Flock and Cyble Inc. weaponize “cybercrime” takedowns to silence critics

greyface-|2 months ago

If Flock truly believed that the domain name infringes on their trademark, they would file an ICANN UDRP complaint instead of Cloudflare and Hetzner abuse reports.

But they don't, because the former would require them to perjure themselves, and the latter just requires them to lie to a hosting company.

CalChris|2 months ago

I wonder if Flock + Cyble can be sued for fraud. There are 5 elements in a fraud:

  Misrepresentation of Fact
  Knowledge of Falsity
  Intent to Induce Reliance 
  Justifiable Reliance 
  Resulting Damages

jeroenhd|2 months ago

Knowingly filing false DMCA claims will also perjure them.

However, ICANN has a whole procedure they follow where complaints are fact-checked, whereas DMCA takedowns put an unreasonable burden on hosting providers that requires immediate action, and many hosting providers will take such action automatically to protect themselves.

I doubt they care about perjury. They care about results, and the DMCA gets them exactly that.

The phishing reports are interesting, providers aren't necessarily required to act as fast on those. Although, I suspect companies like Cloudflare who get used by countless phishers will probably also set up some kind of automated anti phishing system.

mycall|2 months ago

Cloudfare and Hetzner should see this vulnerability of their own making and DO SOMETHING about it.

moktonar|2 months ago

Cloudflare is becoming the great firewall of America more and more every day

FireBeyond|2 months ago

> But they don't, because the former would require them to perjure themselves, and the latter just requires them to lie to a hosting company.

Doesn't stop anyone with DMCA... DMCA is coming up on almost three decades of being a law, and requires statements made under penalty of perjury.

However many millions (likely billions) of DMCA takedowns issued, who knows how many false/bad faith... I wonder how many have led to prosecutions for perjury, even when filing tens of thousands, en masse...

No need to wonder, the answer is simple. Starts with a "Z" and ends in "ero".

charcircuit|2 months ago

>they would file an ICANN UDRP complaint

Those take on the order of months to go through. Even if they did so, you wouldn't notice until much later. Meanwhile cloudflare and hetzner are faster. If you want to reduce harm by taking down a site you can't just let it stay up for weeks while the ICANN process plays out.

softwaredoug|2 months ago

My city just ended our pilot Flock program. I hope others do the same.

But I think the real issue with Flock will be private security. Random Home Depot parking lots, etc.

https://www.29news.com/2025/12/17/charlottesville-ends-flock...

rrix2|2 months ago

The local credit union in Eugene had installed Flock cams at the entrances to all their branches. They took em down after only a few of our community members began protests out front a few branches and emailing with the CU's leadership before our city terminated our contract and removed the cams

overfeed|2 months ago

> My city just ended our pilot Flock program. I hope others do the same.

If someone would like to engage in grassroots activism on this, may I suggest the perfect domain: getTheFlockOutOfMyCity.com

LostMyLogin|2 months ago

My town in Colorado just did the same. Pretty happy with the result.

_a9|2 months ago

Part 2: Flock and Cyble Inc. Continue to File False Notices

https://haveibeenflocked.com/news/cyble-part2

CamperBob2|2 months ago

This is a Y Combinator company? https://www.ycombinator.com/companies/flock-safety

dang/tomhow, does Y Combinator have a code of ethics that comes into play when one of your funding recipients does something unethical and/or illegal like this?

avaer|2 months ago

One long-standing code is that they moderate YC companies less on HN, allowing criticisms like yours to stand: https://news.ycombinator.com/item?id=34320816

To HN's credit I haven't seen this rule violated.

For example I wouldn't have known it was a YC company if not for your comment.

nerdsniper|2 months ago

To some extent, YCombinator partners are on the record[0] supporting the idea of their startups doing illegal things. Generally they'll frame this as challenging outdated regulations, but they acknowledge that the founders whose strategies they fully support sometimes come into office hours and discuss how they're worried that the strategy puts them at risk of going to jail.

0: https://www.youtube.com/watch?v=Hm-ZIiwiN1o&t=8m46s

edm0nd|2 months ago

yeah their code of ethics is to laugh all the way to the bank and be untouchable. nothing will happen to them from YC.

mmooss|2 months ago

Are dang and tomhow involved at all in YC member ethics? I expect they know about ethical behavior on HN.

unknown|2 months ago

[deleted]

nrhrjrjrjtntbt|2 months ago

VC system with multiple investors means YC can't tell their company what to do. No mote than you can tell Google what to do because you have $100M in shares.

venturecruelty|2 months ago

First time?

s5300|2 months ago

[deleted]

wahnfrieden|2 months ago

[deleted]

sergiotapia|2 months ago

So these are the scumbags putting cameras in front of schools and sending tickets to people on Sundays. Thank you for making peoples lives materially WORSE.

VladVladikoff|2 months ago

> The site’s only input fields accept license plate numbers (which are hashed client-side before transmission and cannot be harvested)

License plates are trivially short, hashing them accomplishes no additional level of privacy if the hashes could be bruted in seconds on an antique GPU.

croes|2 months ago

They have indexed publicly available data. The privacy was long gone before you even entered a license plate number. Or do you think other actors didn’t have the same data but without a frontend to show it to you?

creatonez|2 months ago

This might be referring to k-anonymity where you truncate the hash so that it matches about 1000 hashes, then the client matches against that list. Which makes it so the operator can't really narrow down what exact license plates correspond to which searches.

LoganDark|2 months ago

Some hashing algorithms are tunable into being very expensive and difficult to brute-force even for very short inputs, but I virtually guarantee that whoever designed this system most likely would not even be aware those existed.

hibf|2 months ago

Technically true. Flock could present an unfounded argument that I might be brute-forcing my own security and privacy measures.

I think it'd sound pretty dumb.

TheDong|2 months ago

Being able to say "Our server never sees user-input license plate numbers", even though from a technical perspective the hash is just as identifiable, does have value. Even though it offers no additional privacy, it does let non-technically-minded users and so on feel safer, and that's valuable.

mceachen|2 months ago

https://en.wikipedia.org/wiki/Salt_(cryptography)

(Or https://en.wikipedia.org/wiki/Pepper_(cryptography) off you want to be fancy)

defrost|2 months ago

Related: Flock Said It Does Not Use Dark Web Data. Code Analysis Tells a Different Story - https://news.ycombinator.com/item?id=46341674

latentpot|2 months ago

Cyble, with a large team of dark Web researchers based out of India cover that while giving flock plausible deniability

cosmicgadget|2 months ago

> With the new Divinity game in the works, I decided to do a run as Gale in BG3.

I don't support this decision but I respect it.

Curious what the Cloudflare HNers have to say about this debacle.

hibf|2 months ago

Can't be less than what support has had to say up until now.

seanhunter|2 months ago

Everyone knows that it all hinges on why they’re being Gale. If they’re doing it so they can romance Shadowheart then it’s permissable.

Kim_Bruning|2 months ago

If these folks get in trouble, they might try hosting with Freedom.nl . It's +/- the old xs4all crew, and they might be in for some more fun in the 21st century.

manbart|2 months ago

Flock is trying their best to usher in dystopia

tamimio|2 months ago

Remember when Zuck called his fellow students at harvard who used facebook “Dumb fucks”? The US is accelerating into techno-authoritarianism, and all of these tech companies adopted “companies over countries” motto since the start, it’s not a surprise now.

sneak|2 months ago

it’s important to contextualize that quote: he called them dumbfucks specifically because they trusted him with their data.

bongodongobob|2 months ago

In the sense that the US has been anti-intellectualist for decades, I'm kind of ok with it. All the kids who fucked around in school and picked on the nerds for just existing are kind of getting their comeuppance. It's definitely cut off your nose to spite your face type shit, but does give me a little bit of joy. "You stuffed me in a locker and destroyed my social life because I read a book at lunch. I'm going to automate your job away and help billionaires make sure you'll never rise out of poverty."

therobots927|2 months ago

Absolutely unacceptable behavior. Wild that Americans are so distracted by pointless social issues that they haven’t even realized the ruling elite are treating them like cattle. Absolutely pathetic.

westmeal|2 months ago

The pointless social issues are manufactured specifically in order to distract Americans from the fact they are being treated like cattle.

JumpCrisscross|2 months ago

> Wild that Americans are so distracted

There is a tonne of civic action against Flock, specifically, in the works, in many cases with successful results.

kotaKat|2 months ago

Flock's CEO basically went to the public and said "you all have phones" like the Blizzard people.

“If (people are) worried about privacy, a license plate reader is the dumbest way to do surveillance. You have a cell phone. A cell phone knows your exact location at all times,” he said. “If you don’t trust law enforcement to do their job, that’s actually what you’re concerned about, and I’m not going to help people get over that.”

Just means I have to have a Faraday bag alongside my polesaw and high-powered laser. I can compete with your shitty outdated Android SoM and a shitty Raspberry Pi webcam in an enclosure.

jjulius|2 months ago

And yet... many communities are in the process of ending their contracts and lawsuits are being filed against them?

01HNNWZ0MV43FF|2 months ago

Like what?

voidfunc|2 months ago

America is huge and there's a lot of exceptionally stupid people especially in the South and Midwest.

Not much I can do about that over here in the coastal Northeast.

citizenkeen|2 months ago

Is this not libel?

hibf|2 months ago

They don't actually allege anything. They add in the keywords without going so far as to say "this website is doing X." It's enough to trip the keyword filters at Cloudflare and other hosting providers and reverse the burden of proof.

dawnerd|2 months ago

Problem is they have way more money to fight and that’s basically their whole playbook. I was caught up in a fraudulent libel claim that had to settle* back in the Twitter days. When those companies want to come after you, it’s really hard to fight back.

* no money was exchanged just some guarantees to not disclose their client and remove tweets.

Rakshath_1|2 months ago

[deleted]

120 comments