In 2023, we covered a TikTok account that was using off-the-shelf facial recognition tech to dox random people on the internet for the amusement of millions of viewers. The following year, we reported two students had taken facial recognition software and paired it with Meta’s RayBan smart glasses, letting them dox people in seconds.

While government agencies, including ICE, continue to use facial recognition too, some people have used that technology to monitor those agencies instead. Last year, artist Kyle McDonald launched FuckLAPD.com, a site that uses public records and facial recognition technology to allow anyone to identify police officers.

Someone Put Facial Recognition Tech onto Meta's Smart Glasses to Instantly Dox Strangers

The technology, which marries Meta’s smart Ray Ban glasses with the facial recognition service Pimeyes and some other tools, lets someone automatically go from face, to name, to phone number, and home address.

^{Joseph Cox (404 Media)}

404 Media

2026-02-12 14:14:48

Cops Are Buying ‘GeoSpy’, an AI That Geolocates Photos in Seconds

📄
This article was primarily reported using public records requests. We are making it available to all readers as a public service. FOIA reporting can be expensive, please consider subscribing to 404 Media to support this work. Or send us a one time donation via our tip jar here.

The Miami-Dade Sheriff’s Office (MDSO) and the Los Angeles Police Department (LAPD) have bought access to GeoSpy, an AI tool that can near instantly geolocate a photo using clues in the image such as architecture and vegetation, with plans to use it in criminal investigations, according to a cache of internal police emails obtained by 404 Media.

The emails provide the first confirmed purchases of GeoSpy’s technology by law enforcement agencies. On its website GeoSpy has previously published details of investigations it says used the technology, but did not name any agencies who bought the tool.

“The Cyber Crimes Bureau is piloting a new analytical tool called GeoSpy. Early testing shows promise for developing investigative leads by identifying geospatial and temporal patterns,” an MDSO email reads.

This post is for subscribers only

Become a member to get access to all content
Subscribe now

Cops Are Buying ‘GeoSpy’, an AI That Geolocates Photos in Seconds

^{Joseph Cox (404 Media)}

404 Media

2026-02-11 20:53:57

Free Tool Says it Can Bypass Discord's Age Verification Check With a 3D Model

A newly released tool claims it can bypass Discord’s age verification system by allowing users to control a 3D model of a computer-generated man in their browser instead of scanning their real face.

On Monday, Discord announced it was launching teen-by-default settings globally, meaning that more users may be required to verify their age by uploading an identity document or taking a selfie. Users responded with widespread criticism, with Discord then publishing an update saying, “You need to be an adult to access age-restricted experiences such as age-restricted servers and channels or to modify certain safety settings.”

The tool, however, shows those age verification checks may be bypassed. 404 Media previously reported kids said they were using photos of Trump and G-Man from Half Life to bypass the age verification software in the popular VR game Gorilla Tag. That game uses the service k–ID, which is the same as what Discord is using.

This post is for subscribers only

Become a member to get access to all content
Subscribe now

Free Tool Says it Can Bypass Discord's Age Verification Check With a 3D Model

The tool presents users with a 3D model they can then manipulate to, the creator says, bypass Discord's age verification system.

^{Joseph Cox (404 Media)}

404 Media

2026-02-04 14:05:33

FBI Couldn’t Get into WaPo Reporter’s iPhone Because It Had Lockdown Mode Enabled

The FBI has been unable to access a Washington Post reporter’s seized iPhone because it was in Lockdown Mode, a sometimes overlooked feature that makes iPhones broadly more secure, according to recently filed court records.

The court record shows what devices and data the FBI was able to ultimately access, and which devices it could not, after raiding the home of the reporter, Hannah Natanson, in January as part of an investigation into leaks of classified information. It also provides rare insight into the apparent effectiveness of Lockdown Mode, or at least how effective it might be before the FBI may try other techniques to access the device.

💡
Do you know anything else about phone unlocking technology? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

This post is for subscribers only

Become a member to get access to all content
Subscribe now

FBI Couldn’t Get into WaPo Reporter’s iPhone Because It Had Lockdown Mode Enabled

Lockdown Mode is a sometimes overlooked feature of Apple devices that broadly make them harder to hack. A court record indicates the feature might be effective at stopping third parties unlocking someone's device. At least for now.

^{Joseph Cox (404 Media)}

404 Media

2026-02-03 14:00:28

Wedding Photo Booth Company Exposes Customers’ Drunken Photos

A photo booth company that caters to weddings, lobbying events in D.C., and engagement parties has exposed a cache of peoples’ photos, with the revellers likely unaware that their sometimes drunken antics have been collected and insecurely stored by the company for anyone to download. A security researcher who flagged the issue to 404 Media said the company, Curator Live, has not responded to his request to fix the issue.

The exposure, which also includes phone numbers, highlights how we can face data collection even at innocuous events like weddings. It’s also not even the only recent exposure by a photo booth company. TechCrunch reported on a similar issue with a different company in December.

“Even if you just wanted the printed photo, your data is being held by a third party unbeknownst to you,” the security researcher, who requested anonymity to speak about a sensitive security issue, said. “The fact that this third party leaks it freely is icing on the cake. It violates any reasonable expectation of privacy.”

In all, the researcher says at least 100GB of photos are exposed. 404 Media reviewed a smaller sample of photos. They show people at various weddings and engagement parties cheering and drinking. Some photos include children. Others appear to have been taken at a NASA branded event.

“You can attribute the phone numbers to photos of people in some cases. I think the greatest reasonable risk for photo booth users is that it could reveal intimate photos,” the researcher added.

Curator Live’s website says the company “delivers industry-leading enterprise photo and video capture solutions. From photo booth operators to zoos, sports events, attractions, and vacation destinations, we help your brand create unforgettable experiences and lasting memories.”

As for how they found this issue, the researcher said they went to a wedding where the DJ company had a Curator Live photo booth. “The booth was configured to take four or so photos, then printed them out. The machine promoted the user for a phone number to receive digital copies of the photos,” he said.

After reluctantly entering his number, the researcher received a text with a link to Curator Live’s API, he said. From there, he found the exposed data. The company is still exposing people’s data so 404 Media is not explaining the security issue in detail. But the impact is that a stranger could dig through other peoples’ photos.

The researcher shared a copy of his email he sent to Curator Live in November detailing the issue. The researcher said he never received a response. “Fix your shit,” one line read.

Curator Live did not respond to 404 Media’s request for comment.

Flaw in photo booth maker’s website exposes customers’ pictures | TechCrunch

Hama Film makes photo booths that upload pictures and videos online. But their back-end systems have a simple flaw that allows anyone to download customer pictures.

^{Lorenzo Franceschi-Bicchierai (TechCrunch)}

404 Media

2026-02-02 14:00:16

Privacy Telecom ‘Cape’ Introduces ‘Disappearing Call Logs’ That Delete Every 24 Hours

Cape, a privacy-focused telecommunications company, says it has introduced a feature that automatically deletes a user’s call data records, such as who they call and when, every 24 hours. These “disappearing call logs” as Cape describes them break with the telecom industry standard of keeping hold of call logs for months if not years.

“One of our first design principles was to minimize the amount of data that we collect and the amount of data that we store,” John Doyle, CEO of Cape, told 404 Media in an interview. “There’s no other business purpose to keep most of these logs more than like a day.”

Call data records, or CDRs, are metadata about a user’s phone call and text records. This includes the phone number the user contacted. This information can be especially revealing, showing that a particular person called an abortion clinic, for instance. In 2024, hackers stole “nearly all” of AT&T customers’ call records spanning several months. That in turn started a rush from the FBI to protect the identities of confidential informants, Bloomberg reported. That hack was so damaging in part because AT&T kept its customers’ call records for an extended period of time.

💡
Do you know about any other similar tools? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

Cape is a mobile virtual network operator (MVNO), meaning it runs its service on top of other companies’ existing telecommunications infrastructure. Cape isn’t building cellphone towers; it’s making software to add security benefits. Cape is able to make changes to how long it retains data and other technical aspects because it runs its own mobile core—all of the software necessary to route messages and essentially be a telecom.

404 Media asked Cape to demonstrate that CDRs were being deleted. In response, Cape made a video describing the process. It appeared to show that the databases Cape uses to store CDRs did only contain data from a 24 hour period. Previously, Cape stored CDRs for 60 days, “which was already well short of industry standards,” Doyle said. Cape says it does hold “billing CDRs” for longer, for 30 days. These records are used to determine how much Cape has used carriers’ infrastructure.
playlist.megaphone.fm?p=TBIEA2…
Cape’s CDRs are made when a customer uses the Cape phone number assigned to their account. The change wouldn’t impact data generated by an app such as Signal; those are separate, and Signal already has various metadata protections.

Doyle said Cape did not warn law enforcement about the change to CDR retention beforehand. “I guess they’ll find out in the same way everyone else does,” he said. He added that the company still is in keeping with CALEA, or the Communications Assistance for Law Enforcement Act, which requires telecommunications companies to respond to legal demands for data.

Because Cape is piggybacking off other carriers’ infrastructure, that does mean that somewhere along the line those other companies could store their own copy of Cape users’ data.

“It’s definitely true that some of our carrier partners may collect some information,” Doyle said, including the IMEI, a unique identifier assigned to a device.

Since I first covered Cape in 2024, I occasionally get emails asking me if Cape is a honeypot, in the sense that maybe it is a ruse to then provide data to the authorities. Doyle is also formerly of Palantir.

“All I can do is say we definitively are not a honeypot,” Doyle said. “It’s so hard to prove a negative, but I say it out loud every chance I get.”

Hackers Steal Text and Call Records of ‘Nearly All’ AT&T Customers

In one of the most significant data breaches in recent history, hackers stole AT&T customers’ call and text metadata spanning several months.

^{Joseph Cox (404 Media)}

404 Media

2025-12-13 08:01:06

How a US Citizen Was Scanned With ICE's Facial Recognition Tech

This article is a partnership between Reveal and 404 Media.

Jesus Gutiérrez, 23, was walking home one morning from a Chicago gym when he noticed a gray Cadillac SUV with no license plates. He kept walking, shrugging it off. Then the car pulled over and two men got out.

The federal immigration officials told him not to run. They then peppered Gutiérrez with questions: Where are you going? Where are you coming from? Do you have your ID on you?

Gutiérrez is a U.S. citizen. He told the officials this. He didn’t have any identification on him, but, panicking, he tried to find a copy on his phone. The agents put him into the car, where another two agents were waiting, and handcuffed him. Just sit there and be quiet, they said.

💡
Has this happened to you or someone you know? Do you have any videos of ICE or CBP scanning people's faces? Do you work for either agency? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

Without Gutiérrez’s ID, the agents resorted to another approach. They took a photo of his face. A short while later, the agents got their answer: “Oh yeah, he’s right. He’s saying the right thing. He does got papers,” Gutiérrez recalled the agents saying.

This post is for subscribers only

Become a member to get access to all content
Subscribe now

How a US Citizen Was Scanned With ICE's Facial Recognition Tech

^{Joseph Cox (404 Media)}

404 Media

2025-12-09 15:04:59

Man Charged for Wiping Phone Before CBP Could Search It

A man in Atlanta has been arrested and charged for allegedly deleting data from a Google Pixel phone before a member of a secretive Customs and Border Protection (CBP) unit was able to search it, according to court records and social media posts reviewed by 404 Media. The man, Samuel Tunick, is described as a local Atlanta activist in Instagram and other posts discussing the case.

The exact circumstances around the search—such as why CBP wanted to search the phone in the first place—are not known. But it is uncommon to see someone charged specifically for wiping a phone, a feature that is easily accessible in some privacy and security-focused devices.

💡
Do you know anything else about this case? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

This post is for subscribers only

Become a member to get access to all content
Subscribe now

Man Charged for Wiping Phone Before CBP Could Search It

^{Joseph Cox (404 Media)}

404 Media

2025-12-05 17:05:47

DHS’s Immigrant-Hunting App Removed from Google Play Store

A Customs and Border Protection (CBP) app that lets local cops use facial recognition to hunt immigrants on behalf of the federal government has been removed from the Google Play Store, 404 Media has learned.

It is unclear if the removal is temporary or not, or what the exact reason is for the removal. Google told 404 Media it did not remove the app, and directed inquiries to its developer. CBP did not immediately respond to a request for comment.

Its removal comes after 404 Media documented multiple instances of CBP and ICE officials using their own facial recognition app to identify people and verify their immigration status, including people who said they were U.S. citizens.

💡
Do you know anything else about this removal or this app? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

The removal also comes after “hundreds” of Google employees took issue with the app, according to a source with knowledge of the situation.

This post is for subscribers only

Become a member to get access to all content
Subscribe now

DHS’s Immigrant-Hunting App Removed from Google Play Store

^{Joseph Cox (404 Media)}

404 Media

2025-11-18 16:00:44

IRS Accessed Massive Database of Americans Flights Without a Warrant

The IRS accessed a database of hundreds of millions of travel records, which show when and where a specific person flew and the credit card they used, without obtaining a warrant, according to a letter signed by a bipartisan group of lawmakers and shared with 404 Media. The country’s major airlines, including Delta, United Airlines, American Airlines, and Southwest, funnel customer records to a data broker they co-own called the Airlines Reporting Corporation (ARC), which then sells access to peoples’ travel data to government agencies.

The IRS case in the letter is the clearest example yet of how agencies are searching the massive trove of travel data without a search warrant, court order, or similar legal mechanism. Instead, because the data is being sold commercially, agencies are able to simply buy access. In the letter addressed to nine major airlines, the lawmakers urge them to shut down the data selling program. Update: after this piece was published, ARC said it already planned to shut down the program. You can read more here.

This post is for subscribers only

Become a member to get access to all content
Subscribe now

IRS Accessed Massive Database of Americans Flights Without a Warrant

^{Joseph Cox (404 Media)}

404 Media

2025-11-17 14:28:00

This App Lets ICE Track Vehicles and Owners Across the Country

Immigration and Customs Enforcement (ICE) recently invited staff to demos of an app that lets officers instantly scan a license plate, adding it to a database of billions of records that shows where else that vehicle has been spotted around the country, according to internal agency material viewed by 404 Media. That data can then be combined with other information such as driver license data, credit header data, marriage records, vehicle ownership, and voter registrations, the material shows.

The capability is powered by both Motorola Solutions and Thomson Reuters, the massive data broker and media conglomerate, which besides running the Reuters news service, also sells masses of personal data to private industry and government agencies. The material notes that the capabilities allow for predicting where a car may travel in the future, and also can collect face scans for facial recognition.

The material shows that ICE continues to buy or source a wealth of personal and sensitive information as part of its mass deportation effort, from medical insurance claims data, to smartphone location data, to housing and labor data. The app, called Mobile Companion, is a tool designed to be used in real time by ICE officials in the field, similar to its facial recognition app but for finding more information about vehicles.

💡
Do you work at ICE or CBP? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

This post is for subscribers only

Become a member to get access to all content
Subscribe now

This App Lets ICE Track Vehicles and Owners Across the Country

^{Joseph Cox (404 Media)}

404 Media

2025-11-04 14:02:17

How to Opt-Out of Airlines Selling Your Travel Data to the Government

Most people probably have no idea that when you book a flight through major travel websites, a data broker owned by U.S. airlines then sells details about your flight, including your name, credit card used, and where you’re flying to the government. The data broker has compiled billions of ticketing records the government can search without a warrant or court order. The data broker is called the Airlines Reporting Corporation (ARC), and, as 404 Media has shown, it sells flight data to multiple parts of the Department of Homeland Security (DHS) and a host of other government agencies, while contractually demanding those agencies not reveal where the data came from.

It turns out, it is possible to opt-out of this data selling, including to government agencies. At least, that’s what I found when I ran through the steps to tell ARC to stop selling my personal data. Here’s how I did that:

1. I emailed privacy@arccorp.com and, not yet knowing the details of the process, simply said I wish to delete my personal data held by ARC.
2. A few hours later the company replied with some information and what I needed to do. ARC said it needed my full name (including middle name if applicable), the last four digits of the credit card number used to purchase air travel, and my residential address.
3. I provided that information. The following month, ARC said it was unable to delete my data because “we and our service providers require it for legitimate business purposes.” The company did say it would not sell my data to any third parties, though. “However, even though we cannot delete your data, we can confirm that we will not sell your personal data to any third party for any reason, including, but not limited to, for profiling, direct marketing, statistical, scientific, or historical research purposes,” ARC said in an email.
4. I then followed up with ARC to ask specifically whether this included selling my travel data to the government. “Does the not selling of my data include not selling to government agencies as part of ARC’s Travel Intelligence Program or any other forms?” I wrote. The Travel Intelligence Program, or TIP, is the program ARC launched to sell data to the government. ARC updates it every day with the previous day’s ticket sales and it can show a person’s paid intent to travel.
5. A few days later, ARC replied. “Yes, we can confirm that not selling your data includes not selling to any third party, including, but not limited to, any government agency as part of ARC’s Travel Intelligence Program,” the company said.

💡
Do you know anything else about ARC or other data being sold to government agencies? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

Honestly, I was quite surprised at how smooth and clear this process was. ARC only registered as a data broker with the state of California—a legal requirement—in June, despite selling data for years.

What I did was not a formal request under a specific piece of privacy legislation, such as the European Union’s General Data Privacy Regulation (GDPR) or the California Consumer Privacy Act (CCPA). Maybe a request to delete information under the CCPA would have more success; that law says California residents have the legal right to ask to have their personal data deleted “subject to certain exceptions (such as if the business is legally required to keep the information),” according to the California Department of Justice’s website.

ARC is owned and operated by at least eight major U.S. airlines, according to publicly released documents. Its board includes representatives from Delta, United, American Airlines, JetBlue, Alaska Airlines, Canada’s Air Canada, and European airlines Air France and Lufthansa.

Public procurement records show agencies such as ICE, CBP, ATF, TSA, the SEC, the Secret Service, the State Department, the U.S. Marshals, and the IRS have purchased ARC data. Agencies have given no indication they use a search warrant or other legal mechanism to search the data. In response to inquiries from 404 Media, ATF said it follows “DOJ policy and appropriate legal processes” and the Secret Service declined to answer.

An ARC spokesperson previously told 404 Media in an email that TIP “was established by ARC after the September 11, 2001, terrorist attacks and has since been used by the U.S. intelligence and law enforcement community to support national security and prevent criminal activity with bipartisan support. Over the years, TIP has likely contributed to the prevention and apprehension of criminals involved in human trafficking, drug trafficking, money laundering, sex trafficking, national security threats, terrorism and other imminent threats of harm to the United States.” At the time, the spokesperson added “Pursuant to ARC’s privacy policy, consumers may ask ARC to refrain from selling their personal data.”

Airlines Are Collecting Your Data And Selling It To ICE

An aviation industry clearinghouse is collecting passenger information from billions of past and future flights and selling it to Trump’s immigration enforcers.

^{The Lever}

404 Media

2025-10-29 14:40:03

ICE and CBP Agents Are Scanning Peoples’ Faces on the Street To Verify Citizenship

“You don’t got no ID?” a Border Patrol agent in a baseball cap, sunglasses, and neck gaiter asks a kid on a bike. The officer and three others had just stopped the two young men on their bikes during the day in what a video documenting the incident says is Chicago. One of the boys is filming the encounter on his phone. He says in the video he was born here, meaning he would be an American citizen.

When the boy says he doesn’t have ID on him, the Border Patrol officer has an alternative. He calls over to one of the other officers, “can you do facial?” The second officer then approaches the boy, gets him to turn around to face the sun, and points his own phone camera directly at him, hovering it over the boy’s face for a couple seconds. The officer then looks at his phone’s screen and asks for the boy to verify his name. The video stops.

💡
Do you have any more videos of ICE or CBP using facial recognition? Do you work at those agencies or know more about Mobile Fortify? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

This post is for subscribers only

Become a member to get access to all content
Subscribe now

ICE and CBP Agents Are Scanning Peoples’ Faces on the Street To Verify Citizenship

^{Joseph Cox (404 Media)}

404 Media

2025-10-23 12:55:53

A $60 Mod to Meta’s Ray-Bans Disables Its Privacy-Protecting Recording Light

The sound of power tools screech in what looks like a workshop with aluminum bubble wrap insulation plastered on the walls and ceiling. A shirtless man picks up a can of compressed air from the workbench and sprays it. He’s tinkering with a pair of Meta Ray-Ban smart glasses. At one point he squints at a piece of paper, as if he is reading a set of instructions.

Meta’s Ray-Ban glasses are the tech giant’s main attempt at bringing augmented reality to the masses. The glasses can take photos, record videos, and may soon use facial recognition to identify people. Meta’s glasses come with a bright LED light that illuminates whenever someone hits record. The idea is to discourage stalkers, weirdos, or just anyone from filming people without their consent. Or at least warn people nearby that they are. Meta has designed the glasses to not work if someone covers up the LED with tape.

That protection is what the man in the workshop is circumventing. This is Bong Kim, a hobbyist who modifies Meta Ray-Ban glasses for a small price. Eventually, after more screeching, he is successful: he has entirely disabled the white LED that usually shines on the side of Meta’s specs. The glasses’ functions remain entirely intact; the glasses look as-new. People just won’t know the wearer is recording.

This post is for subscribers only

Become a member to get access to all content
Subscribe now

A $60 Mod to Meta’s Ray-Bans Disables Its Privacy-Protecting Recording Light

^{Joseph Cox (404 Media)}