I am apprehensive of the surveillance state and it's potential for misuse. However this disclosure content is less than ideal:
- It mixes two separate issues 1) embedded default API key and 2) unauthenticated token minting
- The bulk of the disclosure focuses on enumeration of sensitive data that is implied could have been exposed via the default API key, but what is actually exposed is unclear: "The 50 "portal:app:access:item" privileges reference private item IDs that cannot be inventoried without actively querying each one which I did not do"
- The default API key was for "development" and there is no assertion that live data existed in that environment (though it wouldn't surprise me)
- The default API key was fixed in June 2025, it is only the token minting that has not been.
- The token minting issue is only asserted to "grant access to the geographic mapping of Flock's camera network locations" which would certainly be useful as a source for unethical updates to https://deflock.me/ but obviously not nearly as sensitive.
(And I've always used bullets/lists in my communications, long before AI did this)
I share your view - how does this article imply US companies and/or government involvement? If there were such involvement what aspect of BGP gives the US entities more ability to carry this out vs other nefarious actors? I ask this sincerely knowing almost nothing about BGP and wanting to learn...
You may have missed https://news.ycombinator.com/item?id=46504963 a few days ago where this same anomaly was discussed and American government involvement was directly implied by the article.
The top comment of that thread points out exactly the same thing this Cloudflare article does; that there doesn't really seem to be be any indication this was anything nefarious.
There are many undemocratic and repressive regimes around the world. Trump has professed his admiration for various of these leaders. You can't seriously attribute noble goals of supporting democracy to him. Also, shouldn't he then be doing this in many other places in the world?
I like how we went from "international law" to "noble goals", I suppose that's pretty on point :)
> Also, shouldn't he then be doing this in many other places in the world?
No, I don't see how that would follow. I can choose to give money to a charity, but that does not mean I have to choose to give my money to all the charities in the world.
Nice assertion. Perhaps you meant that AI could be directed towards less memory intensive implementations. That would still have to be directed by those same lazy/poor coders because the code the AI is learning from is their bad code (for the most part).
From experience, and to slightly refute the sibling replied, good for the confluent peeps that get flagged as being essential to the acquisition, they'll get a retention bonus of 100-300% of base pay spread over three years. The cutting of staff will begin likely in the 3-5 year time frame.
Access is what allows them to form the relationships and contacts that let them report information that counters the propaganda. It is a two way street. The NPR reporter you mentioned, Tom Bowman, is not OANN and has reported many times very critically of the military.
Why are you triggered by the vocal irrational minority? You seem quite defensive for someone who is confident and comfortable in the the truck they own and how they use it and maintain it.
Not them, but I find that people who take out political frustration against non-political things quite annoying.
For example, when Tesla was blue-coded, way more comments here were highly forgiving, if not outright glazing. They became red-coded, and suddenly you’d see tons of highly technical reasons they sucked. You can gut yourself into coming up with many reasons this isn’t true, but it’s definitely true.
Trucks have gotten this since the beginning.
It’s not that it’s triggering, it’s just more annoying to have to waste a lot of time reading things that are clearly therapy for the poster more than any sort of interesting opinion.
It's getting harder to find good online discussions devoid of bias and emotions. With user moderation, control goes to those with the most time to waste online, meaning the least happy, productive and social.
Take away the user moderation and you still have bias but you lose the feedback loop. You level the playing field between folks who live in their basements and folks with more balanced lives.
- It mixes two separate issues 1) embedded default API key and 2) unauthenticated token minting
- The bulk of the disclosure focuses on enumeration of sensitive data that is implied could have been exposed via the default API key, but what is actually exposed is unclear: "The 50 "portal:app:access:item" privileges reference private item IDs that cannot be inventoried without actively querying each one which I did not do"
- The default API key was for "development" and there is no assertion that live data existed in that environment (though it wouldn't surprise me)
- The default API key was fixed in June 2025, it is only the token minting that has not been.
- The token minting issue is only asserted to "grant access to the geographic mapping of Flock's camera network locations" which would certainly be useful as a source for unethical updates to https://deflock.me/ but obviously not nearly as sensitive.
(And I've always used bullets/lists in my communications, long before AI did this)