Nexanet
<- Go Back

License Plate Reader Company Flock Said It Does Not Use Dark Web Data. My Analysis of Their Code Tells a Different Story

Security Research Team
Joshua
Published December 11, 2025

On May 14 2025, 404 Media published an investigation alleging that Flock Safety's upcoming product, Flock Nova, integrates people lookup data sourced from hacked and breached databases. You can read the full report here.

On May 30 2025, Flock Safety pushed back with a blog post titled Correcting the Record: Flock Nova Will Not Supply Dark Web Data, available here, insisting that Nova does not ingest, process, or supply dark web or breach data.

This analysis builds on our earlier research into Flock's infrastructure, including a misconfigured demo that exposed their 83,000-camera network.

Search config entry showing DarkData key, permission, endpoint, and resultKey darkDocs

My analysis of the Nova codebase suggests a very different story. Nova's front end defines, fetches, stores, and displays a data source explicitly named Dark Data, with selectors for extremely sensitive identifiers like Social Security Numbers, credit card numbers, crypto wallets, IP addresses, usernames, and more.

Search config entry showing DarkData key, permission, endpoint, and resultKey darkDocs

If Nova will not supply dark web data, why does it contain a first class, user facing Dark Data search pipeline tied to an endpoint called dark/getExtDarkData?

Nova search config defines Dark Data as a live data source

Nova's search configuration file registers Dark Data as one of the system's primary search types. The object includes the key, endpoint, result bucket, and permission flag that control how Dark Data is queried and where results are stored.

Data source object for DarkData including getPayload that routes SSN, CCN, crypto, IP, and username

As the screenshot shows, Dark Data is tied to dark/getExtDarkData and a result bucket named darkDocs, gated by a permission flag called hasDarkDataAccess. The payload builder routes fields like email, phone, SSN, credit cards, crypto wallets, IP addresses, and usernames straight into that endpoint.

Search data configuration referencing DarkData and darkDocs

The UI exposes Dark Data search when permissions are enabled

Dark Data is not a hidden toggle or dead feature. When the hasDarkDataAccess flag is present, Nova renders a dedicated Dark Data search experience in the UI and adds it to the Data Types grid and advanced search modal.

Advanced Dark Data search UI with tabs for SSN, email, IP, crypto wallet, credit card, Discord, Telegram, and user

The Advanced Dark Data Search view lets investigators search by SSN, email, IP address, crypto wallet, credit card number, Discord and Telegram handles, or a free form user or keyword. Each selector has its own tab and icon. That is a deliberate, polished UI, not scrap code.

Phone searches automatically fetch Dark Data

Nova does not limit Dark Data to manual searches. When the Dark Data permission is active, standard phone searches also call dark/getExtDarkData behind the scenes.

Phone search code building a Dark Data payload for SSN, email, IP, crypto wallet, credit card and more

The phone search code builds a Dark Data payload using the normalized phone number along with optional fields such as SSN, email, IP address, crypto wallet, and credit card number. It logs a status message like “Fetching Dark Data” and only runs when decoded.hasDarkDataAccess is true. If you do not have that permission, the function exits early. Anyone who does have the flag can pull breach style results as part of a routine phone search.

Dark Data is stored as a first class data type

Once Dark Data results come back from the endpoint, Nova stores them in a shared state object alongside people, vehicles, signals, and other core datasets.

AllData context listing darkDocs next to persons, phones, vehicles, and signals

The AllDataContext provider includes darkDocs: [] right next to persons, phones, vehicles, license-plate reads, signals, IP addresses, incidents, and warrants. Dark Documents are available to every part of the product that consumes shared data, from search panels to dashboards and investigations.

API responses reveal classic breach metadata

The Dark Data endpoint does not simply return opaque strings. The UI renders structured metadata that looks very similar to information commonly seen in large credential leaks and breach repositories.

Dark Data table columns Crawl Date, Network, Leak Name, Leak Host, Download Location, Open

In the Dark Data table you can see columns for crawl date, network, leak name, leak host, download location, and an open link. That terminology strongly resembles what is used on leak sites and breach archives, rather than typical public records databases.

Dark Documents attach directly to investigations

Nova does not stop at retrieving Dark Data. It integrates Dark Documents into the same investigation flow that handles persons, RMS entities, and other law enforcement data.

Mapping that turns darkDocs into Dark Documents in Nova investigations

The mapping shown here turns the internal result key darkDocs into a user facing label “Dark Documents.” Investigation cards list these Dark Documents alongside RMS Persons, signals, and other case linked records, and the code supports adding and removing them from cases and showing counts like “Dark Documents: X.” Dark Data appears to be treated as part of the investigative lifecycle, rather than as a side experiment.

What Flock Safety says compared to what the code shows

Flock Safety's public statement says:

“Flock Nova will not supply dark web data.”

The screenshots and code above show something very different. Nova defines a dedicated DarkData search type that targets dark/getExtDarkData, collects selectors like SSNs and credit card numbers, stores the results in darkDocs, exposes Dark Data search in the UI for users withhasDarkDataAccess, attaches Dark Documents to investigations, and even auto fetches breach material during phone searches.

Questions Flock Safety needs to answer

After reviewing both 404 Media's reporting and Flock's rebuttal, and comparing those statements against the code, several questions remain.

  1. If Nova does not use hacked or leaked data, why does the code define DarkData with selectors for Social Security Numbers, credit card numbers, crypto wallets, and other breach type identifiers?
  2. Why does the UI expose a Dark Data search interface with tabs for SSN, credit card number, crypto wallet, and communication handles like Discord and Telegram?
  3. Why do normal phone and vehicle searches call dark/getExtDarkData when hasDarkDataAccess is true?
  4. Who is expected to receive Dark Data access, and under what legal standard? Law enforcement, internal analysts, or private partners?

Americans deserve clear answers because, while Flock, owners of the largest License Plate Reading network in the US, publicly states that Nova will not use dark web data, the features visible in the Nova codebase appear to support people-lookup capabilities that resemble those found in breach-derived datasets.

If Flock Safety has a different explanation for why Dark Data exists and how it is sourced, America deserves to hear it.

Leave it to us to secure
the seemingly impossible

The world's leading All-Source Intelligence Firm for Cybersecurity and Privacy