An erotic roleplay chatbot and AI image creation platform called Secret Desires left millions of user-uploaded photos exposed and available to the public. The databases included nearly two million photos and videos, including many photos of completely random people with very little digital footprint. 

The exposed data shows how many people use AI roleplay apps that allow face-swapping features: to create nonconsensual sexual imagery of everyone, from the most famous entertainers in the world to women who are not public figures in any way. In addition to the real photo inputs, the exposed data includes AI-generated outputs, which are mostly sexual and often incredibly graphic. Unlike “nudify” apps that generate nude images of real people, these images are putting people into AI-generated videos of hardcore sexual scenarios.  

The legendary hacker conference Hackers on Planet Earth (HOPE) says that it has been “banned” from St. John’s University, the venue where it has held the last several HOPE conferences, because someone told the university the conference had an “anti-police agenda.”

HOPE was held at St. John’s University in 2022, 2024, and 2025, and was going to be held there in 2026, as well. The conference has been running at various venues over the last 31 years, and has become well-known as one of the better hacking and security research conferences in the world. Tuesday, the conference told members of its mailing list that it had “received some disturbing news,” and that “we have been told that ‘materials and messaging’ at our most recent conference ‘were not in alignment with the mission, values, and reputation of St. John’s University’ and that we would no longer be able to host our events there.” 

The conference said that after this year’s conference, they had received “universal praise” from St. John’s staff, and said they were “caught by surprise” by the announcement. 

“What we're told - and what we find rather hard to believe - is that all of this came about because a single person thought we were promoting an anti-police agenda,” the email said. “They had spotted pamphlets on a table which an attendee had apparently brought to HOPE that espoused that view. Instead of bringing this to our attention, they went to the president's office at St. John's after the conference had ended. That office held an investigation which we had no knowledge of and reached its decision earlier this month. The lack of due process on its own is extremely disturbing.”

“The intent of the person behind this appears clear: shut down events like ours and make no attempt to actually communicate or resolve the issue,” the email continued. “If it wasn't this pamphlet, it would have been something else. In this day and age where academic institutions live in fear of offending the same authorities we've been challenging for decades, this isn't entirely surprising. It is, however, greatly disappointing.”

St. John’s University did not immediately respond to a request for comment. Hacking and security conferences in general have a long history of being surveilled by or losing their venues. For example, attendees of the DEF CON hacking conference have reported being surveilled and having their rooms searched; last year, some casinos in Las Vegas made it clear that DEF CON attendees were not welcome. And academic institutions have been vigorously attacked by the Trump administration over the last few months over the courses they teach, the research they fund, and the events they hold, though we currently do not know the specifics of why St. John’s made this decision. 

It is not clear what pamphlets HOPE is referencing, and the conference did not immediately respond to a request for comment, but the conference noted that St. Johns could have made up any pretext for banning them. It is worth mentioning that Joshua Aaron, the creator of the ICEBlock ICE tracking app, presented at HOPE this year. ICEBlock has since been deleted by the Apple App Store and the Google Play store after being pressured by the Trump administration. 

“Our content has always been somewhat edgy and we take pride in challenging policies we see as unfair, exposing security weaknesses, standing up for individual privacy rights, and defending freedom of speech,” HOPE wrote in the email. The conference said that it has not yet decided what it will do next year, but that it may look for another venue, or that it might “take a year off and try to build something bigger.” 

“There will be many people who will say this is what we get for being too outspoken and for giving a platform to controversial people and ideas. But it's this spirit that defines who we are; it's driven all 16 of our past conferences. There are also those who thought it was foolish to ever expect a religious institution to understand and work with us,” the conference added. “We are not changing who we are and what we stand for any more than we'd expect others to. We have high standards for our speakers, presenters, and staff. We value inclusivity and we have never tolerated hate, abuse, or harassment towards anyone. This should not be news, as HOPE has been around for a while and is well known for its uniqueness, spirit, and positivity.” 

Lawyers from the American Civil Liberties Union (ACLU) and Electronic Frontier Foundation (EFF) sued the city of San Jose, California over its deployment of Flock’s license plate-reading surveillance cameras, claiming that the city’s nearly 500 cameras create a pervasive database of residents movements in a surveillance network that is essentially impossible to avoid. 

The lawsuit was filed on behalf of the Services, Immigrant Rights & Education Network and Council on American-Islamic Relations, California, and claims that the surveillance is a violation of California’s constitution and its privacy laws. The lawsuit seeks to require police to get a warrant in order to search Flock’s license plate system. The lawsuit is one of the highest profile cases challenging Flock; a similar lawsuit in Norfolk, Virginia seeks to get Flock’s network shut down in that city altogether.

“San Jose’s ALPR [automatic license plate reader] program stands apart in its invasiveness,” ACLU of Northern California and EFF lawyers wrote in the lawsuit. “While many California agencies run ALPR systems, few retain the locations of drivers for an entire year like San Jose. Further, it is difficult for most residents of San Jose to get to work, pick up their kids, or obtain medical care without driving, and the City has blanketed its roads with nearly 500 ALPRs.”

The lawsuit argues that San Jose’s Flock cameras “are an invasive mass surveillance technology” that “collect[s] driver locations en masse.”

“Most drivers are unaware that San Jose’s Police Department is tracking their locations and do not know all that their saved location data can reveal about their private lives and activities,” it adds. The city of San Jose currently has at least 474 ALPR cameras, up from 149 at the end of 2023; according to data from the city, more than 2.6 million vehicles were tracked using Flock in the month of October alone. The lawsuit states that Flock ALPRs are stationed all over the city, including “around highly sensitive locations including clinics, immigration centers, and places of worship. For example, three ALPR cameras are positioned on the roads directly outside an immigration law firm.” 

Andrew Crocker, surveillance litigation director for the EFF, told 404 Media in a phone call that “it’s fair to say that anyone driving in San Jose is likely to have their license plates captured many times a day. That pervasiveness is important.”

A search of DeFlock, a crowdsourced map of ALPR deployments around the country, shows hundreds of cameras in San Jose spaced essentially every few blocks around the city. The map is not exhaustive.

The lawsuit argues that warrantless searches of these cameras are illegal under the California constitution’s search and seizure clause, which Crocker said “has been interpreted to be even stronger than the Fourth Amendment,” as well as other California privacy laws. The case is part of a broader backlash against Flock as it expands around the United States. 404 Media’s reporting has shown that the company collects millions of records from around the country, and that it has made its national database of car locations available to local cops who have in turn worked with ICE. Some of those searches have violated California and Illinois law, and have led to reforms from the company. Crocker said that many of these problems will be solved if police simply need to get a warrant to search the system.

“Our legal theory and the remedy we’re seeking is quite simple. We think they need a warrant to search these databases,” he said. “The warrant requirement is massive and should help in terms of preventing these searches because they will have to be approved by a judge.” The case in Norfolk is ongoing. San Jose Police Department and Flock did not immediately respond to a request for comment. 

Airlines Reporting Corporation (ARC), a data broker owned by the U.S.’s major airlines, will shut down a program in which it sold access to hundreds of millions of flight records to the government and let agencies track peoples’ movements without a warrant, according to a letter from ARC shared with 404 Media.

ARC says it informed lawmakers and customers about the decision earlier this month. The move comes after intense pressure from lawmakers and 404 Media’s months-long reporting about ARC’s data selling practices. The news also comes after 404 Media reported on Tuesday that the IRS had searched the massive database of Americans flight data without a warrant.

“As part of ARC’s programmatic review of its commercial portfolio, we have previously determined that TIP is no longer aligned with ARC’s core goals of serving the travel industry,” the letter, written by ARC President and CEO Lauri Reishus, reads. TIP is the Travel Intelligence Program. As part of that, ARC sold access to a massive database of peoples’ flights, showing who travelled where, and when, and what credit card they used. 

“All TIP customers, including the government agencies referenced in your letter, were notified on November 12, 2025, that TIP is sunsetting this year,” Reishus continued. Reishus was responding to a letter sent to airline executives earlier on Tuesday by Senator Ron Wyden, Congressman Andy Biggs, Chair of the Congressional Hispanic Caucus Adriano Espaillat, and Senator Cynthia Lummis. That letter revealed the IRS’s warrantless use of ARC’s data and urged the airlines to stop the ARC program. ARC says it notified Espaillat's office on November 14.

ARC is co-owned by United, American, Delta, Southwest, JetBlue, Alaska, Lufthansa, Air France, and Air Canada. The data broker acts as a bridge between airlines and travel agencies. Whenever someone books a flight through one of more than 12,800 travel agencies, such as Expedia, Kayak, or Priceline, ARC receives information about that booking. It then packages much of that data and sells it to the government, which can search it by name, credit card, and more. 404 Media has reported that ARC’s customers include the FBI, multiple components of the Department of Homeland Security, ATF, the SEC, TSA, and the State Department.  

Espaillat told 404 Media in a statement “this is what we do. This is how we’re fighting back. Other industry groups in the private sector should follow suit. They should not be in cahoots with ICE, especially in ways may be illegal.”

Wyden said in a statement “it shouldn't have taken pressure from Congress for the airlines to finally shut down the sale of their customers’ travel data to government agencies by ARC, but better late than never. I hope other industries will see that selling off their customers' data to the government and anyone with a checkbook is bad for business and follow suit.”

“Because ARC only has data on tickets booked through travel agencies, government agencies seeking information about Americans who book tickets directly with an airline must issue a subpoena or obtain a court order to obtain those records. But ARC’s data sales still enable government agencies to search through a database containing 50% of all tickets booked without seeking approval from a judge,” the letter from the lawmakers reads.

Update: this piece has been updated to include statements from CHC Chair Espaillat and Senator Wyden.

The IRS accessed a database of hundreds of millions of travel records, which show when and where a specific person flew and the credit card they used, without obtaining a warrant, according to a letter signed by a bipartisan group of lawmakers and shared with 404 Media. The country’s major airlines, including Delta, United Airlines, American Airlines, and Southwest, funnel customer records to a data broker they co-own called the Airlines Reporting Corporation (ARC), which then sells access to peoples’ travel data to government agencies.

The IRS case in the letter is the clearest example yet of how agencies are searching the massive trove of travel data without a search warrant, court order, or similar legal mechanism. Instead, because the data is being sold commercially, agencies are able to simply buy access. In the letter addressed to nine major airlines, the lawmakers urge them to shut down the data selling program. Update: after this piece was published, ARC said it already planned to shut down the program. You can read more here.

The Department of Homeland Security claimed in court proceedings that nearly two weeks worth of surveillance footage from ICE’s Broadview Detention Center in suburban Chicago has been “irretrievably destroyed” and may not be able to be recovered, according to court records reviewed by 404 Media.

The filing was made as part of a class action lawsuit against the Department of Homeland Security by people being held at Broadview, which has become the site of widespread protests against ICE. The lawsuit says that people detained at the facility are being held in abhorrent, “inhumane” conditions. The complaint describes a facility where detainees are “confined at Broadview inside overcrowded holding cells containing dozens of people at a time. People are forced to attempt to sleep for days or sometimes weeks on plastic chairs or on the filthy concrete floor. They are denied sufficient food and water […] the temperatures are extreme and uncomfortable […] the physical conditions are filthy, with poor sanitation, clogged toilets, and blood, human fluids, and insects in the sinks and the floor […] federal officers who patrol Broadview under Defendants’ authority are abusive and cruel. Putative class members are routinely degraded, mistreated, and humiliated by these officers.” 

As part of discovery in the case, the plaintiffs’ lawyers requested surveillance footage from the facility starting from mid September, which is when ICE stepped up its mass deportation campaign in Chicago. In a status report submitted by lawyers from both the plaintiffs and the Department of Homeland Security, lawyers said that nearly two weeks of footage has been “irretrievably destroyed.”

“Defendants have agreed to produce. Video from September 28, 2025 to October 19, 2025, and also from October 31, 2025 to November, 7 2025,” the filing states. “Defendants have indicated that some video between October 19, 2025 and October 31, 2025 has been irretrievably destroyed and therefore cannot be produced on an expedited basis or at all.” Law & Crime first reported on the filing.

The filing adds that the plaintiffs, who are being represented by lawyers from the American Civil Liberties Union of Illinois, the MacArthur Justice Center, and the Eimer Stahl law firm, hired an IT contractor to work with the government “to attempt to work through issues concerning the missing video, including whether any content is able to be retrieved.”

Surveillance footage from inside the detention center would presumably be critical in a case about the alleged abusive treatment of detainees and inhumane living conditions. The filing states that the plaintiffs' attorneys have “communicated to Defendants that they are most concerned with obtaining the available surveillance videos as quickly as possible.”

ICE did not respond to a request for comment from 404 Media. A spokesperson for the ACLU of Illinois told 404 Media “we don’t have any insight on this. Hoping DHS can explain.”