Stalkerware Developer Demands TechCrunch Remove Article Detailing Its Leaking Of Sensitive Data
from the set-weapons-to-'backfire' dept
Last week, stalkerware purveyor ClevGuard was discovered to be hosting tons of sensitive data harvested from victims' phones in an Alibaba data bucket set to public with no password protection. ClevGuard makes KidsGuard, an app whose name suggests it's something parents can use to monitor their children's cell phone use, but the developer has helpfully noted the software's also great for monitoring spouses and employees.
After being notified of the issue, Alibaba secured the bucket and made sure ClevGuard was made aware of the problem. But ClevGuard's not finished being stupid about this. Rather than quietly go about securing its exfiltrated data -- which includes contacts, photos, GPS location data, and content harvested from a variety of messaging apps -- the company has decided it would like to raise its infamy level and ensure even more people know about its horrific stalkerware.
Zack Whittaker broke the news at TechCrunch, publishing a lengthy expose of both the product and its insecure data storage. And now ClevGuard is baselessly demanding he take down his article.
We just received an email from ClevGuard asking us to delete the two articles we published this week about the KidsGuard stalkerware, which has been used to spy on thousands of victims.
We declined.
Anyway, here's the story they don't want you to read. https://t.co/sSaaRgdm9A
— Zack Whittaker (@zackwhittaker) February 24, 2020
If you can't see/read the tweet, Whittaker says:
We just received an email from ClevGuard asking us to delete the two articles we published this week about the KidsGuard stalkerware, which has been used to spy on thousands of victims.
We declined.
Whittaker has also put together a how-to guide for removing this stalkerware from your device, which probably isn't improving TechCrunch/ClevGuard relations.
And while we're discussing ClevGuard, let's take a quick look at its marketing efforts, which directly contradict the End User License Agreement the company pushes on users.
Here are the limitations ClevGuard supposedly imposes on users, in all of its original, gloriously-broken English:
You comprehend that the Site and ClevGuard will be utilized just for the reasons for underneath (I) parental control of their kids, (ii) on a gadget, which is of your possession, under such situation, you should get authorization from the client being observed, (iii) other legal points as per the laws in your very own purview. The terms of Child is characterized as underneath:
Youngster: Your very own lawful kid that is under the legitimate age of 18 (as characterized by US law). The kid must be observed utilizing a perfect telephone that you possess. You can't screen a kid on the off chance that you hold one of the accompanying connections:
• Brother/Sister
• Step-Brother/Step-Sister
• Step-Father/Step-Mother
• Aunt/Uncle; Cousin/Nephew
• Grandfather/Grandmother
• Great-Grandfather/Great-GrandmotherWorker: Your representative at an organization you claim or a representative at indistinguishable organization from you and you have administrative duties regarding. The representative must be checked utilizing a perfect telephone claimed by the organization and issued to the worker under your organization's approaches with respect to organization telephones. The representative must give assent and be advised they are being observed before checking can start.
So, according to ClevGuard's own EULA, the stalkerware can only "legally" be used to monitor "youngsters" and "workers." (And only on "perfect telephones," which are generally only found in the Oval Office.)
But the company's quasi-blog suggests customers should use the software in ways that break the EULA, offering up reasons why KidsGuard is better than its competitors for stalking spouses and significant others. Here's a post detailing the "2 Best Ways to Track my Girlfriend's Phone," with KidsGuard beating out the built-in "Find My Phone" feature. Here's a list of the "10 Best Couple Tracker Apps" with KidsGuard topping the list. ClevGuard's site is full of "helpful" posts pushing KidsGuard to monitor something other than "youngsters" and "workers," suggesting it's not just "perfect telephones" that can be spied on with ClevGuard's software.
To sum up: ClevGuard is a terrible company offering a horrible product that can be abused to spy on nearly anyone without their knowledge. The data then -- until recently -- ended up in unsecured data buckets. But why should ClevGuard try harder? This sensitive data belongs to people being spied on. Screw them for being covertly surveilled, I guess. Nothing to hide, nothing to fear, etc. The bogus demand TechCrunch remove its article is just the expired icing on ClevGaurd's garbage cake.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: data breaches, kidsguard, leaks, sensitive data, stalkerware
Companies: clevguard, techcrunch
Reader Comments
Subscribe: RSS
View by: Time | Thread
"The kid must be observed utilizing a perfect telephone that you possess."
What is this perfect phone?
[ link to this | view in thread ]
It's a phone that sounds like the sum of its proper divisors.
[ link to this | view in thread ]
re: what is this perfect phone?
It's the kind of device one might use to make a "perfect phone call".... for example....
[ link to this | view in thread ]
Scribble, scribble, write, write...is OK????
If the same person wrote the TOS and the merchandising blog, I can certainly understand the letter requesting the article deletion. This is one very confused person, or they are extremely self centered and have no ability to see the forest or the trees.
[ link to this | view in thread ]
Re: Scribble, scribble, write, write...is OK????
You now leaving the sarcasm of my very own lawful kid, the English of he is the perfect! Work very hard on EULA smart lawyer.
[ link to this | view in thread ]
Who owns clevguard?
[ link to this | view in thread ]
Wink, wink, nudge, nudge
You can only track your kids or your workers on a perfect phone. But [wink, wink, nudge, nudge] if you were to fib [wink, wink, nudge, nudge], it's not like we would check..and if you run it on any phone that happens to run our software even if it's [wink, wink, nudge, nudge] less than perfect, well [wink, wink, nudge, nudge] who's to know? [wink, wink, nudge, nudge]
[ link to this | view in thread ]
Re: re: what is this perfect phone?
...were you so excited about thinking of that joke that you didn't finish the article to see if Tim had already made it?
[ link to this | view in thread ]
Re: Wink, wink, nudge, nudge
[punch, punch, kick, kick]
[ link to this | view in thread ]
Hey Becki!!
Your parents don't trust you, decided spying was a better way to do it, & now your deepest darkest secrets are out there on the web.
Dear parents if you think STALKING your child is the correct way to parent, you have failed.
If you think your kids will thank you someday, stop doing drugs.
You have damaged any shot you had knowing anything about your kids lives. You have shown you are not trustworthy & will treat them not as people but as targets to be secretly monitored.
[ link to this | view in thread ]
Since they suggest doing things that are against the EULA, I wonder if they can get dragged into a lawsuit by someone who discovers this software installed by a stalker.
[ link to this | view in thread ]
Anyone else getting errors trying to go to techcrunch?
[ link to this | view in thread ]
Privacy of Your Data
I love how on the About Us page of ClevGuard, there's this gem "Privacy of your data was our prime concern while designing the product, and we've ensured that your data stay with you, and not us."
If this was their prime concern, what the hell does that say about how the rest of the software is designed?
[ link to this | view in thread ]