Stalkerware Developer Demands TechCrunch Remove Article Detailing Its Leaking Of Sensitive Data

from the set-weapons-to-'backfire' dept

Last week, stalkerware purveyor ClevGuard was discovered to be hosting tons of sensitive data harvested from victims' phones in an Alibaba data bucket set to public with no password protection. ClevGuard makes KidsGuard, an app whose name suggests it's something parents can use to monitor their children's cell phone use, but the developer has helpfully noted the software's also great for monitoring spouses and employees.

After being notified of the issue, Alibaba secured the bucket and made sure ClevGuard was made aware of the problem. But ClevGuard's not finished being stupid about this. Rather than quietly go about securing its exfiltrated data -- which includes contacts, photos, GPS location data, and content harvested from a variety of messaging apps -- the company has decided it would like to raise its infamy level and ensure even more people know about its horrific stalkerware.

Zack Whittaker broke the news at TechCrunch, publishing a lengthy expose of both the product and its insecure data storage. And now ClevGuard is baselessly demanding he take down his article.

If you can't see/read the tweet, Whittaker says:

We just received an email from ClevGuard asking us to delete the two articles we published this week about the KidsGuard stalkerware, which has been used to spy on thousands of victims.

We declined.

Whittaker has also put together a how-to guide for removing this stalkerware from your device, which probably isn't improving TechCrunch/ClevGuard relations.

And while we're discussing ClevGuard, let's take a quick look at its marketing efforts, which directly contradict the End User License Agreement the company pushes on users.

Here are the limitations ClevGuard supposedly imposes on users, in all of its original, gloriously-broken English:

You comprehend that the Site and ClevGuard will be utilized just for the reasons for underneath (I) parental control of their kids, (ii) on a gadget, which is of your possession, under such situation, you should get authorization from the client being observed, (iii) other legal points as per the laws in your very own purview. The terms of Child is characterized as underneath:

Youngster: Your very own lawful kid that is under the legitimate age of 18 (as characterized by US law). The kid must be observed utilizing a perfect telephone that you possess. You can't screen a kid on the off chance that you hold one of the accompanying connections:

• Brother/Sister
• Step-Brother/Step-Sister
• Step-Father/Step-Mother
• Aunt/Uncle; Cousin/Nephew
• Grandfather/Grandmother
• Great-Grandfather/Great-Grandmother

Worker: Your representative at an organization you claim or a representative at indistinguishable organization from you and you have administrative duties regarding. The representative must be checked utilizing a perfect telephone claimed by the organization and issued to the worker under your organization's approaches with respect to organization telephones. The representative must give assent and be advised they are being observed before checking can start.

So, according to ClevGuard's own EULA, the stalkerware can only "legally" be used to monitor "youngsters" and "workers." (And only on "perfect telephones," which are generally only found in the Oval Office.)

But the company's quasi-blog suggests customers should use the software in ways that break the EULA, offering up reasons why KidsGuard is better than its competitors for stalking spouses and significant others. Here's a post detailing the "2 Best Ways to Track my Girlfriend's Phone," with KidsGuard beating out the built-in "Find My Phone" feature. Here's a list of the "10 Best Couple Tracker Apps" with KidsGuard topping the list. ClevGuard's site is full of "helpful" posts pushing KidsGuard to monitor something other than "youngsters" and "workers," suggesting it's not just "perfect telephones" that can be spied on with ClevGuard's software.

To sum up: ClevGuard is a terrible company offering a horrible product that can be abused to spy on nearly anyone without their knowledge. The data then -- until recently -- ended up in unsecured data buckets. But why should ClevGuard try harder? This sensitive data belongs to people being spied on. Screw them for being covertly surveilled, I guess. Nothing to hide, nothing to fear, etc. The bogus demand TechCrunch remove its article is just the expired icing on ClevGaurd's garbage cake.

Filed Under: data breaches, kidsguard, leaks, sensitive data, stalkerware
Companies: clevguard, techcrunch


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 25 Feb 2020 @ 1:26pm

    "The kid must be observed utilizing a perfect telephone that you possess."

    What is this perfect phone?

    reply to this | link to this | view in chronology ]

  • icon
    MO'B (profile), 25 Feb 2020 @ 1:59pm

    re: what is this perfect phone?

    It's the kind of device one might use to make a "perfect phone call".... for example....

    reply to this | link to this | view in chronology ]

    • icon
      Thad (profile), 25 Feb 2020 @ 3:43pm

      Re: re: what is this perfect phone?

      ...were you so excited about thinking of that joke that you didn't finish the article to see if Tim had already made it?

      reply to this | link to this | view in chronology ]

  • icon
    Anonymous Anonymous Coward (profile), 25 Feb 2020 @ 2:53pm

    Scribble, scribble, write, write...is OK????

    If the same person wrote the TOS and the merchandising blog, I can certainly understand the letter requesting the article deletion. This is one very confused person, or they are extremely self centered and have no ability to see the forest or the trees.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Feb 2020 @ 3:04pm

      Re: Scribble, scribble, write, write...is OK????

      You now leaving the sarcasm of my very own lawful kid, the English of he is the perfect! Work very hard on EULA smart lawyer.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Feb 2020 @ 3:36pm

    Who owns clevguard?

    reply to this | link to this | view in chronology ]

  • icon
    Coyne Tibbets (profile), 25 Feb 2020 @ 3:40pm

    Wink, wink, nudge, nudge

    You can only track your kids or your workers on a perfect phone. But [wink, wink, nudge, nudge] if you were to fib [wink, wink, nudge, nudge], it's not like we would check..and if you run it on any phone that happens to run our software even if it's [wink, wink, nudge, nudge] less than perfect, well [wink, wink, nudge, nudge] who's to know? [wink, wink, nudge, nudge]

    reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 25 Feb 2020 @ 9:33pm

    Hey Becki!!
    Your parents don't trust you, decided spying was a better way to do it, & now your deepest darkest secrets are out there on the web.

    Dear parents if you think STALKING your child is the correct way to parent, you have failed.
    If you think your kids will thank you someday, stop doing drugs.

    You have damaged any shot you had knowing anything about your kids lives. You have shown you are not trustworthy & will treat them not as people but as targets to be secretly monitored.

    reply to this | link to this | view in chronology ]

  • identicon
    Pixelation, 26 Feb 2020 @ 12:04am

    Since they suggest doing things that are against the EULA, I wonder if they can get dragged into a lawsuit by someone who discovers this software installed by a stalker.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 Feb 2020 @ 7:00am

    Anyone else getting errors trying to go to techcrunch?

    reply to this | link to this | view in chronology ]

  • icon
    Dirkmaster (profile), 26 Feb 2020 @ 7:41am

    Privacy of Your Data

    I love how on the About Us page of ClevGuard, there's this gem "Privacy of your data was our prime concern while designing the product, and we've ensured that your data stay with you, and not us."

    If this was their prime concern, what the hell does that say about how the rest of the software is designed?

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.