Podcast Summary: The 404 Media Podcast - "We Tracked Ourselves with Exposed Flock Cameras"

Date: December 24, 2025
Hosts: Joseph, Sam Cole, Emmanuel Maiberg, Jason Koebler

Overview

In this episode, the 404 Media team dives into their recent investigation into Flock's AI-powered security cameras being unintentionally exposed to the public internet. They detail their hands-on experience tracking themselves via these exposed cameras, reveal alarming insights into modern surveillance networks, and reflect on some of the site’s most impactful stories from the year. The discussion is lively, deeply informative, and full of insider perspectives on digital security, surveillance capitalism, and the social consequences of tech mismanagement.

Segment 1: Exposing Flock’s Surveillance Cameras (01:52–24:12)

Key Discussion Points & Insights

• Tip-Off and Discovery (02:53)

  • Source: YouTuber Ben Jordan tipped off Jason after uncovering 60 Flock "Condor" pan-tilt-zoom (PTZ) cameras streaming unprotected admin interfaces online.
  • Scope: These aren’t just license plate readers (Flock’s better-known Falcon ALPRs); Condor cameras offer broader, 24/7 video of public and semi-public spaces, tracking not just cars but people.
  • Quote:
    “Basically, Ben Jordan discovered that at least 60 Condor cameras were streaming directly to the Internet… You could see live footage, 31 days of archive, download footage, and even adjust settings—all without a password.” — Jason [05:15]

• The Danger of Misconfiguration (06:34)

  • No hacking was required; the cameras were completely open to anyone with an IP address—no login, no password.
  • Found using Shodan, the IoT search engine often used to find exposed devices on the open web.

• Geolocation Sleuthing (09:17)

  • The team geolocated around ten cameras through street signs, business markers, and Google Maps, finding CCTV feeds at malls, parks, skateparks—even playgrounds.
  • Quote:
    "There was one at a skate park. There was one at a playground where children were playing, which was really, like, quite alarming." — Jason [11:50]

• Watching the Watchers (12:41)

  • Sam recounts watching a rollerblader in a public park:
    "You could just watch this guy rollerblading up and down this path… the camera zooms in on his face, then switches to track him at another part of the park. It was so bizarre… being able to look at the view from the camera, knowing these people have no idea they're being watched. It's just a really strange feeling." — Sam [13:44]

• Testing the System on Themselves (15:15)

  • Jason physically visits two of the camera sites in Bakersfield, CA, intentionally walks into frame, and confirms the immediacy and detail of surveillance.
  • Sam, 3,000 miles away, texts Jason a screenshot of him in the intersection.
  • Quote:
    "It was quite weird and sort of affecting to myself… to walk into the intersection and then see myself show up on the feed." — Jason [16:36]

• Flock’s Broader Surveillance Ambitions (18:10)

  • Flock is building a “holistic surveillance system,” integrating ALPRs and PTZ cameras with "FlockOS"—a police-facing operating system centralizing city-wide surveillance feeds and allowing for real-time panning, tilting, and zooming.
  • AI-powered person-tracking is either manual or automated, and the company claims not to use facial recognition—though others can, using exported video.
  • Quote:
    "It's very clear this company wants to be a lot more. They want to be a holistic surveillance system for American cities." — Jason [18:55]

• Security, Privacy, and Facial Recognition Risks (21:13)

  • Flock blamed a "misconfiguration" and claimed a small number of cameras were affected (they wouldn't specify how many).
  • Ben Jordan demonstrated how third-party tools like PimEyes could run facial recognition on the exported footage, identifying people captured by the cameras.
  • Quote:
    "[Ben] used facial recognition… and was able to determine who individual people were. Of course, he anonymized it… but it’s shocking how much you could learn." — Jason [21:58]

Notable Quotes & Moments

• On the public’s lack of awareness:
  “Knowing that they’re everywhere and being intellectually aware you’re being watched is one thing… but being able to look at the view from the camera, from the point of view of the Flock camera, watching everyone… is such a different experience.” — Sam [14:13]

• On the reality of surveillance states:
  “You can just walk into a feed in Bakersfield, and someone on the other side of the country can see you in real-time on a police camera that’s supposed to be secure.” — Jason [17:09]

Segment 2: Year-in-Review — Most-Read and Impactful Stories (25:41–51:38)

How Year-in-Review Was Compiled (26:09)

• Sam’s criteria: Mixing top-trafficked stories (“the ones people really liked to click on”) with ongoing “beats” that together showed significant impact within their subject areas.

Highlights of Major Stories

1. DOGE Website Vulnerabilities (27:46–30:19)

• Summary:
  A rushed government transparency site, built to tout the benefits of Musk’s involvement with government efficiency (“DOGE”), was found vulnerable to simple SQL injection, letting anyone add or edit content.
• Quote:
  “They slapped together this really shitty website… the database was vulnerable—very rudimentary—people could add and delete things from this website.” — Jason [28:50]

2. TeleMessage Hack (31:41–34:11)

• Summary:
  Investigated a Signal clone app (“TeleMessage”) being used by US government agencies. Soon after exposure, the app (which promised secure, archivable messaging) was breached.
• Quote:
  “The government's still using this tool. They haven’t got rid of it. So who knows? Maybe we’ll see another hack in the future.” — Joseph [34:04]

3. Tea App Breaches & The Weaponization of “Red Flag” Networks (35:36–45:21)

• Summary:
  Tea, a “women’s safety” app for flagging red flags about men (input by verified female users), suffered catastrophic data leaks—ID photos, chats, and more, much of it exploited by 4chan trolls. Further reporting exposed the founder’s attempts to co-opt grassroots “Are We Dating the Same Guy?” Facebook groups via deception.

• Quote:
  “...All the data from the app, namely the selfies and photos of IDs that women uploaded… were being leaked on 4chan… It wasn’t just that the data leaked. It leaked with malicious intent…” — Emmanuel [36:24, 38:44]

• On the broader problem:
  “We’re just in this point with surveillance tech… not only is anyone vulnerable, but anyone can dox anyone. And that’s just created a new normal online that we, I don’t think, fully adapted to yet.” — Emmanuel [44:45]

4. Age Verification Laws and Internet Censorship (46:01–51:33)

• Summary:
  Sam reviews her reporting on the proliferation of age verification laws in the US (now covering half the country), which require adult sites to verify age (sometimes with biometric info or IDs), chilling free expression and risking privacy.

• Quote:
  “Pornhub had blocked access in all these states… they’re complying with the law by shutting down access to their site, because Pornhub has the stance these laws are censorship. This is also our stance, just to be clear.” — Sam [47:45]

• Increasing Pressure on VPNs:
  Lawmakers are now making moves to restrict or ban VPNs, which undercuts attempts to get around these laws.

• On the iterative coverage:
  “Every time I write about this passing in a new state, someone replies, 'I didn’t know my state was one of these.' Which I think is a big deal… You should know what the law is in your state to decide whether you oppose it.” — Sam [50:14]

Timestamps for Segment Highlights

• [02:53] — Initial tip about Flock camera exposure (Jason)
• [06:34] — Cameras found entirely open, no hacking needed
• [12:41] — Rollerblader tracked in the park (Sam)
• [15:15] — Jason geolocates and visits cameras, tracks himself on the feed
• [21:13] — Flock’s reply and third-party facial recognition (Jason)
• [27:46] — DOGE website “transparent” data manipulation
• [31:41] — TeleMessage (Signal clone) hack
• [35:36] — Tea app info-leak and weaponized harassment
• [46:01] — Age verification laws, VPNs, and privacy risk

Final Takeaways & Tone

• Throughout the episode, the team maintains a candid, evidence-heavy, and slightly irreverent tone, with first-hand insights and a strong sense of journalistic mission.
• The Flock investigation underlines the real-life implications of surveillance technology missteps—exposing not only technical vulnerabilities but the raw experience and violation of being watched without consent.
• In the year-in-review, recurring issues surface: the fragility of personal privacy, the pervasiveness of misconfigured and weaponized tech, and the regulatory creep limiting digital freedoms.
• The hosts close with resolve to continue reporting on these issues, explicitly connecting technical stories to everyday people’s safety, privacy, and autonomy.

Standout Quotes with Timestamps

• “You just visit it and it’s like, damn, I’m now looking through a Flock camera.” — Joseph [06:57]
• “It was so bizarre… being able to look at the view from the camera… is such a different experience… these people have no idea that these cameras are here or that they’re being watched.” — Sam [14:13]
• “I drove to that corner, saw the camera, walked into the intersection, and then saw myself show up on the feed.” — Jason [16:36]
• “We’re just in this point with surveillance tech… anyone can dox anyone… a new normal online we haven’t fully adapted to yet.” — Emmanuel [44:45]
• “Pornhub has the stance that the laws are censorship. This is also our stance, just to be clear.” — Sam [47:45]

For Further Listening

• Main Flock camera story and YouTube companion: [Ben Jordan’s video]
• Related stories on 404 Media: Age verification legislation, surveillance tech, open data missteps

Note: Advertisement, subscription, and outro segments are omitted from this summary.