It Could Happen Here - Stalkerware ft. maia arson crimew

Episode Date: March 20, 2024

Robert and Mia talk with famed No Fly List hacker maia arson crimew about the shady industry of stalkerware, spy software that allows people to spy on their victims' devices.See omnystudio.com/listene...r for privacy information.

Transcript
Discussion (0)
Starting point is 00:00:00 Hi, I'm Ed Zitron, host of the Better Offline podcast, and we're kicking off our second season digging into tech's elite and how they've turned Silicon Valley into a playground for billionaires. From the chaotic world of generative AI to the destruction of Google search, Better Offline is your unvarnished and at times unhinged look at the underbelly of tech brought to you by an industry veteran with nothing to lose. Listen to Better Offline on the iHeartRadio app, Apple Podcasts, wherever else you get your podcasts from. I found out I was related to the guy that I was dating. I don't feel emotions correctly. I collect my roommate's toenails and fingernails. Those were some callers from my call-in podcast, Therapy Gecko.
Starting point is 00:00:41 It's a show where I but I promise it's very interesting. Check it out for yourself by searching for Therapy Gecko on the iHeartRadio app, Apple Podcasts, or wherever you get your podcasts. Curious about queer sexuality, cruising, and expanding your horizons? Hit play on the sex-positive and deeply entertaining podcast Sniffy's Cruising Confessions. Join hosts Gabe Gonzalez and Chris Patterson Rosso as they explore queer sex, cruising, relationships, and culture in the new iHeart podcast, Sniffy's Cruising Confessions. Sniffy's Cruising Confessions will broaden minds
Starting point is 00:01:22 and help you pursue your true goals. You can listen to Sniffy's Cruising Confessions, sponsored by Gilead, now on the iHeartRadio app or wherever you get your podcasts. New episodes every Thursday. Call Zone Media. Welcome back to It Could Happen Here, the podcast that's happening here in your ear. And one of the things that we love talking about here is a critical ingredient towards creeping authoritarianism, towards growing corporate control and surveillance over all of our lives, which is, of course,
Starting point is 00:01:56 technology that makes it even easier to monitor you than it already is. And we're not talking primarily about, like, the government monitoring you, because they can, you know, do stuff like just pull your phone data from a, you know, which cell towers it's pinged. We're talking about the kind of stuff that allows basically whoever can get an app on your phone to track and stalk you. And yeah, I'm going to first introduce Mia Wong. Mia, welcome to the show that you also host. Yes, I'm here.
Starting point is 00:02:28 So what are we talking about today and who are we talking with? Yeah, so we are talking about Stalkerware, which is the sort of broad name for the category of software that Robert's been talking about. And we are talking about someone who hacked one, well... A Stalkerware stalker. Yeah, the person who hacked one of the stalkerware companies. Maya Arson-Kraimu, the famed hacker of the no-fly list. Yeah, returning guest. Always happy to have you on.
Starting point is 00:02:57 Yeah, always happy to be on. Yeah, so I think, I think, I don't know i i think there's there's a real tendency among and i see this among leftists a lot for kind of good reasons and kind of not good reasons to really only focus on state and like large corporate actors in terms of surveillance and that's a mistake yeah totally yeah and so i i guess i guess the place where i want to start before we get into the specific company that you do is it still called owned i can't i it's fine to call it owned or pawned or whatever i i still do that sometimes people get confused um but yeah yeah but before we get into that I want to um I want to ask you a bit because you've done a lot of sort of I guess you could call it research
Starting point is 00:03:52 both actual research wise and then in terms of poking around their servers research and chandalism and whatever do you want to call it yeah yeah so i i wanted to just start off by asking if you can give sort of like a brief summary of what stalkerware is yeah so so so stalkerware like as a category encompasses like a number of different types of apps most of them like on the surface advertise themselves as like parental control software which is already bad enough has advertised themselves as like parental control software which is already bad enough just to be clear uh that is like advertised for like spying on your children's phone like seeing their location in real time seeing their messages that they receive any photo they take ostensibly this is to like prevent bullying and help with them when they get depressed because they don't
Starting point is 00:04:41 trust you and talk to you for whatever reason but um obviously a lot of these are then furthermore uh because that's like that sure that's a like target audience that's a demographic you can advertise to but then there's this even bigger uh potential target demographic of um people who are insecure in their relationship mostly men not only men but who are then salt this idea that they can use software like this for stalking their partner for finding out if they are cheating on you things like that which is obviously an even bigger problem which once again not to discount the problems for that spying on your children is already like bad enough but yeah this lead this leads to this whole like big
Starting point is 00:05:20 industry of these apps being used um by partners against each other like also just by people like against anyone in the in their surroundings that they suspect might be doing something shady might be like talking behind their backs it often kind of turns into like it obviously turns into this obsessive thing especially if you solve this idea that this this app can magically solve like interpersonal issues, like with anything that sells you this magic idea of being able to solve any problem that these people start kind of spying on everyone in their like circles, to some of them, like not everyone, most like a lot of people on these buying like their partner or like their child or whatever, but it often like spirals out of control into
Starting point is 00:06:03 this, like controlling everyone and their surroundings knowing what everyone is up to where they are and spending like hundreds of dollars a month on doing so and yeah that's pretty fucked up if you ask me yeah yeah one of the things that's interesting too it's also in a lot of cases illegal this is going to vary you know from country to country and state to state but in in the U.S., there are states like California, which gets pointed out in the very good TechCrunch investigation on TruthSpy, where there are really strict laws that journalists have to abide by as to when you can record someone that these apps absolutely break. Yes, it's specifically a thing that also most of these apps will have a disclaimer at the bottom that is like, this might be illegal in your jurisdiction. And please ask for consent before doing this and then they have lots of tutorials on how to install this on someone's device without their consent yeah it's like always like a we do not take any like we we it's not our fault if you break the law basically which obviously like
Starting point is 00:07:00 it's so far not a lot of this has been challenged in court but i don't think this would hold up too long like i'm not a lawyer but uh i don't think just saying we make a product to do crimes with if you do crimes with it it's not i mean it works for the gun industry so yeah the difference is that like the with the gun industry it's a product where there is a legal and an illegal like clear way to do it the thing with stalkerware as well is that like a lot of them will also explicitly say the only real use of this we allow you to do to use it for is to surveil your child which unfortunately is legal in most jurisdictions because children are property of their parents in quotes because
Starting point is 00:07:40 i do not agree with that but yeah it's one of those things where people using it, like someone installing an app on their exes or their, their partner's phone or whatever without consent could very easily would lose any court case, whether or not the company would get in trouble, I think is going to rely a lot on the stuff, the videos they're posting about like how to put, how to get these apps on people's phones without them knowing. But like do have that out with like no it's just for surveilling children which
Starting point is 00:08:08 is great and for anyone else you need consent or whatever but i think it is important yeah to point this out very early for anyone who's listening to this because they think they might have stalk aware on their phones or because they know they have stalk aware on their phones you can use this in a domestic abuse case this will immediate this is explicit proof that abuse is happening and no matter anything else because like that's the thing generally with domestic abuse cases it's really hard to prove abuse is happening stalkerware and any other type of spying device like also physical gps device trackers and stuff that is immediate proof that there is proof that there is controlling behavior going on
Starting point is 00:08:46 that you are being spied on this cannot only be used and is explicit admissible evidence this is also usually like makes cases worse like not for you like it just yeah it like can potentially add charges
Starting point is 00:09:02 and make it more serious and it can help making cops give a shit about like abuse which yeah i hate that i need to say that but yeah it's like it makes it more serious because yeah there's like spyware and whatever it's easy evidence first off like you can prove they're spying on you and second if you are in one of the states where that violates the law then you can immediately say this person is breaking the law like we this is we don't have to debate whether or not they've they've crossed a line yeah and even if it doesn't directly break the law to spy on someone on a partner like it depending on the on the region it can be kind of a hazy like thing especially if it's a device you might co-own if
Starting point is 00:09:41 it's like a state where you were with like co-possession or whatever in the u.s i do not know u.s law very much around this but yeah there's like laws like that but usually still the fact that you're being spied on can be used as proof for other abuse things you might be alleging because it's like hard proof that something is happening and also usually these companies will somewhat have to respond to sapuena so they will have to give out like who the account owner is behind like the spying on your phone for some of them we can also there's also tools that help you find out who is spying on you or there's like someone with forensic background can help yeah and i i think people uh one thing we should note is that if you're kind
Starting point is 00:10:22 of curious has my device been infected by some of these tools the one the one that we should note is that if you're kind of curious, has my device been infected by some of these tools? The one that we've been talking about most, TruthSpy, if you go to that TechCrunch article. Or to my article, it also has a link. Or to your article on your website. There's a tool you can use where it'll tell you how to get your IMSI, I think. IMII. IMII, yeah. Which you just dial a thing on your phone
Starting point is 00:10:45 and it gives you that number. It's basically how you identify specific phones and you plug that in. It will let you know if your device has been compromised. Now, like December last year, up until there is the data. And if you, yeah, it can pretty much tell you if you've been spying on using this specific tool until then.
Starting point is 00:11:04 For other stuff, there's also guides, usually on TechCrunch and otherwise also on StopStalker, Yeah, it can pretty much tell you if you've been spying on using this specific tool until then. For other stuff, there's also guides, usually on TechCrunch and otherwise on StopStockerware.org, which is the US coalition against stalkerware. And also just generally, I think a lot of more local anti-stalking, anti-abuse orgs are not as informed yet as they should be, but there's still a good point also to reach out to. yet as they should be but there's still a good like point also to reach out to or like yeah yeah now one of my questions about truth spy that i'm hoping you can answer is i i know that um you can like text messages get transferred via it like your call records all that kind of stuff get and who you were calling does that include messages for like encrypted apps like signal or is that not accessible through this it depends like for some for some of these it will like get signal messages whatsapp messages
Starting point is 00:11:49 and everything generally by reading the notification content because like from notifications you know like what messages are have been like received sometimes it will only then have to receive messages and not the same messages often these also include like a keylogger component that maps messages then sent back as well. It depends a lot what these apps collect. But for most of them, also the collection for other texting apps is usually kind of broken. None of these apps are really well-maintained. They're mostly just quick cache grabs.
Starting point is 00:12:21 The harder-to-maintain features usually don't really work. And it seems like based on that one thing people can do outside of checking to see if their device has been compromised is do stuff like um turn off uh notifications for apps like signal right like and that's that's actually just generally good advice notifications are a are a compromise of the security that some that signal offers don't have them enabled, you know? Yeah, or at the very least, disable them on the lock screen on Android.
Starting point is 00:12:50 Yeah, yes. I think that's also possible on iOS, but I think iOS doesn't show message content on the lock screen anyways. I'm not sure anymore. But yeah, it's just also small things like that. And also one of the key tells that someone probably tampered with your
Starting point is 00:13:05 phone, especially for Android, is if Google Play Protect is disabled and you do not remember disabling it for something else, it was almost definitely disabled because someone installed something on your phone, just try re-enabling it and it will probably tell you something. The thing also to keep in mind if you find stalkerware on your phone, please get professional help. Do not just delete it do not like necessarily confront whoever you think might be your abuser about it unless you're very sure that that's the situation you can handle because like yeah that that is one of those things that like bringing it up or just deleting it can very quickly lead to like yeah yeah complicating the situation a lot.
Starting point is 00:13:46 You know what else complicates the situation? These ads. Hi, I'm Ed Zitron, host of the Better Offline podcast, and we're kicking off our second season digging into how TexElite has turned Silicon Valley into a playground for billionaires. From the chaotic world of generative AI to the destruction of Google search, better offline is your unvarnished and at times unhinged look at the underbelly of tech
Starting point is 00:14:13 from an industry veteran with nothing to lose. This season, I'm going to be joined by everyone from Nobel winning economists to leading journalists in the field. And I'll be digging into why the products you love keep getting worse and naming and shaming those responsible. Don't get me wrong, though. I love technology. I just hate the people in charge and want them to get back to building things
Starting point is 00:14:33 that actually do things to help real people. I swear to God things can change if we're loud enough, so join me every week to understand what's happening in the tech industry and what could be done to make things better. Listen to Better Offline on the iHeartRadio app, Apple Podcasts, wherever else you get your podcasts. Check out betteroffline.com. Latin culture, musica, peliculas, and entertainment with some of the biggest names in the game. If you love hearing real conversations with your favorite Latin celebrities, artists, and culture shifters, this is the podcast for you. We're talking real conversations with our Latin stars, from actors and artists to musicians and creators sharing their stories, struggles, and successes.
Starting point is 00:15:19 You know it's going to be filled with chisme laughs and all the vibes that you love. filled with chisme laughs and all the vibes that you love. Each week, we'll explore everything from music and pop culture to deeper topics like identity, community, and breaking down barriers in all sorts of industries. Don't miss out on the fun, el té caliente, and life stories. Join me for Gracias Come Again, a podcast by Honey German, where we get into todo lo actual y viral. Listen to Gracias Come Again on the iHeartRadio app,
Starting point is 00:15:44 Apple Podcasts, or wherever you get your podcasts. On Thanksgiving Day, 1999, a five-year-old boy floated alone in the ocean. He had lost his mother trying to reach Florida from Cuba. He looked like a little angel. I mean, he looked so fresh. And his name, Elian Gonzalez, will make headlines everywhere. Elian Gonzalez.
Starting point is 00:16:09 Elian Gonzalez. Elian. Elian. Elian Gonzalez. At the heart of the story is a young boy and the question of who he belongs with. His father in Cuba. Mr. Gonzalez wanted to go home and he wanted to take his son with him. Or his relatives in Cuba. Mr. Gonzalez wanted to go home and he wanted to take his son with him. Or his relatives
Starting point is 00:16:25 in Miami. Imagine that your mother died trying to get you to freedom. At the heart of it all is still this painful family separation. Something that as a Cuban, I know all too well. Listen to Chess Peace, the Elian Gonzalez
Starting point is 00:16:42 story as part of the My Cultura podcast network, available on the iHeartRadio app, Apple Podcasts, or wherever you get your podcasts. And we are back. So when it comes to the actual fight against this stuff, obviously what you're doing is a big part of it. Getting inside these companies and finding out what they're doing and their capabilities is huge.
Starting point is 00:17:13 In terms of what regular people or people who are interested in becoming activists about this can do, what does the struggle to actually fight this stuff look like? How do we put a bullet in this industry's head? I think one of the biggest things, and also, like, why I do the work I do with, like, hacking it, with encouraging others to, like, send me data, be that insiders from these companies, sending it either to me or, like, TechCrunch specifically currently, because, like, me and TechCrunch are, like, the only people really doing, like, journalism on this, like, regularly. And the important thing with, like, journalism and all of this is like awareness it's very important to create awareness about this that's also why i do the media work with like being on this podcast and things like that i think the most important thing is to make people aware
Starting point is 00:17:59 like talk about this in your feminist circles or whatever uh things like that especially bring it up just also in like general info things about abuse or how to detect abuse i think the most important thing to do against stalkerware is demystify it because most people don't even know that this is a thing that this is like that there's just commercially available spyware that anyone can install on your phone this is important to not like give in to some sort of paranoia as with any of these things. It's just important to generate awareness, talk about it, spread these articles, and let friends know that this is a potential thing.
Starting point is 00:18:36 And then, yeah, the hard thing with this is that, obviously, it would probably help if there was some sort of legislation against some of this. It's going to be very hard to get any proper legislation that ends this industry. Because in most Western countries, which are the only countries which, unfortunately, would have enough power to actually get these apps shut down. Because that's the world we live in. But the problem there is usually that this notion that children are owned by their parents is too strong to really make a full case against these apps. And at the very best, what I can...
Starting point is 00:19:10 Like, the very best I'm kind of hoping for from legislators is just a ban on advertising these apps on use against other adults. Which would be big already, but that doesn't really solve the issue. Because there's still going to be enough people who know of their use against adults. other adults which would be big already but that's yeah doesn't really solve the issue because there's still going to be enough people who know of their use for use against adults and there's going to be enough people on like reddit threads talking about hey well yeah you oh you're not sure if your girlfriend is cheating on you you can just use this app you know that's also how most of this marketing for this works it's just yeah at the end of the day this is like a patriarchal issue so yeah i i think that's also why like i am so focused on like the hacking and the like
Starting point is 00:19:52 blowing these companies up and showing like who's behind them it's because at the end of the day the most effective thing we have against these companies is like the grassroots movement of making them too scared to run in this business making it not profitable enough because as i said most of this is like quick cash grabs from like web design studios uh and outsourcing companies yeah that are just making a quick buck from this because otherwise they don't get paid enough like that's the sad thing really is how much of this industry is in uh all of these countries countries western companies outsource their it to because there's lots of it companies there and they are entirely reliant on like western companies giving them very underpaid tasks and you have this problem that you now have a bunch
Starting point is 00:20:37 of employees and not enough money to always pay them and what do you do you like find some weird niche of like a tech product you can quickly build yeah and this is like one of those easy niches it's like always the scummy stuff and and like yeah it's that's also why like so many of these companies are like based out of vietnam out of iran and whatever it's just companies that already have it hard enough to do business globally where the it industry is like falling apart because there's not enough like local customers and anything that's international. You're just the cheap workforce, right? So yeah, it's, it's, it's once again, also like a class problem. I don't like most people working in this industry know that they're working in a like scummy industry. Yeah, of course. But
Starting point is 00:21:22 like, yeah, you got to get paid. get paid and that's yeah and that's like why i think making it more scary to operate in this industry is like yes the way to go because like with just like these like four hacks that have happened against these companies over the last like half a year or so two of them three of them three of them have shut down completely others seem to be slowly moving towards just building other software primarily yeah it's just like yeah it's it's it's like with any other like shady industry that the best we can do is just to not make it profitable to run the software because at the very best anything else we would get is just pushing them more into the shadows, which is not going to solve the issue at all. Yeah, I think a lot about strategic thinking,
Starting point is 00:22:17 which I do believe is kind of often in part because of how rightfully negative most people on the left think about the military. There's a tendency to ignore some of the theory around how to actually win a conflict. And all of it, all strategy really, when you're talking about like defeating an opponent revolves around denying and taking operational area from them, right? And that's what you're talking about. When you talk about, well, we need to stop this, you know, one of the first things we can do as part of fighting this is to stop them from being able to advertise certain places, right? It's making sure that they're not able to operate without being seen. It's basically cutting down their area, their space to maneuver, their ability to profit, which cuts down their money, their access to people, their ability to actually like operate, right? Like that's what
Starting point is 00:23:02 we're looking at in terms of how do you kill this stuff. It's not one single, really. I use the comparison of a bullet, but it's never going to be one bullet. These things are too durable. There's too many countries at play to do that. That's also why I put so much emphasis on doing media work about this, on getting more people to talk about this, and
Starting point is 00:23:20 getting more awareness of this out there to the point where I'm willing to work with more conservative newspapers on this because everyone needs to know about this at the end of the day. This is how we stop people from falling victims to this. Most people who are a victim of stalker apps have never heard of stalker apps before.
Starting point is 00:23:38 And I think that's one of the biggest ways to tackle this. And on the other hand, we also have, I think, another big leverage point with how many of these are getting hacked, because none of these apps are very secure. That's another thing is this can also be leveraged against like the abusers in this scenario. I think just pointing out to them that all of these apps get hacked all the time and that this is how they get found out that this is how their data of them as abusers ends up landing on the internet i think it's also like a very important angle at the end of the day it's just to make it clear like yeah no not even you are like secure from this having consequences for your life like beyond like direct interpersonal
Starting point is 00:24:18 or legal consequences this can and in the past has result in your email address being on a list of people who do abuse to people online. You don't want to be on such a list. I think that's also important just to point out there isn't one stalker of our app that's not eventually going to get hacked. There is a big war against these apps. There's so many different hacking groups that keep sending me data from these like i'm already working on another article that already once again affects like the data of like i think like 80 000 more like abusers and it's just the abuser data this time but i'm still gonna report on it like it's it's it's this is not gonna stop uh it's even also not gonna stop when i stop uh reporting on this myself. There's been work
Starting point is 00:25:06 before me done on this. The first time I got involved in finding Stalkerware was back in 2020. People have been hacking these apps forever and will keep hacking them. Just look at the Wikipedia page for Stalkerware. There's an ever-growing list of these apps that have been hacked. And I think at this point the like official count being kept by one of the people at tech crunch is that like 13 apps uh a few of which have been hacked two or three times yeah these are not these are not secure apps for anyone no no no of course not yeah and they uh yeah i mean it it makes sense that like an app dedicated to violating people's privacy for money would also basically violate the privacy of the people using it yeah and also
Starting point is 00:25:53 they don't care like like i said it's a it's a cash grab it's nothing else uh there's a few apps that are like a little more than a cash grab but it's usually just because they're made like they're still a cash grab but they're like more well made but it's because they're a cash grab from a company that has better developers or more money to yeah do the initial investment the thing is also like most of these companies don't have a lot of initial investment and i think the important thing to consider as well here is um one big area of this that i have not yet started tackling, but I do want to look into more sometime, is a big reason this industry is so big. Most of these apps have a lot of users,
Starting point is 00:26:33 despite there being so many of them, is the affiliate marketing industry. Once again, our very beloved friend. Yeah, all of these apps are parts of various affiliate marketing networks. Some of them started by stalkerware company some of them just other like things to advertise all the shady things like all those phone number locator apps or whatever that's also part of those same affiliate marketing networks and there's lots of money flowing here and there's lots of money flowing
Starting point is 00:27:01 to very big tech youtube channels uh and i might soon have some proof for some of that. But that's how these are advertised. It's everyone who advertises Stalkerware to you who has a big platform is doing that because they're getting money, not for any other reason. We need to do more ads. We will be back shortly. We will be back shortly. We're talking real conversations with your favorite Latin celebrities, artists, and culture shifters. This is the podcast for you. We're talking real conversations with our Latin stars, from actors and artists to musicians and creators, sharing their stories, struggles, and successes.
Starting point is 00:27:53 You know it's going to be filled with chisme laughs and all the vibes that you love. Each week, we'll explore everything from music and pop culture to deeper topics like identity, community, and breaking down barriers in all sorts of industries. Don't miss out on the fun, el té caliente, and life stories. Join me for Gracias Come Again, a podcast by Honey German, where we get into todo lo actual y viral. Listen to Gracias Come Again on the iHeartRadio app, Apple Podcasts, or wherever you get your podcasts. Hi, I'm Ed Zitron, host of the Better Offline podcast, and we're kicking off our second season
Starting point is 00:28:29 digging into how tech's elite has turned Silicon Valley into a playground for billionaires. From the chaotic world of generative AI to the destruction of Google search, Better Offline is your unvarnished and at times unhinged look at the underbelly of tech from an industry veteran with nothing to lose. This season, I'm going to be joined by everyone from Nobel-winning economists to leading journalists
Starting point is 00:28:49 in the field, and I'll be digging into why the products you love keep getting worse and naming and shaming those responsible. Don't get me wrong, though. I love technology. I just hate the people in charge and want them to get back to building things that actually do things to help real people. I swear to God things can change if we're loud enough. So join me every week to understand what's happening in the tech industry and what could be done to make things better. Listen to Better Offline on the iHeartRadio app, Apple Podcasts, wherever else you get your podcasts.
Starting point is 00:29:17 Check out betteroffline.com. On Thanksgiving Day, 1999, a five-year-old boy floated alone in the ocean. He had lost his mother trying to reach Florida from Cuba. He looked like a little angel. I mean, he looked so fresh. And his name, Elian Gonzalez, will make headlines everywhere. Elian Gonzalez. Elian. Elian.
Starting point is 00:29:42 Elian. Elian. Elian. Elian Gonzalez. everywhere. At the heart of the story is a young boy and the question of who he belongs with. His father in Cuba. Mr. Gonzalez wanted to go home and he wanted to take his son with him. Or his relatives in Miami. Imagine that your mother died trying to get you to freedom. At the heart of it all is still this painful family separation.
Starting point is 00:30:11 Something that as a Cuban, I know all too well. Listen to Chess Peace, the Elian Gonzalez story, as part of the My Cultura podcast network, available on the iHeartRadio app, Apple Podcasts, or wherever you get your podcasts. And we are back. Well, that's all I had. Mia, what do you got? Yeah, I guess there's another thing I wanted to ask a little bit about, which
Starting point is 00:30:39 Zach Whitaker, who's been one of the journalists at TechCrunch doing a lot of the research on this. One of the things that he brings up that i think is another i don't know it's kind of a playing with fire angle on them but one of the issues that these companies seem to have is payment platforms because a lot of payment platforms look at this and go wait hold on yeah so yeah i was gonna talk about that a little bit that's an angle we have also been Because a lot of payment platforms look at this and go, wait, hold on. Yeah, I was going to talk about that a little bit. That's an angle we've also been fighting on a lot, like me and Sang. We work on most of these stories together.
Starting point is 00:31:13 It's kind of funny. We both got each other into the stalkerware thing back in 2020, as I mentioned. That was the first time I stumbled into a stalkerware app with a security issue. I reached out to some random journalist at TechCrunch about it. And now he is the only one talking about this forever because I reached out to him that one time and he got sucked into this horrible, horrible world of spying. But yeah, like one of the things we focus on a lot is reporting these companies to their payment providers, to their server hosters, to the point where sometimes like for weeks zach will just wait for them to switch to a new provider after we got
Starting point is 00:31:49 them taken out from like paypal and then from their other paypal account where they're just using like the checkout experience from one of their completely unrelated software projects which they will later claim is not related at all and they are different companies and whatever but then like eventually they get taken down from that as well and usually we can get them taken on from most like western hosters like especially us hosters will immediately take them down you do not want to risk being the company hosting is by my on us grounds yeah yeah you just like same with eu hosters like uh the few companies that we've seen that were on heads nerd they immediately react because it's like yeah no like under eula you don't want to like risk that and also just because you don't want to host that like there's no reason for you to host shit like that
Starting point is 00:32:35 it will have like image consequences and that's an important thing that is maybe also something you can do as more like a grassroots thing it's also like if you find one of these apps and if you see, oh, they're using like PayPal or whatever, just reach out. I think PayPal is even harder to reach as like just an average lay person. Don't expect them to reply. They might still take action. You will have to manually check. PayPal doesn't really reply to things ever. yeah same as with like hosting company if you see they're hosted on like a european or american hosting company i just just reach out be like hey there's someone running stock spyware on your thing also use the word spyware not stalker where they will not know what that is and it is spyware so yeah and that can usually get them taken down
Starting point is 00:33:22 and often they don't have proper backups and will have a few months of data missing. And it's like, yeah, that's how you slowly grind them to a halt. Yeah. And also, once again, like if you have tips about any of these companies, be it having found a vulnerability just or insider info, especially, I'm always very happy about insider info. You can reach out to either me or Zach Whitaker. We're both very happy to talk about this yeah that's something that's been used really effectively by
Starting point is 00:33:52 right wingers to target sex workers it's been a huge thing there's been a bunch of campaigns to get platform companies and yeah so it's it's interesting that for once we can use the very restrictive and conservative rules of payment providers for our good yeah but yeah basically any of the big payment providers
Starting point is 00:34:13 will not respect something like this some of the like small regional odd ones probably won't really give a shit they have no reason to it's like revenue for them but yeah it's generally worth trying and i'm always glad like if someone just reaches out to these companies and we don't have to do that ourselves uh i think me and second a few other people like actively working on this are doing more than enough work currently but yeah like just if you find one of these things don't go digging too deep it's a depressing world but if you stumble upon one of these somewhere or whatever uh just just report them it's it's it's going to disrupt their operations and if it happens
Starting point is 00:34:51 often enough they might just give up yeah and i mean like in in cases like like the truth spy they are willing to do extreme amounts of fraud to um to to get to money easily because they like started with mostly with the market they could get with their Vietnamese payment providers. Eventually they realized, well, the US is this really big market, but for really easy US stuff,
Starting point is 00:35:17 we need a PayPal thing. They made over 12 fake American identities with fake passports and fake addresses and sign up to paypal a whole bunch of times and had various employees at the company move money around yeah that's um obviously uh not a thing the US government will like if you do that uh generally speaking uh they moved like millions like that so yeah which is pretty crazy like that the money that amount of money that's moving in this industry is crazy like yeah actually like most of these app apps will be half broken which no one ever complains about because like it's shady like you you don't expect like if you
Starting point is 00:35:57 go online and you search for something shady like anything like be it piracy or whatever you don't expect it to be the best experience ever like you, you know, you're getting some weird service and it's probably going to be half broken. But yeah, like most of these talkover apps start at like $40 a month and more. And then sometimes for more features, you pay like up to 60 or 70 or so. And then all of these have like tens of thousands of users, sometimes hundreds of thousands of users. Yeah, you can do the math yourself. It's crazy. This is a really big industry, which makes it so crazy to me that it's not a thing that's talked about more, especially in feminist spaces and things like that. Because this is such a big angle of modern tech-enabled abuse that I really think should be more of a topic. Especially on the left. This
Starting point is 00:36:46 is bad. Yeah, no, this is critically bad. I agree entirely. And also the whole thing with all of this data being so easily accepted, your data can end up getting sold on some dark web forum. You're both as the abuser and as the target, right? Or the government can find these. Like, I have no, like, this is not me making a statement of that's a thing that's happening. But there's nothing preventing the government from hacking these companies and getting shit. Like, I sometimes, like, whenever I get these datasets, and it's always hard to work with datasets
Starting point is 00:37:20 that include, like, non-consensually collected data of people, right? Yes. But, like, I do always, like, do some due diligence checks, datasets that include like non-consensually collected data of people right yes but like i do always like do some due diligence checks like mostly trying to find if the government is using a specific app sometimes yes there is always like the odd correction facility officer who has signed up for one or two of these apps or or like education people and whatever but then i also sometimes search through the text messages for just some code words and the amount of people moving drugs, uh, have stalkerware on their phones.
Starting point is 00:37:49 It's, you know, yeah. And it's, it's one of those things where there are laws, like technically, if I, if my understanding of,
Starting point is 00:37:59 of the laws around this are correct, it is illegal for an organization like the FBI to utilize these apps. But yes, but we have an organization called the NSA who... And it is on paper illegal for them to do this with a third party app. But one thing that often gets done, particularly by the FBI, but not just by them, is it's not illegal for law enforcement agencies to contract with private agencies and if those agencies you don't you just don't check in on what they're doing you know what they're using but like yeah or like if an informant or like if an informant like sends you this data like you're not gonna say no exactly exactly and also you don't really
Starting point is 00:38:43 need to disclose that because it's information you up from an informant you do not need to disclose that informant in court ever so yeah it's like it's it's very there are there are ways around you know the laws that we put up not that we shouldn't continue to extend those laws but you shouldn't like just because well you're they're not allowed to use this doesn't mean they can't get access to the info. Yeah. Yeah, and also there's also this important thing, like, also globally, like, there's other governments that can't just be using this. Like, for one of the apps I got the data for... Yeah, the Indian government and the Russian government
Starting point is 00:39:14 don't give a shit. That was also, like, another thing where I, like, for one of the apps I got data for, there was some indication that at some point the Colombian National Police did a bigger evaluation of using uh commercials spyware for their use because you're in a country with not that big of a like police budget in comparison you cannot afford like all the cool israeli tools everyone else has so what do you do you just look for random apps you can find you know yeah you you find the walmart the kirkland version wish. guess yeah yeah yeah yeah alibaba spyware right yeah i don't think most of them
Starting point is 00:39:52 moved forward with this because these apps fucking suck like they're bad like that's that's the other thing like they don't even really do their job well they're bad and you don't know who is behind them you cannot even go up to someone and be like yo don't do this you also cannot go to the cops and be like this company is scamming me because yeah i assume some people have probably done that before but uh it does involve admitting to a crime so yeah it's like yeah these companies just get away with not giving a shit about their product because like yeah yeah well I think that's all we had thank you Maya for both the work you're doing and for talking
Starting point is 00:40:31 to us is there anything you wanted to plug before we roll out here just my blog I think where like I do this journalistic work and also more there's about to be another cool investigative piece out soon which I thinkentially involves more tracking and whatever uh and also involves like hollywood and more it's it's it's it's a crazy
Starting point is 00:40:50 big story uh i i promise uh that will be out like hopefully in a month or so uh but yeah my blog at maya.crimeu.gay crime u as in crime w yeah and gay as in gay uh yeah yeah just check out my blog at the bottom of the blog there's all my links to my social media for anyone who's like listening to this and has been wondering where i am i am back on twitter as well yeah for now for now that's for for all of us these days that's always like a turnout at. But yeah, I am back on Twitter. I'm posting there sometimes. Yeah. Alright. Well, thank
Starting point is 00:41:32 you and thank you all for listening. We will be back tomorrow unless this comes out on a Friday, in which case we'll be back at some other point. But soon. But that's it. It Could Happen Here is a production of Cool Zone Media. For more podcasts from Cool Zone Media, visit our website, coolzonemedia.com, or check us out on the iHeartRadio app, Apple Podcasts, or wherever you listen to podcasts.
Starting point is 00:42:03 You can find sources for It Could Happen Here updated monthly at coolzonemedia.com slash sources. Thanks for listening. is your unvarnished and at times unhinged look at the underbelly of tech brought to you by an industry veteran with nothing to lose. Listen to Better Offline on the iHeartRadio app, Apple Podcasts, wherever else you get your podcasts from. I found out I was related to the guy that I was dating. I don't feel emotions correctly. I collect my roommate's toenails and fingernails. Those were some callers from my call-in podcast, my roommate's toenails and fingernails. Those were some callers from my call-in podcast, Therapy Gecko. It's a show where I take phone calls from anonymous strangers as a fake gecko therapist and try to learn a little bit about their lives.
Starting point is 00:42:55 I know that's a weird concept, but I promise it's very interesting. Check it out for yourself by searching for Therapy Gecko on the iHeartRadio app, Apple Podcasts, or wherever you get your podcasts. Curious about queer sexuality, cruising, and expanding your horizons? Hit play on the sex-positive and deeply entertaining podcast, Sniffy's Cruising Confessions. Join hosts Gabe Gonzalez and Chris Patterson Rosso as they explore queer sex, cruising, relationships, and culture
Starting point is 00:43:21 in the new iHeart podcast, Sniffy's Cruising Confessions. Sniffy's Cruising Confessions will broaden minds and help you pursue your true goals. You can listen to Sniffy's Cruising Confessions, sponsored by Gilead, now on the iHeartRadio app or wherever you get your podcasts. New episodes every Thursday.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.