Citizen Continues Its Push To Become Cops-For-Hire By Leaking Sensitive Data… Twice
from the another-confidence-boosting-PR-debacle dept
The bad news keeps coming for Citizen, the app that really wants to be a cop.
Not only is its desire to become some sort of private party/law enforcement hybrid generating it some bad press, but its prior incarnation as “Vigilante” suggests it has always wanted to be in the business of taking down bad guys, with or without the requisite lawfulness.
The former “Vigilante” proved true to its past moniker following a wildfire in California, promising a $30,000 bounty to any user or employee who took down the bad guy identified by Citizen. Well… misidentified. After calls from CEO Andrew Frame to “GET THE FUCKER,” Citizen had to offer up a bunch of apologies for turning an innocent person into a prime suspect.
Coming on the heels of all of this bad news is even more bad news. First off, as Joseph Cox reported late last week, Citizen leaked a bunch of users’ COVID-related data following its expansion into contact tracing late year under the name “SafePass.”
Crime and neighborhood watch app Citizen, which also launched a COVID-19 contact-tracing feature and broader citywide COVID surveillance program, exposed users’ COVID-related data to the public internet, allowing anyone to view specific users’ recent self-reported symptoms, test results, and whether their device had recorded any close contacts with other people using the feature. The information is directly linked to a person’s username, which often is the person’s full name.
Hacker collective Anonymous was able to access the data and pointed Motherboard in its direction. The exposure of this data runs contrary to Citizen’s security claims.
The feature’s privacy policy says that “We have specific systems to control data access, and all access is logged and regularly audited.” The SafePass website says “Data is private and encrypted” and that contact tracing data is deleted after 30 days (some of the data in the exposed cache dates from earlier than 30 days ago).
Citizen fixed its leak shortly thereafter, claiming the exposure only affected a limited number of users. But that set the stage for a larger breach and another successful hacking of Citizen’s databases.
A hacktivist has scraped a wealth of data from the crime and neighborhood watch app Citizen and posted it on a dark web site, Motherboard has learned. The data includes a huge amount of data related to 1.7 million “incidents”—events that Citizen informs users about concerning crime or perceived crime in their area—such as the GPS coordinates of where the incident took place, its update history, a clip of the police radio that the incident relates to, and associated images.
Posted with the accompanying slogan of “Fuck snitches, fuck Citizen, fuck Andrew Frame and remember, kids: Cops are not your friends.”, the data appears to contain plenty of what’s already publicly-available through Citizen’s online portal. The difference here is it’s all in one place, which makes it much easier for researchers and journalists to parse the data for patterns and analyze user behavior.
And there’s also some stuff Citizen doesn’t make available to users and site visitors in this data dump.
The list appears to include videos that have been marked for removal from public consumption on the app by Citizen’s content moderation team, with some including the tag “Moderator Blocked Stream,” according to the hacker and Motherboard’s viewing of the files. These videos are still accessible if visited with the direct link included in the scrape.
Not exactly a confidence booster, especially when the app’s founder wants Citizen to become a crucial part of the law enforcement experience, if not actually law enforcement itself. But a combination of PR blunders and data breaches sounds about par for the (government) course, so maybe this is just Citizen inadvertently laying the groundwork for its move into the public sector.
Filed Under: data breach, leaks, private law enforcement, snitching, vigilante
Companies: citizen
Comments on “Citizen Continues Its Push To Become Cops-For-Hire By Leaking Sensitive Data… Twice”
Silly Citizen, if you want to be the cops, you’re only meant to ‘accidentally’ leak information after you’ve murdered an innocent party and you want the media and the right wing blogosphere to help you to smear their character.
I stand by my earlier assessment…
TechBros invent the Klan.
A bunch of idiots running around blaming everything on everyone else & they aren’t very bright.
One has to wonder if anyones asked the PD’s in areas served by this shitshow how many false leads have they been fed & have they had to rescue anyone from a posse who got together to get the bad guy they think they heard whistled at a white woman.
It would be nice if someone with authority actually stepped in, in the name of public safety, and quashed their private police force fantasy’s before they manage to lynch someone they misidentified.
Re: Re:
So blame the "bunch of idiots," not a platform that has many legitimate uses, including public safety.
Re: Re: Re:
So, when Frame offered a bounty for an innocent man, whose safety was in mind? All those false alarms improve safety how? And how is insecure data improving anybody’s safety?
This comment has been flagged by the community. Click here to show it.
Re: Re: Re: Re:
All those are individuals who abuse Citizen. Section 230 protects Citizen. The people who run the platform are not the platform. Citizen, when properly used, ensures public safety.
Why are you against public safety? We’ve (me and the 1000 allies I summon to make a point) already EXPLAINED this to you: go after the shooter, not the gun.
Re: Re: Re:2 Re:
I love how you add the conditional "when properly used". So tell me, who judges what is "proper use"? What happens when Citizen acts "improperly"? Who is ultimately held responsible for Citizen’s actions? Will it be Frame, or "the shareholders"?
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:3 Re:
The law decides what’s proper, just as with copyright and defamation law.
Google’s search engine’s primary use is not defamation, nor copyright infringement, just like Citizen’s primary function is safety, not abuse of power.
This site has EXPLAINED this many times: blame the craftsman, not the tool.
Re: Re: Re:4 Re:
The "tool", yeah? is run by idiots with an agenda. 230 doesn’t protect it from playing fast and loose with customer data, nor does it protect it from actions the platform takes or speech it makes. The First Amendment may or may not cover the expressive bit, depending on circumstances.
However, 230 and 1A are irrelevant here. This isn’t a court case, we are also free to criticize (speech wow) a shitty company. Funny how that works.
Re: Re: Re: Re:
Wouldn’t RipoffReport fall into the same category of easy-to-abuse platforms?
Re: Re: Re:2 Re:
No, it wouldn’t. Seriously, Jhon, this level of simping is a new low even for you.
Re: Re: Re:
The platform is the idiots.
Blame the user, not the platform!
Citizen is not inherently evil, but individual users might abuse it, so go after THEM, not Citizen!
Long live Section 230!!
Re: Re:
Except it’s the company’s CEO that’s abusing it.
Re: Re: Re:
Which means Citizen would need a new CEO, but there is nothing wrong with the app itself.
Just like there’s nothing wrong with Google even though it’s known people can weaponize it. This is just a weapon that hackers and lawyers can’t control so suddenly they’re blaming platforms based on how their users will "obviously" abuse it.
Let’s make Kim Dotcomm the new CEO!
Re: Re: Re: Re:
Nice try, John Smith.
Re: Re: Re: Re:
Pretty sure the flaws are built into the company from the ground up. No one actually blames the rolled up code that lives on your phone.
Re: Re: Re: Re:
Are your parents related or something? The CEO is already the party responsible and not in any way shielded from legal consequences!
Re: Re:
Is that how IBM got away with tracking the Jewish people during the holocaust, blame the individual victims. How downright fascist of Citizen = Neo-nazis.
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:
It’s how Google gets away with defaming people (blame the publisher, not the search engine that amplifies the defamation 10,000x).
Techdirt’s position against Citizen is inconsistent with its "don’t blame the platform" pro-230 stance.
Not saying either position is correct, just that they are logically inconsistent.
Re: Re: Re: Re:
Where’s your citations? You can’t just make a claim like that without some very extraordinary proof.
Re: Re: Re: Re:
No, there is no logical consistency, you are conflating two different things.
Re: Re: Re: Re:
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:2 Re:
BTW distributor liability recognizes a second, separate harm inflicted by the search engine, which is what 230 immunizes in America but not anywhere else.
https://www.nytimes.com/2021/01/30/technology/change-my-google-results.html
This man was harmed by search engines, not the corners of the internet where the original publisher posted. Many people are judgment proof or use burner phones so the original poster can’t be sued. Then there are those who are paid to defame others who couldn’t operate without Section 230, and reputation blackmail.
Let someone do this to Masnick and his tune would change overnight.
Re: Re: Re:3 Re:
“Let someone do this to Masnick and his tune would change overnight.”
Bitch please you been banging on that empty threat for years. Come on John boi you think we don’t remember you?
Re: Re: Re:3 Re:
"This man was harmed by search engines, not the corners of the internet where the original publisher posted."
Rubbish. As usual, Baghdad Bob, your argument is all about "oh, if only there was a reality where what people said wasn’t possible to find years after the fact"
Search engines, much like library indexes, displaye in a neutral manner only what is there. If your local library holds a copy of mein kampf or the communist manifesto then the index isn’t liable for the contents of those books.
Nor is the search engine liable for displaying factual information as response to queries.
Your problem – and everyone elses – isn’t with search engines. It’s with either individual humans putting up badly curated or defamatory information (grounds for a lawsuit), or with the fact that individuals put up truthful assertions about some crook who finds it harder to run a con in the Information Age.
We all know which side of the fence you keep falling on.
Thanks. Now I have even more evidence to show all my friends who called me a "bad person" because I didn’t sign up for all these "totally secure, totally anonymous" Covid tracing apps. My position has always been that they’re probably not anonymous, definitely not "secure", and that much of their data will wind up in the sadistic hands of law-infliction. The last point hasn’t been proven yet, but if my distrust were a stock, I’d suggest buying (don’t get greedy and forget to place a trailing stop).
Re: Re:
In Spider Man 2, Peter questioned Doc Oc on his nuclear fusion ball in the lobby.
"All the complexities have been accounted for."
Oh! That’s good!
Re: Re: Re:
Was that the original Spider-Man 2 or one of the many reboots? I remember the scene but not which movie it was in.
Re: Re: Re: Re:
That was the first second Spider-Man movie, with Toby Maguire.
It seems they have backed off for now.
But on Tuesday, Citizen ended the program, stating it has no plans to launch a similar service elsewhere.
"This was a small 30-day test that is now complete," a Citizen spokesperson told CBS MoneyWatch. "We have no plans to launch our own private security force and no ongoing relationship with LAPS."
https://www.cbsnews.com/news/citizen-app-peter-thiel-palantir-security-force/#app
If people want to waste money on unarmed private security feel free, but private security having guns and k9s is severely problematic.