It Could Happen Here - Stalkerware ft. maia arson crimew
Episode Date: March 20, 2024Robert and Mia talk with famed No Fly List hacker maia arson crimew about the shady industry of stalkerware, spy software that allows people to spy on their victims' devices.See omnystudio.com/listene...r for privacy information.
Transcript
Discussion (0)
Hi, I'm Ed Zitron, host of the Better Offline podcast, and we're kicking off our second season digging into tech's elite and how they've turned Silicon Valley into a playground for billionaires.
From the chaotic world of generative AI to the destruction of Google search, Better Offline is your unvarnished and at times unhinged look at the underbelly of tech brought to you by an industry veteran with nothing to lose.
Listen to Better Offline on the iHeartRadio app,
Apple Podcasts, wherever else you get your podcasts from.
I found out I was related to the guy that I was dating.
I don't feel emotions correctly.
I collect my roommate's toenails and fingernails.
Those were some callers from my call-in podcast, Therapy Gecko.
It's a show where I but I promise it's very interesting.
Check it out for yourself by searching for Therapy Gecko on the iHeartRadio app, Apple Podcasts, or wherever you get your podcasts. Curious about queer sexuality, cruising, and expanding your horizons?
Hit play on the sex-positive and deeply entertaining podcast
Sniffy's Cruising Confessions.
Join hosts Gabe Gonzalez and Chris Patterson Rosso
as they explore queer sex, cruising, relationships, and culture
in the new iHeart podcast, Sniffy's Cruising Confessions.
Sniffy's Cruising Confessions will broaden minds
and help you pursue your true goals.
You can listen to Sniffy's Cruising Confessions, sponsored by Gilead, now on the iHeartRadio app or wherever you get your podcasts.
New episodes every Thursday.
Call Zone Media.
Welcome back to It Could Happen Here, the podcast that's happening here in your ear. And one of the things that we love talking about here
is a critical ingredient towards creeping authoritarianism,
towards growing corporate control and surveillance
over all of our lives, which is, of course,
technology that makes it even easier to monitor you
than it already is.
And we're not talking primarily about, like,
the government monitoring you, because they can, you know, do stuff like just pull your phone data from a,
you know, which cell towers it's pinged. We're talking about the kind of stuff that allows
basically whoever can get an app on your phone to track and stalk you. And yeah, I'm going to
first introduce Mia Wong. Mia, welcome to the show that you also host.
Yes, I'm here.
So what are we talking about today and who are we talking with?
Yeah, so we are talking about Stalkerware, which is the sort of broad name for the category of software that Robert's been talking about.
And we are talking about someone who hacked one, well...
A Stalkerware stalker.
Yeah, the person who hacked one of the stalkerware companies.
Maya Arson-Kraimu, the famed hacker of the no-fly list.
Yeah, returning guest.
Always happy to have you on.
Yeah, always happy to be on.
Yeah, so I think, I think, I don't know i i think there's there's a real tendency
among and i see this among leftists a lot for kind of good reasons and kind of not good reasons
to really only focus on state and like large corporate actors in terms of surveillance and that's a mistake yeah totally yeah and so i i guess i
guess the place where i want to start before we get into the specific company that you do
is it still called owned i can't i it's fine to call it owned or pawned or whatever i i still do
that sometimes people get confused um but yeah yeah but before we get into that I want
to um I want to ask you a bit because you've done a lot of sort of I guess you could call it research
both actual research wise and then in terms of poking around their servers research and
chandalism and whatever do you want to call it yeah yeah so i i wanted to just start off by asking if you can
give sort of like a brief summary of what stalkerware is yeah so so so stalkerware like
as a category encompasses like a number of different types of apps most of them like on
the surface advertise themselves as like parental control software which is already bad enough
has advertised themselves as like parental control software which is already bad enough just to be clear uh that is like advertised for like spying on your children's phone like seeing
their location in real time seeing their messages that they receive any photo they take ostensibly
this is to like prevent bullying and help with them when they get depressed because they don't
trust you and talk to you for whatever reason but um
obviously a lot of these are then furthermore uh because that's like that sure that's a like
target audience that's a demographic you can advertise to but then there's this even bigger uh
potential target demographic of um people who are insecure in their relationship mostly men
not only men but who are then salt this idea that they can use software like this
for stalking their partner for finding out if they are cheating on you things like that which
is obviously an even bigger problem which once again not to discount the problems for that spying
on your children is already like bad enough but yeah this lead this leads to this whole like big
industry of these apps being used um by partners against each other like also just by
people like against anyone in the in their surroundings that they suspect might be doing
something shady might be like talking behind their backs it often kind of turns into like it
obviously turns into this obsessive thing especially if you solve this idea that this
this app can magically solve like interpersonal issues, like with anything that sells you this magic idea of being able to
solve any problem that these people start kind of spying on everyone in their like circles,
to some of them, like not everyone, most like a lot of people on these buying like their
partner or like their child or whatever, but it often like spirals out of control into
this, like controlling everyone
and their surroundings knowing what everyone is up to where they are and spending like hundreds
of dollars a month on doing so and yeah that's pretty fucked up if you ask me yeah yeah one of
the things that's interesting too it's also in a lot of cases illegal this is going to vary you
know from country to country and state to state but in in the U.S., there are states like California, which gets pointed out in the very good TechCrunch investigation on TruthSpy, where there are really strict laws that journalists have to abide by as to when you can record someone that these apps absolutely break.
Yes, it's specifically a thing that also most of these apps will have a disclaimer at the bottom that is like, this might be illegal in your jurisdiction.
And please ask for consent before doing this and then they have lots of tutorials on how to install this on someone's device without their consent yeah it's like always like a we do
not take any like we we it's not our fault if you break the law basically which obviously like
it's so far not a lot of this has been challenged in court but i don't think this
would hold up too long like i'm not a lawyer but uh i don't think just saying we make a product
to do crimes with if you do crimes with it it's not i mean it works for the gun industry so
yeah the difference is that like the with the gun industry it's a product where there is a legal and
an illegal like clear way to do it the thing with
stalkerware as well is that like a lot of them will also explicitly say the only real use of
this we allow you to do to use it for is to surveil your child which unfortunately is legal
in most jurisdictions because children are property of their parents in quotes because
i do not agree with that but yeah it's one of those things where people using it,
like someone installing an app on their exes or their,
their partner's phone or whatever without consent could very easily would
lose any court case,
whether or not the company would get in trouble,
I think is going to rely a lot on the stuff,
the videos they're posting about like how to put,
how to get these apps on people's phones without them knowing. But like do have that out with like no it's just for surveilling children which
is great and for anyone else you need consent or whatever but i think it is important yeah to point
this out very early for anyone who's listening to this because they think they might have stalk
aware on their phones or because they know they have stalk aware on their phones you can use this
in a domestic abuse case this will immediate
this is explicit proof that abuse is happening and no matter anything else because like that's
the thing generally with domestic abuse cases it's really hard to prove abuse is happening
stalkerware and any other type of spying device like also physical gps device trackers and stuff
that is immediate proof that there is proof that there is controlling behavior going on
that you are being spied on
this cannot only be used
and is explicit admissible evidence
this is also usually
like makes cases worse
like not for you like it just
yeah it like
can potentially add charges
and make it more serious and it
can help making cops give a
shit about like abuse which yeah i hate that i need to say that but yeah it's like it makes it
more serious because yeah there's like spyware and whatever it's easy evidence first off like
you can prove they're spying on you and second if you are in one of the states where that
violates the law then you can immediately say this person is breaking the law like we this is we don't have to debate whether or not they've they've crossed a line yeah and
even if it doesn't directly break the law to spy on someone on a partner like it depending on the
on the region it can be kind of a hazy like thing especially if it's a device you might co-own if
it's like a state where you were with like co-possession or whatever in
the u.s i do not know u.s law very much around this but yeah there's like laws like that but
usually still the fact that you're being spied on can be used as proof for other abuse things you
might be alleging because it's like hard proof that something is happening and also usually
these companies will somewhat have to respond to sapuena so they will have to give out like who
the account owner is behind like the spying on your phone for some of them we can also there's
also tools that help you find out who is spying on you or there's like someone with forensic
background can help yeah and i i think people uh one thing we should note is that if you're kind
of curious has my device been infected by some of these tools the one the one that we should note is that if you're kind of curious, has my device been infected by some of these tools?
The one that we've been talking about most, TruthSpy, if you go to that TechCrunch article.
Or to my article, it also has a link.
Or to your article on your website.
There's a tool you can use where it'll tell you how to get your IMSI, I think.
IMII.
IMII, yeah.
Which you just dial a thing on your phone
and it gives you that number.
It's basically how you identify specific phones
and you plug that in.
It will let you know if your device has been compromised.
Now, like December last year,
up until there is the data.
And if you, yeah, it can pretty much tell you
if you've been spying on using this specific tool until then.
For other stuff, there's also guides, usually on TechCrunch and otherwise also on StopStalker, Yeah, it can pretty much tell you if you've been spying on using this specific tool until then.
For other stuff, there's also guides, usually on TechCrunch and otherwise on StopStockerware.org,
which is the US coalition against stalkerware. And also just generally, I think a lot of more local anti-stalking, anti-abuse orgs
are not as informed yet as they should be, but there's still a good point also to reach out to.
yet as they should be but there's still a good like point also to reach out to or like yeah yeah now one of my questions about truth spy that i'm hoping you can answer is i i know that um
you can like text messages get transferred via it like your call records all that kind of stuff get
and who you were calling does that include messages for like encrypted apps like signal or
is that not accessible through this it depends like for some for some of these it will like get signal messages whatsapp messages
and everything generally by reading the notification content because like from notifications you know
like what messages are have been like received sometimes it will only then have to receive
messages and not the same messages often these also include like a keylogger component that maps messages then sent back as well.
It depends a lot what these apps collect.
But for most of them, also the collection for other texting apps
is usually kind of broken.
None of these apps are really well-maintained.
They're mostly just quick cache grabs.
The harder-to-maintain features usually don't really work.
And it seems like
based on that one thing people can do outside of checking to see if their device has been compromised
is do stuff like um turn off uh notifications for apps like signal right like and that's that's
actually just generally good advice notifications are a are a compromise of the security that some
that signal offers don't have them enabled, you know?
Yeah, or at the very least,
disable them on the lock screen on Android.
Yeah, yes.
I think that's also possible on iOS,
but I think iOS doesn't show message content
on the lock screen anyways.
I'm not sure anymore.
But yeah, it's just also small things like that.
And also one of the key tells
that someone probably tampered with your
phone, especially for Android, is if Google Play Protect is disabled and you do not remember
disabling it for something else, it was almost definitely disabled because someone installed
something on your phone, just try re-enabling it and it will probably tell you something.
The thing also to keep in mind if you find stalkerware on your phone,
please get professional help. Do not just delete it do not like necessarily confront whoever you think might
be your abuser about it unless you're very sure that that's the situation you can handle because
like yeah that that is one of those things that like bringing it up or just deleting it can very
quickly lead to like yeah yeah complicating the situation a lot.
You know what else complicates the situation?
These ads.
Hi, I'm Ed Zitron, host of the
Better Offline podcast, and we're kicking off
our second season digging into how
TexElite has turned Silicon Valley into a
playground for billionaires. From the chaotic world of generative AI to the destruction of Google
search, better offline is your unvarnished and at times unhinged look at the underbelly of tech
from an industry veteran with nothing to lose. This season, I'm going to be joined by everyone
from Nobel winning economists to leading journalists in the field. And I'll be digging
into why the products you love keep getting worse
and naming and shaming those responsible.
Don't get me wrong, though.
I love technology.
I just hate the people in charge
and want them to get back to building things
that actually do things to help real people.
I swear to God things can change if we're loud enough,
so join me every week to understand
what's happening in the tech industry
and what could be done to make things better.
Listen to Better Offline on the iHeartRadio app, Apple Podcasts, wherever else you get your
podcasts. Check out betteroffline.com. Latin culture, musica, peliculas, and entertainment with some of the biggest names in the game. If you love hearing real conversations with your favorite Latin celebrities, artists, and culture shifters, this is the podcast for you.
We're talking real conversations with our Latin stars, from actors and artists to musicians and creators sharing their stories, struggles, and successes.
You know it's going to be filled with chisme laughs and all the vibes that you love.
filled with chisme laughs and all the vibes that you love.
Each week, we'll explore everything from music and pop culture to deeper topics like identity, community,
and breaking down barriers in all sorts of industries.
Don't miss out on the fun, el té caliente, and life stories.
Join me for Gracias Come Again, a podcast by Honey German,
where we get into todo lo actual y viral.
Listen to Gracias Come Again on the iHeartRadio app,
Apple Podcasts, or wherever you get your podcasts.
On Thanksgiving Day, 1999,
a five-year-old boy floated alone in the ocean.
He had lost his mother trying to reach Florida from Cuba.
He looked like a little angel.
I mean, he looked so fresh.
And his name, Elian Gonzalez, will make headlines everywhere.
Elian Gonzalez.
Elian Gonzalez.
Elian.
Elian.
Elian Gonzalez.
At the heart of the story is a young boy and the question of who he belongs with.
His father in Cuba.
Mr. Gonzalez wanted to go home and he wanted to take his son with him.
Or his relatives in Cuba. Mr. Gonzalez wanted to go home and he wanted to take his son with him. Or his relatives
in Miami. Imagine that your
mother died trying
to get you to freedom. At the
heart of it all is still this painful
family separation. Something
that as a Cuban, I know
all too well. Listen
to Chess Peace, the Elian Gonzalez
story as part of the
My Cultura podcast network,
available on the iHeartRadio app,
Apple Podcasts, or wherever you get your podcasts.
And we are back.
So when it comes to the actual fight against this stuff,
obviously what you're doing is a big part of it.
Getting inside these companies and finding out what they're doing and their capabilities is huge.
In terms of what regular people or people who are interested in becoming activists about this can do, what does the struggle to actually fight this stuff look like?
How do we put a bullet in this industry's head?
I think one of the biggest things, and also, like, why I do the work I do with, like, hacking it,
with encouraging others to, like, send me data, be that insiders from these companies,
sending it either to me or, like, TechCrunch specifically currently,
because, like, me and TechCrunch are, like, the only people really doing, like, journalism on this, like, regularly.
And the important thing with, like, journalism and all of this is like awareness it's very important to create awareness about this that's also why i do the media work with like being on
this podcast and things like that i think the most important thing is to make people aware
like talk about this in your feminist circles or whatever uh things like that especially bring it
up just also in like general info things about abuse or how to detect abuse i think the most important
thing to do against stalkerware is demystify it because most people don't even know that this is
a thing that this is like that there's just commercially available spyware that anyone can
install on your phone this is important to not like give in to some sort of paranoia as with any of these things.
It's just important to generate awareness, talk about it,
spread these articles,
and let friends know that this is a potential thing.
And then, yeah, the hard thing with this is that,
obviously, it would probably help
if there was some sort of legislation against some of this.
It's going to be very hard to get any proper legislation that ends this industry.
Because in most Western countries, which are the only countries which, unfortunately, would have enough power to actually get these apps shut down.
Because that's the world we live in.
But the problem there is usually that this notion that children are owned by their parents is too strong to really make a full case against these apps.
And at the very best, what I can...
Like, the very best I'm kind of hoping for from legislators is just a ban on advertising these apps on use against other adults.
Which would be big already, but that doesn't really solve the issue.
Because there's still going to be enough people who know of their use against adults. other adults which would be big already but that's yeah doesn't really solve the issue because
there's still going to be enough people who know of their use for use against adults and there's
going to be enough people on like reddit threads talking about hey well yeah you oh you're not sure
if your girlfriend is cheating on you you can just use this app you know that's also how most
of this marketing for this works it's just yeah at the end of the day this is like a patriarchal
issue so yeah i i think that's also why like i am so focused on like the hacking and the like
blowing these companies up and showing like who's behind them it's because at the end of the day the
most effective thing we have against these companies is like the grassroots movement of
making them too scared to run in this business making it not profitable enough because as i said most of this is like quick cash grabs from like web design
studios uh and outsourcing companies yeah that are just making a quick buck from this because
otherwise they don't get paid enough like that's the sad thing really is how much of this industry
is in uh all of these countries countries western companies outsource their it
to because there's lots of it companies there and they are entirely reliant on like western
companies giving them very underpaid tasks and you have this problem that you now have a bunch
of employees and not enough money to always pay them and what do you do you like find some weird
niche of like a tech product you can quickly build yeah and this is like one of those easy niches it's like always the scummy stuff and and like
yeah it's that's also why like so many of these companies are like based out of vietnam out of
iran and whatever it's just companies that already have it hard enough to do business globally where
the it industry is like falling apart because there's not enough
like local customers and anything that's international. You're just the cheap workforce,
right? So yeah, it's, it's, it's once again, also like a class problem. I don't like most people
working in this industry know that they're working in a like scummy industry. Yeah, of course. But
like, yeah, you got to get paid. get paid and that's yeah and that's like why
i think making it more scary to operate in this industry is like yes the way to go because like
with just like these like four hacks that have happened against these companies over the last
like half a year or so two of them three of them three of them have shut down completely others seem to be slowly moving
towards just building other software primarily yeah it's just like yeah it's it's it's like with
any other like shady industry that the best we can do is just to not make it profitable to run
the software because at the very best anything else we would get is just pushing them more into the shadows,
which is not going to solve the issue at all. Yeah, I think a lot about strategic thinking,
which I do believe is kind of often in part because of how rightfully negative most people on the left think about the military. There's a tendency to ignore some of the theory around how
to actually win a conflict. And all of it,
all strategy really, when you're talking about like defeating an opponent revolves around
denying and taking operational area from them, right? And that's what you're talking about.
When you talk about, well, we need to stop this, you know, one of the first things we can do as
part of fighting this is to stop them from being able to advertise certain places, right? It's making sure that they're not able to operate without being seen. It's basically
cutting down their area, their space to maneuver, their ability to profit, which cuts down
their money, their access to people, their ability to actually like operate, right? Like that's what
we're looking at in terms of how do you kill this stuff. It's not one single, really. I use the
comparison of a bullet, but it's
never going to be one bullet. These things are
too durable. There's too many countries at play to
do that.
That's also why I put so much emphasis on
doing media work about this, on getting
more people to talk about this, and
getting more awareness of this out there
to the point where I'm willing to work
with more conservative newspapers on this
because everyone needs to know about this
at the end of the day.
This is how we stop people from falling victims to this.
Most people who are a victim of stalker apps
have never heard of stalker apps before.
And I think that's one of the biggest ways to tackle this.
And on the other hand, we also have, I think,
another big leverage point with how many of these are getting hacked, because none of these apps are very secure.
That's another thing is this can also be leveraged against like the abusers in this scenario. I think
just pointing out to them that all of these apps get hacked all the time and that this is how they
get found out that this is how their data of them as abusers ends up landing on the internet i think it's also
like a very important angle at the end of the day it's just to make it clear like yeah no not even
you are like secure from this having consequences for your life like beyond like direct interpersonal
or legal consequences this can and in the past has result in your email address being on a list of people who do abuse to people online.
You don't want to be on such a list.
I think that's also important just to point out there isn't one stalker of our app that's not eventually going to get hacked.
There is a big war against these apps.
There's so many different hacking groups that keep sending me data from these like i'm already working on another article that already once again affects like the data of like i think like
80 000 more like abusers and it's just the abuser data this time but i'm still gonna report on it
like it's it's it's this is not gonna stop uh it's even also not gonna stop when i stop uh
reporting on this myself. There's been work
before me done on this. The first time I got involved in finding Stalkerware was back in
2020. People have been hacking these apps forever and will keep hacking them. Just look
at the Wikipedia page for Stalkerware. There's an ever-growing list of these apps that have
been hacked. And I think at this point the like official count
being kept by one of the people at tech crunch is that like 13 apps uh a few of which have been
hacked two or three times yeah these are not these are not secure apps for anyone no no no of course
not yeah and they uh yeah i mean it it makes sense that like an app dedicated to violating people's
privacy for money would also basically violate the privacy of the people using it yeah and also
they don't care like like i said it's a it's a cash grab it's nothing else uh there's a few
apps that are like a little more than a cash grab but it's usually just because they're made
like they're still a cash grab but they're like more well made but it's because they're a cash grab from a company that
has better developers or more money to yeah do the initial investment the thing is also like most of
these companies don't have a lot of initial investment and i think the important thing to
consider as well here is um one big area of this that i have not yet started tackling, but I do want to look into more sometime,
is a big reason this industry is so big.
Most of these apps have a lot of users,
despite there being so many of them,
is the affiliate marketing industry.
Once again, our very beloved friend.
Yeah, all of these apps are parts of various affiliate marketing networks.
Some of them started
by stalkerware company some of them just other like things to advertise all the shady things
like all those phone number locator apps or whatever that's also part of those same affiliate
marketing networks and there's lots of money flowing here and there's lots of money flowing
to very big tech youtube channels uh and i might soon have some proof for some of that.
But that's how these are advertised.
It's everyone who advertises Stalkerware to you who has a big platform
is doing that because they're getting money, not for any other reason.
We need to do more ads.
We will be back shortly.
We will be back shortly. We're talking real conversations with your favorite Latin celebrities, artists, and culture shifters. This is the podcast for you. We're talking real conversations with our Latin stars, from actors and artists to musicians and creators,
sharing their stories, struggles, and successes.
You know it's going to be filled with chisme laughs and all the vibes that you love.
Each week, we'll explore everything from music and pop culture to deeper topics like identity, community,
and breaking down barriers in all sorts of industries.
Don't miss out on the fun, el té caliente, and life stories.
Join me for Gracias Come Again, a podcast by Honey German, where we get into todo lo actual y viral.
Listen to Gracias Come Again on the iHeartRadio app, Apple Podcasts, or wherever you get your podcasts.
Hi, I'm Ed Zitron, host of the Better Offline podcast,
and we're kicking off our second season
digging into how tech's elite
has turned Silicon Valley into a playground for billionaires.
From the chaotic world of generative AI
to the destruction of Google search,
Better Offline is your unvarnished
and at times unhinged look at the underbelly of tech
from an industry veteran with nothing to lose.
This season, I'm going to be joined by everyone from Nobel-winning economists to leading journalists
in the field, and I'll be digging into why the products you love keep getting worse and naming
and shaming those responsible. Don't get me wrong, though. I love technology. I just hate the people
in charge and want them to get back to building things that actually do things to help real
people. I swear to God things can change if we're loud enough.
So join me every week to understand what's happening in the tech industry
and what could be done to make things better.
Listen to Better Offline on the iHeartRadio app, Apple Podcasts,
wherever else you get your podcasts.
Check out betteroffline.com.
On Thanksgiving Day, 1999, a five-year-old boy floated alone in the ocean.
He had lost his mother trying to reach Florida from Cuba.
He looked like a little angel. I mean, he looked so fresh.
And his name, Elian Gonzalez, will make headlines everywhere.
Elian Gonzalez.
Elian.
Elian.
Elian.
Elian.
Elian.
Elian Gonzalez.
everywhere. At the heart of the story is a young boy and the question of who he belongs with.
His father in Cuba. Mr. Gonzalez wanted to go home and he wanted to take his son with him.
Or his relatives in Miami. Imagine that your mother died trying to get you to freedom.
At the heart of it all is still this painful family separation.
Something that as a Cuban, I know all too well.
Listen to Chess Peace, the Elian Gonzalez story, as part of the My Cultura podcast network,
available on the iHeartRadio app, Apple Podcasts, or wherever you get your podcasts. And
we are back.
Well, that's all I had.
Mia, what do you got?
Yeah, I guess there's another thing
I wanted to ask a little bit about, which
Zach Whitaker, who's been one of the
journalists at TechCrunch doing a lot of
the research on this. One of the things that he brings up that i think is another i don't know
it's kind of a playing with fire angle on them but one of the issues that these companies seem to have
is payment platforms because a lot of payment platforms look at this and go wait hold on
yeah so yeah i was gonna talk about that a little bit that's an angle we have also been Because a lot of payment platforms look at this and go, wait, hold on.
Yeah, I was going to talk about that a little bit.
That's an angle we've also been fighting on a lot, like me and Sang. We work on most of these stories together.
It's kind of funny.
We both got each other into the stalkerware thing back in 2020, as I mentioned.
That was the first time I stumbled into a stalkerware app with a security issue.
I reached out to some random journalist
at TechCrunch about it. And now he is the only one talking about this forever because I reached
out to him that one time and he got sucked into this horrible, horrible world of spying.
But yeah, like one of the things we focus on a lot is reporting these companies to their payment
providers, to their server hosters, to the point where sometimes like for weeks zach will just wait for them to switch to a new provider after we got
them taken out from like paypal and then from their other paypal account where they're just
using like the checkout experience from one of their completely unrelated software projects which
they will later claim is not related at all and they are different companies and whatever but then
like eventually they get taken down from that as well and usually we can get them taken on from most like western
hosters like especially us hosters will immediately take them down you do not want to
risk being the company hosting is by my on us grounds yeah yeah you just like same with eu
hosters like uh the few companies that we've seen that were on heads nerd they immediately react because it's like yeah no like under eula you don't want to like risk that and
also just because you don't want to host that like there's no reason for you to host shit like that
it will have like image consequences and that's an important thing that is maybe also something
you can do as more like a grassroots thing it's also like if you find one of these apps and if you see, oh, they're using like PayPal
or whatever, just reach out. I think PayPal is even harder to reach as like just an average
lay person. Don't expect them to reply. They might still take action. You will have to manually check.
PayPal doesn't really reply to things ever. yeah same as with like hosting company if you
see they're hosted on like a european or american hosting company i just just reach out be like hey
there's someone running stock spyware on your thing also use the word spyware not stalker where
they will not know what that is and it is spyware so yeah and that can usually get them taken down
and often they don't have proper backups and will have a few months of data missing.
And it's like, yeah, that's how you slowly grind them to a halt.
Yeah.
And also, once again, like if you have tips about any of these companies, be it having found a vulnerability just or insider info, especially, I'm always very happy about insider info.
You can reach out to either me or Zach Whitaker.
We're both very happy to talk about this
yeah that's something
that's been used really effectively by
right wingers to target sex workers
it's been a huge thing
there's been a bunch of campaigns to get
platform companies
and yeah so it's
it's interesting that for once
we can use the very restrictive and conservative
rules of payment providers for our good yeah but yeah basically any of the big payment providers
will not respect something like this some of the like small regional odd ones probably won't really
give a shit they have no reason to it's like revenue for them but yeah it's generally worth
trying and i'm always glad like
if someone just reaches out to these companies and we don't have to do that ourselves uh i think
me and second a few other people like actively working on this are doing more than enough work
currently but yeah like just if you find one of these things don't go digging too deep it's a
depressing world but if you stumble upon one of these somewhere or
whatever uh just just report them it's it's it's going to disrupt their operations and if it happens
often enough they might just give up yeah and i mean like in in cases like like the truth spy they
are willing to do extreme amounts of fraud to um to to get to money easily because they like
started with mostly
with the market they could get
with their Vietnamese payment providers.
Eventually they realized,
well, the US is this really big market,
but for really easy US stuff,
we need a PayPal thing.
They made over 12 fake American identities
with fake passports and fake addresses and sign up to
paypal a whole bunch of times and had various employees at the company move money around
yeah that's um obviously uh not a thing the US government will like if you do that uh generally
speaking uh they moved like millions like that so yeah which is pretty crazy like that the money that amount of money that's
moving in this industry is crazy like yeah actually like most of these app apps will be half broken
which no one ever complains about because like it's shady like you you don't expect like if you
go online and you search for something shady like anything like be it piracy or whatever you don't
expect it to be the best experience ever like you, you know, you're getting some weird service and it's probably going to be half broken.
But yeah, like most of these talkover apps start at like $40 a month and more. And then sometimes
for more features, you pay like up to 60 or 70 or so. And then all of these have like tens of
thousands of users, sometimes hundreds of thousands of users. Yeah, you can do the math
yourself. It's crazy. This is a really big industry, which makes it so crazy to me that
it's not a thing that's talked about more, especially in feminist spaces and things like
that. Because this is such a big angle of modern tech-enabled abuse that I really think should be more of a topic. Especially on the left. This
is bad. Yeah, no, this is critically bad. I agree entirely. And also the whole thing with all of
this data being so easily accepted, your data can end up getting sold on some dark web forum. You're
both as the abuser and as the target, right? Or the government can find these. Like, I have no, like, this is not me making a statement
of that's a thing that's happening.
But there's nothing preventing the government
from hacking these companies and getting shit.
Like, I sometimes, like, whenever I get these datasets,
and it's always hard to work with datasets
that include, like, non-consensually collected data of people, right?
Yes. But, like, I do always, like, do some due diligence checks, datasets that include like non-consensually collected data of people right yes but like
i do always like do some due diligence checks like mostly trying to find if the government
is using a specific app sometimes yes there is always like the odd correction facility officer
who has signed up for one or two of these apps or or like education people and whatever but
then i also sometimes search through the text messages for just some code words and the amount of people moving drugs,
uh,
have stalkerware on their phones.
It's,
you know,
yeah.
And it's,
it's one of those things where there are laws,
like technically,
if I,
if my understanding of,
of the laws around this are correct,
it is illegal for an organization like the FBI to utilize these apps.
But yes, but we have an organization called the NSA who...
And it is on paper illegal for them to do this with a third party app. But one thing that often
gets done, particularly by the FBI, but not just by them, is it's not illegal for law enforcement agencies to contract
with private agencies and if those agencies you don't you just don't check in on what they're
doing you know what they're using but like yeah or like if an informant or like if an informant
like sends you this data like you're not gonna say no exactly exactly and also you don't really
need to disclose that because it's information you up from an informant you do not need to disclose that informant in court ever
so yeah it's like it's it's very there are there are ways around you know the laws that we put up
not that we shouldn't continue to extend those laws but you shouldn't like just because well
you're they're not allowed to use this doesn't mean they can't get access to the info. Yeah.
Yeah, and also there's also this important thing,
like, also globally, like, there's other governments that can't just be using this.
Like, for one of the apps I got the data for...
Yeah, the Indian government and the Russian government
don't give a shit.
That was also, like, another thing where I, like,
for one of the apps I got data for,
there was some indication that at some point
the Colombian National Police did a bigger evaluation of using uh commercials spyware for their use because you're in a country with not
that big of a like police budget in comparison you cannot afford like all the cool israeli tools
everyone else has so what do you do you just look for random apps you can find you know yeah you you
find the walmart the kirkland version wish. guess yeah yeah yeah yeah alibaba spyware right yeah i don't think most of them
moved forward with this because these apps fucking suck like they're bad like that's
that's the other thing like they don't even really do their job well they're bad and you
don't know who is behind them you cannot even go up to someone and be like yo don't do this you also cannot go to the cops and be like this company is scamming me because
yeah i assume some people have probably done that before but uh it does involve admitting to a crime
so yeah it's like yeah these companies just get away with not giving a shit about their product because like yeah yeah
well I think that's all we had
thank you Maya for
both the work you're doing and for talking
to us is there anything you wanted to
plug before we roll out here
just my blog I think
where like I do this journalistic work
and also more there's about to be another cool
investigative piece out soon
which I thinkentially involves more
tracking and whatever uh and also involves like hollywood and more it's it's it's it's a crazy
big story uh i i promise uh that will be out like hopefully in a month or so uh but yeah my blog at
maya.crimeu.gay crime u as in crime w yeah and gay as in gay uh yeah yeah just check out my blog at the bottom of the
blog there's all my links to my social media for anyone who's like listening to this and
has been wondering where i am i am back on twitter as well yeah for now for now that's for for all of
us these days that's always like a turnout at. But yeah, I am back on Twitter. I'm
posting there sometimes.
Yeah.
Alright. Well, thank
you and thank you all for listening.
We will be back tomorrow unless this
comes out on a Friday, in which case we'll be
back at some other point.
But soon. But that's it.
It Could Happen Here is a production of Cool Zone Media.
For more podcasts from Cool Zone Media, visit our website, coolzonemedia.com,
or check us out on the iHeartRadio app, Apple Podcasts, or wherever you listen to podcasts.
You can find sources for It Could Happen Here updated monthly at coolzonemedia.com slash sources.
Thanks for listening. is your unvarnished and at times unhinged look at the underbelly of tech brought to you by an industry veteran with nothing to lose. Listen to Better Offline on the iHeartRadio app,
Apple Podcasts, wherever else you get your podcasts from.
I found out I was related to the guy that I was dating. I don't feel emotions correctly.
I collect my roommate's toenails and fingernails. Those were some callers from my call-in podcast,
my roommate's toenails and fingernails.
Those were some callers from my call-in podcast, Therapy Gecko.
It's a show where I take phone calls from anonymous strangers as a fake gecko therapist and try to learn a little bit about their lives.
I know that's a weird concept, but I promise it's very interesting.
Check it out for yourself by searching for Therapy Gecko on the iHeartRadio app,
Apple Podcasts, or wherever you get your podcasts.
Curious about queer sexuality, cruising, and expanding your horizons?
Hit play on the sex-positive and deeply entertaining podcast,
Sniffy's Cruising Confessions.
Join hosts Gabe Gonzalez and Chris Patterson Rosso
as they explore queer sex, cruising, relationships, and culture
in the new iHeart podcast, Sniffy's Cruising Confessions.
Sniffy's Cruising Confessions will broaden minds
and help you pursue your true goals.
You can listen to Sniffy's Cruising Confessions,
sponsored by Gilead,
now on the iHeartRadio app
or wherever you get your podcasts.
New episodes every Thursday.