2026-02-03 23:33:05
Over the last few days hackers and trolls have targeted a slew of ICE spotting apps and their users in an apparent attempt to intimidate and stop them from reporting sightings of ICE. These hackers sent threatening text messages to users of StopICE, claiming their personal data has been sent to the authorities; attempted to wipe uploads on Eyes Up, which aims to document ICE abuses; and even sent push notifications to DEICER app users claiming their data has also been sent to various government agencies.
There is little evidence that hackers have actually provided data to the government. But it shows that apps like these, many of which Apple and Google have already kicked from their respective app stores, in some cases after direct government pressure, can be targeted by hackers or those looking to harass their users.
“Yes there is a targeted spike in attacks targeting similar [sites],” Sherman Austin, the developer of StopICE, told 404 Media in an email.
2026-02-03 22:00:28
A photo booth company that caters to weddings, lobbying events in D.C., and engagement parties has exposed a cache of peoples’ photos, with the revellers likely unaware that their sometimes drunken antics have been collected and insecurely stored by the company for anyone to download. A security researcher who flagged the issue to 404 Media said the company, Curator Live, has not responded to his request to fix the issue.
The exposure, which also includes phone numbers, highlights how we can face data collection even at innocuous events like weddings. It’s also not even the only recent exposure by a photo booth company. TechCrunch reported on a similar issue with a different company in December.
“Even if you just wanted the printed photo, your data is being held by a third party unbeknownst to you,” the security researcher, who requested anonymity to speak about a sensitive security issue, said. “The fact that this third party leaks it freely is icing on the cake. It violates any reasonable expectation of privacy.”
In all, the researcher says at least 100GB of photos are exposed. 404 Media reviewed a smaller sample of photos. They show people at various weddings and engagement parties cheering and drinking. Some photos include children. Others appear to have been taken at a NASA branded event.
“You can attribute the phone numbers to photos of people in some cases. I think the greatest reasonable risk for photo booth users is that it could reveal intimate photos,” the researcher added.
Curator Live’s website says the company “delivers industry-leading enterprise photo and video capture solutions. From photo booth operators to zoos, sports events, attractions, and vacation destinations, we help your brand create unforgettable experiences and lasting memories.”
As for how they found this issue, the researcher said they went to a wedding where the DJ company had a Curator Live photo booth. “The booth was configured to take four or so photos, then printed them out. The machine promoted the user for a phone number to receive digital copies of the photos,” he said.
After reluctantly entering his number, the researcher received a text with a link to Curator Live’s API, he said. From there, he found the exposed data. The company is still exposing people’s data so 404 Media is not explaining the security issue in detail. But the impact is that a stranger could dig through other peoples’ photos.
The researcher shared a copy of his email he sent to Curator Live in November detailing the issue. The researcher said he never received a response. “Fix your shit,” one line read.
Curator Live did not respond to 404 Media’s request for comment.
2026-02-02 23:39:55
The Department of Justice left multiple unredacted photos of fully nude women or girls exposed as part of Friday’s dump of more than 3.5 million pages of files related to the investigations and prosecutions of Jeffrey Epstein and Ghislaine Maxwell. Unlike the majority of the images in the released files, both the nudity and the faces of the people were not redacted, making them easy to identify. In some of the photos, the women or girls were either fully nude or partially undressed, posed for cameras, and exposed their genitals.
The files include more than 2,000 videos and 180,000 images, Deputy Attorney General Todd Blanche said Friday in a press conference, including “large quantities of commercial pornography and images that were seized from Epstein’s devices,” some of which were taken by Epstein, according to Blanche.
2026-02-02 23:02:00
We are very proud to present 404 Media’s zine on the surveillance technology used by Immigrations and Customs Enforcement. While we have always covered surveillance and privacy, for the last year, you may have noticed that we have spent an outsized amount of our attention and time reporting on the ways technology companies are powering Donald Trump’s deportation raids.
When we announced this zine in early December, we hoped that people would want it. Trump’s dehumanizing mass deportation campaign is perhaps the bleakest, most horrifying aspect of an administration that has reveled in its attacks on civil liberties, science, and government expertise. We did not know just how many of you would want a copy. We originally intended to print 1,000 copies, and to hand most of them out at a benefit concert in Los Angeles for CHIRLA, a human rights organization that helps immigrants. When those sold out in a few hours, we asked Punch Kiss Press, our printer, if they could make 2,500. When those sold out just as fast, we increased our order to 3,500. If you preordered a print zine, I put it in the mail last week and it should be arriving soon. Thank you everyone for your patience in waiting for the zine and we’d love to know what you think of it. We have a handful more copies that we’ve put up for sale on our Shopify. They will almost certainly sell out today and we will probably not reprint them.
We never intended to make this zine a scarce resource. We wanted to make a print product as an experiment for the reasons we explained when we announced it: Print is cool, it’s human, it’s enduring, and it’s shareable.
Each of these zines was printed, assembled, and cut down to size by hand, and each of them was stuck in the mail by me or a friend of mine over the course of the last few weeks. We printed this on a riso printer, a Japanese duplicator from the early 1990s that anyone who is into will talk your ear off about endlessly, to the point that it has become a meme. I also printed all the envelopes on a riso printer from 1995 that I have painstakingly spent the last few months repairing. Basically, making and shipping these was labor intensive and DIY by design; we never thought we would need to print so many. They were made with a considerable amount of love. And for this first one, we don’t really have the capability to make and ship more than we’ve already made.
So for that reason, we’re releasing a PDF of the zine for free to everyone, because we think the information contained within it is important and should be shared as widely as possible. We have also paid to have the zine translated into Spanish by human translators, thanks in part to a donation from one of our subscribers. You can find the Spanish version of the zine here. If you have a riso printer or are a riso print shop and are interested in printing additional copies at scale to distribute to your community, please email me and I may be able to share the print files with you.
We could not have made this zine without the support of our subscribers, our friends, and our local community. The zine was laid out by our friend Ernie Smith, who is one of the best to ever do it. The cover art was done by Veri Alvarez, whose work you can find here and whose anti-ICE art is frankly very fucking good and who deserves your support. The printing and assembly of the zine was done by Karina Richardson at Punch Kiss Press in Los Angeles and a few of her friends. I met Karina at a print festival in Los Angeles a few months ago and then asked her if she could take on this very complicated project on a short timeline. I then asked her to more than triple the number of copies, all over the holidays. It cannot be overstated how much Karina and Punch Kiss knocked it out of the park on this, and how thankful we are to her. And we made the zine to support LA Fights Back, a concert series dedicated to raising money for communities affected by ICE. We are thankful that we were invited to participate.
This being a print product, our work has been frozen in time. We wrote these pieces before DHS agents killed Renee Good and Alex Pretti in Minneapolis, and before several other people died in ICE custody in the last few weeks. The horrors we are facing are evolving and changing every day and we are committed to continuing to cover the ways that big tech and the surveillance state empowers ICE. You can find most of our most recent work on ICE here:
We’ve been overwhelmed and heartened by the support and interest in our reporting and in this zine. This project was a lot of work, and we’ve learned a lot about making and distributing a physical product at scale. We don’t have anything concrete to announce yet but I think we’d love to do more print products and issues in the future. So if you liked this please let us know. If you want to support our work specifically, the best thing you can do is subscribe to 404 Media. We also have a tip jar and, if you are interested in making a larger tax-deductible donation, please email us at [email protected].
2026-02-02 22:00:16
Cape, a privacy-focused telecommunications company, says it has introduced a feature that automatically deletes a user’s call data records, such as who they call and when, every 24 hours. These “disappearing call logs” as Cape describes them break with the telecom industry standard of keeping hold of call logs for months if not years.
“One of our first design principles was to minimize the amount of data that we collect and the amount of data that we store,” John Doyle, CEO of Cape, told 404 Media in an interview. “There’s no other business purpose to keep most of these logs more than like a day.”
Call data records, or CDRs, are metadata about a user’s phone call and text records. This includes the phone number the user contacted. This information can be especially revealing, showing that a particular person called an abortion clinic, for instance. In 2024, hackers stole “nearly all” of AT&T customers’ call records spanning several months. That in turn started a rush from the FBI to protect the identities of confidential informants, Bloomberg reported. That hack was so damaging in part because AT&T kept its customers’ call records for an extended period of time.
Cape is a mobile virtual network operator (MVNO), meaning it runs its service on top of other companies’ existing telecommunications infrastructure. Cape isn’t building cellphone towers; it’s making software to add security benefits. Cape is able to make changes to how long it retains data and other technical aspects because it runs its own mobile core—all of the software necessary to route messages and essentially be a telecom.
404 Media asked Cape to demonstrate that CDRs were being deleted. In response, Cape made a video describing the process. It appeared to show that the databases Cape uses to store CDRs did only contain data from a 24 hour period. Previously, Cape stored CDRs for 60 days, “which was already well short of industry standards,” Doyle said. Cape says it does hold “billing CDRs” for longer, for 30 days. These records are used to determine how much Cape has used carriers’ infrastructure.
Cape’s CDRs are made when a customer uses the Cape phone number assigned to their account. The change wouldn’t impact data generated by an app such as Signal; those are separate, and Signal already has various metadata protections.
Doyle said Cape did not warn law enforcement about the change to CDR retention beforehand. “I guess they’ll find out in the same way everyone else does,” he said. He added that the company still is in keeping with CALEA, or the Communications Assistance for Law Enforcement Act, which requires telecommunications companies to respond to legal demands for data.
Because Cape is piggybacking off other carriers’ infrastructure, that does mean that somewhere along the line those other companies could store their own copy of Cape users’ data.
“It’s definitely true that some of our carrier partners may collect some information,” Doyle said, including the IMEI, a unique identifier assigned to a device.
Since I first covered Cape in 2024, I occasionally get emails asking me if Cape is a honeypot, in the sense that maybe it is a ruse to then provide data to the authorities. Doyle is also formerly of Palantir.
“All I can do is say we definitively are not a honeypot,” Doyle said. “It’s so hard to prove a negative, but I say it out loud every chance I get.”
2026-02-02 21:00:16
This week Joseph talks to Samuel Bagg, assistant professor of political science at the University of South Carolina. Bagg recently wrote a fascinating essay, linked below, about how the problem with lots of things might be knowledge-based (people believing stuff that’s wrong or dangerous) but the solution is not more knowledge. It’s all about social identity. This is an incredibly interesting discussion, and definitely check out more of Bagg’s writing.
Listen to the weekly podcast on Apple Podcasts, Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.