If you missed Part I involving Cloudflare (who, to date, have not responded), or Part II, in which Cyble and Flock accuse me of phishing and trademark infringement, you may want to read those parts first.
This morning, Cyble sent a follow-up notice to Hetzner, the German cloud provider currently hosting this website. In it, they claim that this “website poses an immediate threat to public safety and exposes law enforcement officers to danger, in clear violation of our client’s users’ rights and its intellectual property rights.”
Cyble does not offer any evidence, nor any details regarding Flock’s apparently exclusive intellectual property right on posing a threat to public safety.
Part 2.5: Oops, I missed a part
(Edit: December 29, 3:45 pm, Cornfield Standard Time): Apparently, I missed an attachment that was sent along with the first statement to Hetzner. In the interest of fair reporting, I decided to edit this post and include it here rather than burying it in an old post. I want to be sure I provide an accurate view of the weight of the evidence presented by Flock, via Cyble:
Don’t attempt to adjust your screen — they did, in fact, send it as a JPEG. The QR code contains the
text https://haveibeenflocked.com/.
The screenshot appears to show most of this website’s IP-address in the frontpage input box, with a message saying it’s not a valid license plate.[1] I have no idea why.
The text in the screenshot is a little hard to read because of the watermarking, but if you zoom in, you’ll see the following notice:
GlobalEyez appears to be a Cologne-based “brand protection” company that charges $20 for the “Screenseal” tool used here.
It’s a tool that certifies the integrity and authenticity of screenshots. You know, to be able to prove in court that images are genuine; a higher standard than Flock applies to its own ALPR images.
It looks like that $20 was simply too much for Cyble ($44.8M raised) or a16z-backed Flock ($655.6M raised) to bear. They pirated software to file a complaint about intellectual property infringement.
Part III: Cyble’s Second Attempt
What follows is Cyble’s full second statement, as well as my response.
Hetzner’s email:
Dear Mr van Pelt,
We have received an abuse report for your IP address 5.78.142.181.
This is the complainant’s answer:
We are writing to update you on our complaint regarding this website, which presents a significant security risk to our client and its users. The website poses an immediate threat to public safety and exposes law enforcement officers to danger, in clear violation of our client’s users’ rights and its intellectual property rights.
The website publicly and deliberately discloses extensive, sensitive information obtained from Flock and its automated license plate reader (ALPR) systems with the apparent intent to undermine law enforcement operations. It hosts three searchable databases that expose critical operational intelligence. Such disclosure of sensitive data substantially heightens the risk to officers and the public and necessitates urgent remedial action.
Please be informed that our client is a renowned company in US and directly works with govt agencies.
Attached is the letter from our Client in support of the complaint for your reference.
In view of the above, kindly suspend the services and stop the hosting of the website at the earliest convenience.
We will need a reply from you within the next 24 hours.
Response
Dear Hetzner,
The complainant’s latest response significantly shifts his allegations, effectively abandoning the original claims of “phishing” and “trademark infringement.” He has now pivoted to vague, unsubstantiated accusations regarding “public safety” and “intellectual property.”
The complainant refers to a “letter from our Client in support of the complaint for your reference.” This letter was not included in the notice sent to me. I cannot respond to claims I have not seen, and I request that Hetzner forward this document immediately if it is being used to evaluate this complaint.
The complainant mischaracterizes the data on my website. These are not “sensitive information obtained from Flock”; they are public records released by government agencies under state public records laws. These records document the use of surveillance technology by public tax-funded entities. The publication of such records is a protected journalistic activity.
As Mr. Siah points out, his alleged client “directly works with govt agencies.” Had any of these agencies believed they were endangered by my speech, or that I am engaged in any criminal act such as interfering with law enforcement operations, they would surely have knocked on my door.
Instead, Mr. Siah—who is not, to my knowledge, an attorney—asks you to accept an informal complaint on behalf of his employer (Cyble), on behalf of their client (Flock), on behalf of an unnamed agency allegedly “in danger” from information he has not identified, on a website he has not meaningfully described. This is a transparent attempt to use a hosting provider’s phishing complaint process to bypass the legal standards required for a court-ordered takedown—standards Mr. Siah knows he could not possibly meet.
While the complainant also newly mentions “intellectual property rights,” he has failed to identify any specific copyrighted material or patented technology being infringed. Mr. Siah appears simply to be trawling through legal theories and accusations, hoping one will stick—an ironic strategy for a complaint filed under “phishing.”
In summary, this complaint should be dismissed as frivolous. The complainant has failed to identify any violation of Hetzner’s Terms of Service, any applicable law, or any actual abuse. If the complainant or his alleged client, or their alleged government clients, wish to challenge my exercise of free speech or my lawful publication of public records, avenues exist outside Hetzner’s phishing complaint process.
I will update this post when Hetzner responds. In the meantime, the site remains online, the public records remain searchable, and the audit logs continue to tell stories the company would rather you not read—like yesterday’s article on how 3,466 Flock searches failed to find a missing teen, while a woman at a Nebraska truck stop succeeded, or the newly-published logs showing a Texas officer justified a 30-day nationwide location history lookup with the reason “gypsy crap.”
Part III + ½: Support from Flock
It turns out Flock already sent a statement in support of haveibeenflocked.com to its customers.
I forwarded it to Hetzner:
Dear Hetzner,
Please find attached a customer communication from Flock Safety discussing my website—the same website Cyble alleges “discloses extensive, sensitive information obtained from Flock.”
In this email, dated December 8, 2025, Chris Colwell, Flock’s Vice President of Solution Engineering, writes to “provide factual context about what is happening”:
Recently, a third-party website began aggregating search information that appears to have been released through these public-records processes.
And, under “What’s happening”:
Based on what we have seen, websites like the one circulating online are using agency-released public-records data.
The email lists customer “concerns.” Causing “concerns” about government surveillance is a side effect of legitimate, transparent reporting. It is neither “phishing,” nor a violation of Hetzner’s Terms of Service.
Flock’s own communications confirm what I have stated from the outset: my website publishes government records released through public records processes. This is protected journalism, not “phishing.”
Nevertheless, nine days after Flock’s email, Cyble filed a phishing complaint with Hetzner. Instead of presenting any evidence of any violation, Cyble made various unsupported allegations about copyright and trademarks.
Flock knew the nature of my website before it sent Cyble to file the complaint. It was a deliberate fabrication to shut down reporting on the company’s activities.
I ask again that this baseless complaint be dismissed. No evidence of any violation has been presented, and the complainant’s own client has contradicted the allegations in writing.
I also respectfully suggest that Hetzner consider whether Cyble should remain a trusted source for abuse reports, given their demonstrated willingness to misuse this process against legitimate customers.
Finally, in the interest of transparency and potential further actions, I request that Hetzner forward the attachment referenced—but not included—in the previous notification.
Good looking out, Flock.
Because, unlike Flock’s “reason” field, my inputs don’t accept arbitrary values. ↩︎