Since it exploded onto the scene in January after a newspaper exposé, Clearview AI quickly became one of the most elusive, secretive and reviled companies in the tech startup scene.
The controversial facial recognition startup allows its law enforcement users to take a picture of a person, upload it and match it against its alleged database of 3 billion images, which the company scraped from public social media profiles.
But for a time, a misconfigured server exposed the company’s internal files, apps and source code for anyone on the internet to find.
Mossab Hussein, chief security officer at Dubai-based cybersecurity firm SpiderSilk, found the repository storing Clearview’s source code. Although the repository was protected with a password, a misconfigured setting allowed anyone to register as a new user to log in to the system storing the code.
The repository contained Clearview’s source code, which could be used to compile and run the apps from scratch. The repository also stored some of the company’s secret keys and credentials, which granted access to Clearview’s cloud storage buckets. Inside those buckets, Clearview stored copies of its finished Windows, Mac and Android apps, as well as its iOS app, which Apple recently blocked for violating its rules. The storage buckets also contained early, pre-release developer app versions that are typically only for testing, Hussein said.
The repository also exposed Clearview’s Slack tokens, according to Hussein, which, if used, could have allowed password-less access to the company’s private messages and communications.
Clearview has been dogged by privacy concerns since it was forced out of stealth following a profile in The New York Times, but its technology has gone largely untested and the accuracy of its facial recognition tech unproven. Clearview claims it only allows law enforcement to use its technology, but reports show that the startup courted users from private businesses like Macy’s, Walmart and the NBA. But this latest security lapse is likely to invite greater scrutiny of the company’s security and privacy practices.
When reached for comment, Clearview founder Hoan Ton-That claimed his company “experienced a constant stream of cyber intrusion attempts, and have been investing heavily in augmenting our security.”
“We have set up a bug bounty program with HackerOne whereby computer security researchers can be rewarded for finding flaws in Clearview AI’s systems,” said Ton-That. “SpiderSilk, a firm that was not a part of our bug bounty program, found a flaw in Clearview AI and reached out to us. This flaw did not expose any personally identifiable information, search history or biometric identifiers,” he said.
Clearview AI’s app for iOS did not need a log-in, according to Hussein. He took several screenshots to show how the app works. In this example, Hussein used a photo of Mark Zuckerberg.
Ton-That accused the research firm of extortion, but emails between Clearview and SpiderSilk paint a different picture.
Hussein, who has previously reported security issues at several startups, including MoviePass, Remine and Blind, said he reported the exposure to Clearview but declined to accept a bounty, which he said if signed would have barred him from publicly disclosing the security lapse.
It’s not uncommon for companies to use bug bounty terms and conditions or non-disclosure agreements to prevent the disclosure of security lapses once they are fixed. But experts told TechCrunch that researchers are not obligated to accept a bounty or agree to disclosure rules.
Ton-That said that Clearview has “done a full forensic audit of the host to confirm no other unauthorized access occurred.” He also confirmed that the secret keys have been changed and no longer work.
Hussein’s findings offer a rare glimpse into the operations of the secretive company. One screenshot shared by Hussein showed code and apps referencing the company’s Insight Camera, which Ton-That described as a “prototype” camera, since discontinued.
A screenshot of Clearview AI’s app for macOS. It connects to Clearview’s database through an API. The app also references Clearview’s former prototype camera hardware, Insight Camera.
According to BuzzFeed News, one of the firms that tested the cameras is New York City real estate firm Rudin Management, which trialed use of a camera at two of its city residential buildings.
Hussein said that he found some 70,000 videos in one of Clearview’s cloud storage buckets, taken from a camera installed at face-height in the lobby of a residential building. The videos show residents entering and leaving the building.
Ton-That explained that, “as part of prototyping a security camera product we collected some raw video strictly for debugging purposes, with the permission of the building management.”
TechCrunch has learned that the Rudin-owned building is on Manhattan’s east side. Several property listings with images of the building’s lobby also confirm this. A representative for the real estate company did not return our emails.
One of the videos from a camera in a lobby of a residential building, recording residents (blurred by TechCrunch) as they pass by.
Clearview has come under intense scrutiny since its January debut. It has also attracted the attention of hackers.
In February, Clearview admitted to customers that a list of its customers was stolen in a data breach — though, it claimed its servers were “never accessed.” Clearview also left unprotected several of its cloud storage buckets containing its Android app.
Vermont’s attorney general’s office has already opened an investigation into the company for allegedly violating consumer protection laws, and police departments have been told to stop using Clearview, including in New Jersey and San Diego. Several tech companies, including Facebook, Twitter and YouTube, have already filed cease-and-desist letters with Clearview AI.
In an interview with CBS News in February, Ton-That defended his company’s practices. “If it’s public and it’s out there and could be inside Google’s search engine, it can be inside ours as well,” he said.
Original post: https://techcrunch.com/2020/04/16/clearview-source-code-lapse/
Write more, thats all I have to say. Literally, it seems
as though you relied on the video to make your point. You definitely know what youre talking about, why waste your intelligence on just posting
videos to your site when you could be giving us something informative to read?
What’s up to every , as I am in fact eager of reading this
webpage’s post to be updated daily. It carries fastidious
stuff.
Hello There. I found your weblog the use of msn. That is
an extremely smartly written article. I’ll make sure to
bookmark it and come back to read more of your useful info.
Thank you for the post. I’ll certainly return.
I am the business owner of JustCBD label (justcbdstore.com) and am seeking to expand my wholesale side of company. I really hope that someone at targetdomain can help me 🙂 I considered that the very best way to accomplish this would be to talk to vape shops and cbd retail stores. I was really hoping if anybody could recommend a dependable site where I can purchase Vape Shop BUSINESS DATA I am currently considering creativebeartech.com, theeliquidboutique.co.uk and wowitloveithaveit.com. On the fence which one would be the very best solution and would appreciate any support on this. Or would it be simpler for me to scrape my own leads? Suggestions?
I’m the business owner of JustCBD Store company (justcbdstore.com) and am looking to broaden my wholesale side of company. I am hoping anybody at targetdomain is able to provide some guidance 🙂 I considered that the most effective way to accomplish this would be to connect to vape shops and cbd retail stores. I was really hoping if someone could suggest a trustworthy web site where I can purchase Vape Shop B2B Data List I am already looking at creativebeartech.com, theeliquidboutique.co.uk and wowitloveithaveit.com. Unsure which one would be the very best selection and would appreciate any guidance on this. Or would it be easier for me to scrape my own leads? Suggestions?
Write more, thats all I have to say. Literally, it seems as though you relied
on the video to make your point. You obviously know what youre talking about, why throw away your intelligence on just
posting videos to your blog when you could be giving us something informative to read?
Howdy! I could have sworn I’ve visited this site before but after browsing through a few of the posts I realized it’s new to me. Nonetheless, I’m definitely happy I came across it and I’ll be book-marking it and checking back frequently!
Hello just wanted to give you a quick heads up. The words in your post
seem to be running off the screen in Safari. I’m
not sure if this is a formatting issue or something to do with browser compatibility but I thought I’d post to let you
know. The style and design look great though! Hope
you get the issue fixed soon. Thanks
Aw, this was a very good post. Finding the time and actual effort to make a top notch article… but what can I say… I hesitate a lot and never manage to get nearly anything done.
An interesting discussion is worth comment. I do think that you ought to publish more about this subject matter, it might not be a taboo matter but typically folks don’t talk about such topics. To the next! All the best!!
Next time I read a blog, I hope that it won’t disappoint me as much as this particular one. I mean, I know it was my choice to read through, however I truly believed you would probably have something helpful to say. All I hear is a bunch of complaining about something that you could possibly fix if you were not too busy searching for attention.
I’m not that much of a online reader to be
honest but your blogs really nice, keep it up! I’ll go ahead and bookmark your
website to come back down the road. All the best
I have to thank you for the efforts you have put in penning this site. I’m hoping to view the same high-grade blog posts from you later on as well. In fact, your creative writing abilities has motivated me to get my own blog now 😉
Oh my goodness! Awesome article dude! Thanks, However I am experiencing troubles with your RSS. I don’t know why I am unable to join it. Is there anybody else getting identical RSS problems? Anyone that knows the solution will you kindly respond? Thanx!!
After I originally commented I seem to have clicked the -Notify me when new comments are added- checkbox and now each time a comment is added I recieve 4 emails with the exact same comment. Is there a means you can remove me from that service? Thanks a lot!
You should be a part of a contest for one of the best sites on the net. I will recommend this site!
I love it whenever people get together and share opinions. Great site, keep it up!
Hi, I do think this is an excellent website. I stumbledupon it 😉 I am going to revisit yet again since i have bookmarked it. Money and freedom is the best way to change, may you be rich and continue to guide others.
There is certainly a great deal to find out about this subject. I really like all the points you have made.
Greetings! Very helpful advice within this article! It is the little changes that produce the biggest changes. Thanks a lot for sharing!
When I initially left a comment I appear to have clicked the -Notify me when new comments are added- checkbox and from now on every time a comment is added I recieve 4 emails with the exact same comment. There has to be an easy method you can remove me from that service? Appreciate it!
Spot on with this write-up, I absolutely believe this amazing site needs a great deal more attention. I’ll probably be returning to see more, thanks for the advice!
I’ve been browsing online more than three hours today, yet I never found any interesting article like yours.
It’s pretty worth enough for me. In my opinion, if all web owners
and bloggers made good content as you did, the internet will be much more useful than ever before.
It’s hard to come by educated people about this topic, but you sound like you know what you’re talking about! Thanks
The next time I read a blog, I hope that it does not fail me as much as this particular one. I mean, Yes, it was my choice to read, however I genuinely believed you’d have something interesting to talk about. All I hear is a bunch of crying about something that you can fix if you were not too busy searching for attention.
You are so interesting! I don’t suppose I’ve truly read a single thing like this before. So wonderful to discover someone with a few genuine thoughts on this topic. Seriously.. thank you for starting this up. This site is something that is needed on the internet, someone with a little originality!
Greetings! Very helpful advice within this post! It’s the little changes that make the most significant changes. Many thanks for sharing!
The very next time I read a blog, Hopefully it won’t fail me as much as this one. I mean, I know it was my choice to read through, however I actually believed you would probably have something interesting to talk about. All I hear is a bunch of whining about something you can fix if you were not too busy seeking attention.
An impressive share! I have just forwarded this onto a co-worker who has been doing a little homework on this. And he in fact ordered me lunch because I discovered it for him… lol. So let me reword this…. Thanks for the meal!! But yeah, thanx for spending time to discuss this topic here on your internet site.
I was able to find good advice from your content.
Good site you have got here.. It’s hard to find high quality writing like yours nowadays. I really appreciate people like you! Take care!!
A motivating discussion is worth comment. I believe that you should write more about this topic, it may not be a taboo matter but typically folks don’t talk about these issues. To the next! Cheers!!
I’m impressed, I must say. Rarely do I come across a blog that’s equally educative and entertaining, and without a doubt, you’ve hit the nail on the head. The problem is an issue that too few men and women are speaking intelligently about. I am very happy I came across this during my hunt for something relating to this.
Link exchange is nothing else however it is simply placing the other person’s weblog link on your page at proper place and other person will also do
similar for you.
Appreciate the recommendation. Let me try it out.
Hi there! Would you mind if I share your blog with my zynga group?
There’s a lot of folks that I think would really appreciate your content.
Please let me know. Cheers
I couldn’t refrain from commenting. Very well written!
I’m impressed, I must say. Rarely do I encounter a blog that’s both equally educative and amusing, and without a doubt, you’ve hit the nail on the head. The issue is an issue that not enough men and women are speaking intelligently about. I’m very happy that I stumbled across this during my hunt for something concerning this.
You ought to take part in a contest for one of the most useful blogs online. I most certainly will recommend this web site!
Great article! We are linking to this great post on our website. Keep up the great writing.
Everything is very open with a very clear clarification of the issues. It was definitely informative. Your site is extremely helpful. Many thanks for sharing!
I seriously love your website.. Very nice colors & theme. Did you develop this site yourself? Please reply back as I’m hoping to create my own personal website and want to learn where you got this from or just what the theme is called. Many thanks!
You made some good points there. I checked on the web to learn more about the issue and found most individuals will go along with your views on this web site.
Spot on with this write-up, I absolutely believe that this website needs far more attention. I’ll probably be back again to see more, thanks for the info!
Hello there! This article could not be written any better! Looking at this article reminds me of my previous roommate! He constantly kept talking about this. I am going to forward this information to him. Pretty sure he’s going to have a great read. Thank you for sharing!
Very good post. I’m facing a few of these issues as well..
Spot on with this write-up, I truly think this web site needs much more attention. I’ll probably be returning to read through more, thanks for the info!
I was able to find good advice from your content.
My programmer is trying to convince me to move to .net from
PHP. I have always disliked the idea because of the expenses.
But he’s tryiong none the less. I’ve been using WordPress on various
websites for about a year and am worried about switching to another
platform. I have heard good things about
blogengine.net. Is there a way I can transfer all my wordpress
content into it? Any kind of help would be really appreciated!
Great post. I’m facing some of these issues as well..
I must thank you for the efforts you’ve put in penning this website. I really hope to view the same high-grade content by you later on as well. In truth, your creative writing abilities has motivated me to get my very own blog now 😉
Pretty! This has been a really wonderful post. Thank you for supplying this information.
Greetings! Very useful advice within this post! It is the little changes that will make the most important changes. Many thanks for sharing!
Aw, this was an extremely nice post. Finding the time and actual effort to make a really good article… but what can I say… I hesitate a whole lot and don’t seem to get anything done.
Oh my goodness! Incredible article dude! Thank you, However I am going through troubles with your RSS. I don’t understand why I am unable to subscribe to it. Is there anybody having similar RSS issues? Anybody who knows the solution will you kindly respond? Thanks!!
Pretty! This was an extremely wonderful post. Thanks for providing these details.
An outstanding share! I have just forwarded this onto a coworker who had been conducting a little homework on this. And he in fact ordered me breakfast because I stumbled upon it for him… lol. So allow me to reword this…. Thank YOU for the meal!! But yeah, thanx for spending time to discuss this subject here on your website.
Greetings! Very useful advice in this particular post! It’s the little changes that produce the largest changes. Many thanks for sharing!
I really like it when individuals come together and share thoughts. Great website, stick with it!
I was able to find good advice from your blog posts.
This website was… how do you say it? Relevant!! Finally I’ve found something that helped me. Kudos!
There is definately a lot to find out about this topic. I love all the points you’ve made.
Having read this I believed it was very informative. I appreciate you finding the time and effort to put this informative article together. I once again find myself personally spending way too much time both reading and commenting. But so what, it was still worth it!
I used to be able to find good info from your content.
Hello there! This article could not be written much better! Going through this article reminds me of my previous roommate! He continually kept preaching about this. I most certainly will send this post to him. Fairly certain he will have a good read. I appreciate you for sharing!
Great article. I will be facing some of these issues as well..
Hi! I could have sworn I’ve been to your blog before but after looking at a few of the articles I realized it’s new to me. Regardless, I’m definitely delighted I found it and I’ll be bookmarking it and checking back often!
Oh my goodness! Impressive article dude! Many thanks, However I am going through problems with your RSS. I don’t know why I am unable to join it. Is there anybody getting identical RSS problems? Anyone who knows the solution will you kindly respond? Thanks!!
I’m very pleased to uncover this web site. I wanted to thank you for your time due to this wonderful read!! I definitely enjoyed every part of it and i also have you book-marked to look at new stuff on your site.
I was excited to discover this web site. I wanted to thank you for ones time for this wonderful read!! I definitely appreciated every little bit of it and i also have you saved to fav to check out new things in your site.
You ought to take part in a contest for one of the greatest websites on the internet. I most certainly will highly recommend this web site!
This web site truly has all of the information I needed concerning this subject and didn’t know who to ask.
Great post! We are linking to this great content on our website. Keep up the great writing.
An interesting discussion is definitely worth comment. There’s no doubt that that you ought to write more about this topic, it might not be a taboo subject but generally people don’t discuss such topics. To the next! Best wishes!!
Good article. I will be going through many of these issues as well..
You’re so interesting! I do not believe I’ve truly read through anything like this before. So nice to find somebody with some original thoughts on this issue. Really.. thank you for starting this up. This website is one thing that is needed on the web, someone with a little originality!
Achieving your fitness goal doesn’t need a certified personal trainer or an expensive gym memberships, it’s not hard to exercise at home. It is easy to go down a training and fitness rabbit hole, however, when you are looking for the best home exercise equipment to outfit your personal home gym.
Excellent article. I’m going through many of these issues as well..
Hello! I could have sworn I’ve visited this blog before but after browsing through some of the articles I realized it’s new to me. Anyhow, I’m certainly pleased I found it and I’ll be bookmarking it and checking back frequently!
What’s up to all, the contents existing at this web page are
genuinely remarkable for people experience, well, keep up the nice work fellows.
yynxznuh cheap flights
The next time I read a blog, Hopefully it does not disappoint me as much as this one. I mean, Yes, it was my choice to read, however I genuinely thought you would have something helpful to talk about. All I hear is a bunch of whining about something that you could possibly fix if you weren’t too busy seeking attention.
This website was… how do you say it? Relevant!! Finally I’ve found something which helped me. Thanks!
I am regular visitor, how are you everybody? This post posted at
this website is genuinely fastidious.
I’ve been exploring for a little bit for any high quality articles or blog posts in this sort of space .
Exploring in Yahoo I eventually stumbled upon this web site.
Studying this info So i am glad to convey that I’ve a very excellent uncanny feeling I
discovered exactly what I needed. I so much no doubt will make certain to
don?t forget this site and provides it a glance on a relentless
basis. y2yxvvfw cheap flights
I absolutely love your website.. Excellent colors & theme. Did you build this website yourself? Please reply back as I’m planning to create my own personal site and want to learn where you got this from or just what the theme is called. Many thanks!
The very next time I read a blog, I hope that it doesn’t disappoint me just as much as this particular one. I mean, I know it was my choice to read, but I genuinely believed you would probably have something interesting to say. All I hear is a bunch of whining about something you could fix if you weren’t too busy seeking attention.
There’s definately a lot to know about this topic.
I love all of the points you have made.
Good article. I will be going through many of these issues as well..
I really love your blog.. Great colors & theme. Did you develop this site yourself? Please reply back as I’m hoping to create my own website and would like to know where you got this from or exactly what the theme is called. Thanks!
You ought to take part in a contest for one of the best sites on the web. I will recommend this site!
Excellent post! We are linking to this great post on our website. Keep up the good writing.
After looking over a handful of the blog posts on your website, I honestly appreciate your way of blogging. I added it to my bookmark webpage list and will be checking back soon. Please check out my web site as well and let me know your opinion.
Saved as a favorite, I really like your site!
I blog often and I truly thank you for your content. Your article has truly peaked my interest. I am going to take a note of your website and keep checking for new information about once a week. I subscribed to your Feed too.
Good post. I learn something totally new and challenging on websites I stumbleupon on a daily basis. It’s always useful to read articles from other writers and use a little something from other websites.
Hi, I do believe this is an excellent blog. I stumbledupon it 😉 I’m going to return yet again since i have saved as a favorite it. Money and freedom is the greatest way to change, may you be rich and continue to help others.
This is the perfect webpage for anybody who would like to find out about this topic. You know a whole lot its almost hard to argue with you (not that I really would want to…HaHa). You certainly put a new spin on a subject that’s been discussed for years. Wonderful stuff, just great!
bookmarked!!, I like your web site!
I like it whenever people get together and share ideas. Great website, stick with it!
That is a good tip particularly to those new to the blogosphere. Simple but very precise information… Thank you for sharing this one. A must read article!
You need to take part in a contest for one of the best sites on the internet. I am going to recommend this blog!
This website was… how do you say it? Relevant!! Finally I’ve found something that helped me. Many thanks!
An intriguing discussion is worth comment. There’s no doubt that that you ought to publish more on this subject matter, it might not be a taboo matter but typically folks don’t discuss these topics. To the next! All the best!!
That is a very good tip particularly to those new to the blogosphere. Brief but very precise information… Thanks for sharing this one. A must read article!
Pretty! This has been an incredibly wonderful article. Thanks for supplying this info.