A stalkerware [https://techcrunch.com/2025/04/25/techcrunch-reference-guide-to-security-terminology/#stalkerware] maker who was banned from the surveillance industry after a data breach that exposed the personal information of its customers, as well as the people they were spying on, will not be able to return to selling invasive software, according to the U.S. Federal Trade Commission (FTC).

FTC mohon kërkesën për heqjen e ndalimit

The FTC denied a request to cancel that ban made by Scott Zuckerman, the founder of consumer spyware company Support King and its subsidiaries SpyFone and OneClickMonitor. On Monday, the FTC announced the denial in a press release [https://www.ftc.gov/news-events/news/press-releases/2025/12/ftc-denies-petition-spyfone-app-ceo-vacate-2021-order] after Zuckerman petitioned [https://techcrunch.com/2025/07/21/serial-spyware-founder-scott-zuckerman-wants-the-ftc-to-unban-him-from-the-surveillance-industry/] the federal watchdog to rescind or modify the ban order in July of this year.

In 2021, the FTC banned Zuckerman [http://techcrunch.com/2021/09/02/spyfone-ftc-stalkerware/] from “offering, promoting, selling, or advertising any surveillance app, service, or business,” which effectively prevented him from running another stalkerware business. The agency also ordered Zuckerman to delete all the data collected by SpyFone, as well as to undergo frequent audits and to establish certain cybersecurity practices for his businesses.

“SpyFone is a brazen brand name for a surveillance business that helped stalkers steal private information,” said Samuel Levine, acting director of the FTC’s Bureau of Consumer Protection. “The stalkerware was hidden from device owners, but was fully exposed to hackers who exploited the company’s slipshod security.”

Shkeljet e të dhënave dhe rreziku i përsëritjes së shkeljeve

In his petition [https://www.regulations.gov/document/FTC-2025-0198-0001], Zuckerman claimed that the FTC order’s security requirements have made it harder for him to run his other businesses due to financial costs, even though Support King is no longer in operation. Now, he states that he only runs a restaurant and plans tourism ventures in Puerto Rico.

When contacted via email, Zuckerman declined to comment and referred questions to his lawyer.

Baza e ndalimit të FTC vjen nga një incident në 2018, kur një studiues sigurie zbuloi një Amazon S3 bucket që i përkiste SpyFone [http://vice.com/en/article/spyware-company-spyfone-terabytes-data-exposed-online-leak/], ku ishin lënë të hapura të dhënat jashtëzakonisht sensitive — përfshirë selfie, mesazhe tekst, mesazhe nga aplikacione bisedash, regjistrime audio, kontakte, lokacione, fjalëkalime të hashed dhe të dhëna të tjera hyrëse — të ekspozuara online për këdo që mund t’i shihte dhe t’i aksesonte.

The exposed data included 44,109 unique email addresses and, according to the researcher who found the breach, “at least 2,208 current ‘customers’ and hundreds or thousands of photos and audio in each folder” from 3,666 phones that had the SpyFone stalkerware installed on them.

Less than a year after the 2021 FTC order, TechCrunch reported [https://techcrunch.com/2022/12/17/support-king-ftc-spytrac/] that Zuckerman appeared to be running another stalkerware company. In 2022, TechCrunch received a trove of breached data from the stalkerware app SpyTrac. The data showed SpyTrac was run by freelance developers with direct ties to Support King, apparently in an attempt to circumvent the FTC’s ban. Moreover, the breached data included records from SpyFone, which Zuckerman was ordered to delete, and keys to access the cloud storage of OneClickMonitor, another one of his stalkerware apps.

Eva Galperin, a prominent expert on stalkerware, celebrated the news. “Mr. Zuckerman was clearly hoping that if he laid low for a few years, everyone would forget about the reasons why the FTC issued a ban not only against the company, but against him specifically,” Galperin told TechCrunch. TechCrunch’s revelation in 2022 that Zuckerman apparently violated the FTC ban, “suggests that Zuckerman did not learn his lesson,” added Galperin, who is the director of cybersecurity at the digital rights nonprofit Electronic Frontier Foundation.

Stalkerware apps allow their customers to surreptitiously spy on the phones and devices of their loved ones. In addition to enabling potentially illegal activities, for the last eight years, there have been at least 26 stalkerware companies that have been hacked or left sensitive data exposed online, according to TechCrunch’s tally [http://techcrunch.com/2025/07/02/hacked-leaked-exposed-why-you-should-stop-using-stalkerware-apps/]. These repeated incidents show these companies have repeatedly failed to protect the privacy of their customers, as well as the people they spy on.

Nëse keni informacione për prodhues të tjerë stalkerware, mund të kontaktoni Lorenzo Franceschi-Bicchierai në mënyrë të sigurt përmes Signal në +1 917 257 1382, ose Telegram dhe Keybase @lorenzofb, ose email [[email protected]/].

Tags: FTC, stalkerware, Scott Zuckerman, privatësia e të dhënave, shkelje sigurie, SpyFone