SoylentNews

aristarchus [soylentnews.org] writes:

Tech Crunch [techcrunch.com]:

Since it exploded onto the scene in January after a newspaper exposé, [nytimes.com] Clearview AI quickly became one of the most elusive, secretive and reviled companies in the tech startup scene.

The controversial facial recognition startup allows its law enforcement users to take a picture of a person, upload it and match it against its alleged database of 3 billion images, which the company scraped from public social media profiles [techcrunch.com].

But for a time, a misconfigured server exposed the company’s internal files, apps and source code for anyone on the internet to find.

Mossab Hussein, chief security officer at Dubai-based cybersecurity firm SpiderSilk, found the repository storing Clearview’s source code. Although the repository was protected with a password, a misconfigured setting allowed anyone to register as a new user to log in to the system storing the code.

Well, yeah, but:

Clearview has been dogged by privacy concerns since it was forced out of stealth following a profile in The New York Times, but its technology has gone largely untested and the accuracy of its facial recognition tech unproven [buzzfeednews.com]. Clearview claims it only allows law enforcement to use its technology, but reports show that the startup courted users [techcrunch.com] from private businesses like Macy’s, Walmart and the NBA. But this latest security lapse is likely to invite greater scrutiny of the company’s security and privacy practices.

When reached for comment, Clearview founder Hoan Ton-That claimed his company “experienced a constant stream of cyber intrusion attempts, and have been investing heavily in augmenting our security.”

Earlier coverage of this fine spy company at:
The Verge [theverge.com]
Boing-boing [boingboing.net]
HuffPost [huffpost.com]

Original Submission