More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens.

A report from the open-source intelligence community Independent Federated Intelligence Network (IFIN) notes that a new maintainer is spoofing a trusted publisher on the AUR platform to push infected packages.

The Arch Linux distribution is popular among power users and developers, using the AUR catalog to provide the latest versions for installed software, drivers, and the kernel.

AUR is a community-maintained repository for the Arch distribution that contains package build scripts (PKGBUILDs) with instructions for downloading, compiling, and installing software not available in Arch’s official repositories.

AUR is considered essential for any Arch-based distribution because it contains proprietary applications, beta/nightly versions of open-source software, niche utilities, and older versions of packages that retain functionality which may have been removed in later releases.

However, it is not a vetted space, and threat actors can use it to push malware through packages that change ownership without anyone noticing.

According to IFIN member Michael Taggart, the compromised packages are modified with preinstall scripts that download and execute a malicious npm package called atomic-lockfile.

Independent security researcher Whanos notes that one sample of the atomic-lockfile included a Linux ELF payload named deps, which was a “credential stealer with optional root-only eBPF [extended Berkeley Packet Filter] rootkit capabilities.”

“It is designed for developer workstations and build environments. It targets browser and Electron application data, Slack, Microsoft Teams, Discord, GitHub, npm, Vault, Docker/Podman, SSH, VPN material, shell histories, and other local developer secrets,” Whanos says in the report.

With eBPF technology present, the malware can run inside the kernel with elevated privileges and hide local processes.

Supply-chain management company Sonatype also published a report on a campaign targeting the AUR repository and delivering the malicious atomic-lockfile npm package, but using a different method.

Sonatype researchers say that the threat actor hijacked at least 20 orphaned packages on AUR and pushed atomic-lockfile by modifying the PKGBUILD file – a Bash script with the build information needed by Arch Linux packages.

According to the report, the attacker added a post-install script to invoke npm and retrieve the malicious package.

“The modified packages add a post-install script that invokes npm and installs atomic-lockfile during package installation,” Sonatype says.

However, analysis showed that the npm package installed a Linux executable with references to an eBPF rootkit that could hide processes, files, and network interfaces.

Additionally, the Linux binary indicates that it has infostealer functionality, targeting the following types of sensitive information:

• GitHub credentials
• SSH artifacts
• HashiCorp Vault tokens
• Browser cookie databases
• Slack data
• Discord data
• Microsoft Teams data
• Telegram data

Sonatype determined that the binary can archive data, handle multi-part files, and perform HTTP uploads, so the functionality for a typical exfiltration mechanism is present.

AUR maintainers are working to identify and remove all malicious commits, and to ban the accounts pushing them.

In a message to the community, Arch Linux package maintainer Jonathan Grotelüschen urged users to report any malicious package they find.

As a general rule, it’s recommended to only trust projects with frequent updates and an active community around them.

Arch users are advised to review the list of affected packages and look for the indicators of compromise provided in the report from Whanos.

Michael Taggart also pointed to a script that checks for the atomic-lockfile malware on the system.

If compromised packages are found, users should rotate all credentials and consider reinstalling Arch from scratch, since a rootkit may survive normal cleaning efforts.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Welcome back to TechCrunch Mobility, your hub for the future of transportation and now, more than ever, how AI is playing a part. To get this in your inbox, sign up here for free — just click TechCrunch Mobility!

I won’t spend too much time rehashing the SpaceX IPO — every media outlet, including TechCrunch, has spilled enormous amounts of digital ink on the company’s first day of trading. But there are two important data points to note for anyone who closely watches the “future of transportation” industry.

As of market close Friday, SpaceX has a market cap of $2.1 trillion, rocketing past Musk’s other publicly traded company, Tesla. SpaceX is currently the sixth most valuable U.S.-listed company, behind Nvidia, Apple, Alphabet, Microsoft, and Amazon. Tesla’s market cap was $1.52 trillion as of market close.

These two companies could soon become one. There have been plenty of hints and speculation. Last week, senior reporter Sean O’Kane spotted new language in SpaceX’s S-1 document that warns investors of future dilution. The additional sentence reads, “We may issue a significant amount of equity in connection with future transactions.” This isn’t a forecast of some small-scale deal; it likely means Tesla.

On opening day, SpaceX president and COO Gwynne Shotwell added fuel to the speculative fire. During an interview with CNBC, Shotwell seemed open to the idea and said a merger “might make Elon’s life a little easier.”

And if you do want to read more, we have conveniently packed everything together in a single spot, including stories on who wins (Elon Musk) and who might not (lower-tier SPV investors).

A little bird

Senior reporter Tim De Chant heard from a little bird who is familiar with GM and its inner workings that a “foreign supplier” is providing lithium-iron-phosphate (LFP) cells for the 2027 Chevrolet Bolt — and that the automaker currently has no plans to make LFPs for its EVs.

Previously, a Wall Street Journal report said the arrangement with the foreign supplier — identified as Chinese battery manufacturer CATL — was a temporary stopgap. De Chant heard that GM is starting production of LFP at an Ultium plant in the coming weeks, but those cells are destined for energy-storage systems made by LG Energy Solution. The automaker hasn’t yet decided whether LFP has a future in an EV beyond the Bolt.

Meanwhile, EV maker Lucid Motors is going through a bit of executive-level disruption. Emad Dlala, a top executive at Lucid, has left the company just months after being promoted to a leading role, TechCrunch has learned. Dlala’s exit is the first major executive departure since Lucid Motors named Silvio Napoli as its new CEO in April. And we hear there may be more coming.

Got a tip for us? Email Kirsten Korosec at kirsten.korosec@techcrunch.com or my Signal at kkorosec.07, or email Sean O’Kane at sean.okane@techcrunch.com.

Deals!

We can officially say goodbye to the Apple car. Yeah, I know that special project was shut down in 2024. But now there is further proof that Apple has moved well beyond autonomous cars. 

After a tip and some document scouring, we found that Waymo acquired a massive 5,500-acre proving ground in Arizona owned by Route 14 Investment Partners LLC, a Delaware shell company associated with Apple. Waymo acquired the property for $220 million, according to the filing. 

The acquisition is the latest evidence that Waymo is trying to scale up its operations.

Other deals that got more attention …

CameraMatics, an Irish company that uses AI-powered video telematics to help make fleets safer, raised €49 million from a consortium led by U.K. investment firm Blume Equity, the Ireland Strategic Investment Fund, and Goodbody Capital Partners.

Clear Robotics, an Indian tech company developing autonomous ships, raised a $1.75 million pre-Series A funding round led by maritime-focused Shipsfocus Ventures. Katapult Ocean, SGInnovate, M7 Holdings MGS Ventures, and other strategic partners also joined the round.

Evotrex, a startup developing hybrid RV travel trailers, raised $30 million in a Series A funding round. Funding came from a consortium of Chinese and Hong Kong-based investment firms, like GSR United Capital, Forebright Concerto Capital, TTGG Ventures, and Pegasus Capital, among others. Anker, the consumer electronics company, is among its seed investors.

Volteum, a startup that developed fleet management software for electric and mixed fleets, raised €2.5 million in a round led by Movens Capital. WakeUp Capital and Aidiom, as well as existing backers DayOne Capital, Techstars, and Nesprit also participated.

Zepto, the Indian quick-commerce delivery startup, unveiled plans for an initial public offering that could be valued at about $1 billion.

Zūm, a startup that provides transportation services (typically in electric buses) for school-age children, is interviewing banks about a possible IPO, The Information reported.

Notable reads and other tidbits

Decart, an AI startup, unveiled an interactive world model called Oasis 3 that can generate photorealistic driving environments in real time. The startup is initially targeting autonomous vehicle companies that need to simulate rare driving scenarios at scale and plans to expand into robotics and other physical AI applications, senior reporter Rebecca Bellan reported. 

General Motors is pushing deep into batteries — and not for EVs. We covered some of GM’s battery plans last week, but there is more to share. GM announced plans to sell a commercial energy-storage system for AI data centers and the grid. It is partnering with energy-storage startup Peak Energy and will be developing an entirely new sodium-ion battery chemistry tailored for grid-scale deployments. With GM and Ford chasing energy storage — plus a number of startups like Redwood Energy piling in — it seems like everyone wants a piece of Tesla’s battery business. 

Rivian started deliveries of its all-important R2 SUV.

Uber, U.K. startup Wayve, and Waymo are headed toward a robotaxi showdown in London. Here’s why. 

Waymo launched a loyalty program called Waymo Premier, which will offer frequent robotaxi riders a number of perks in exchange for $29.99 per month. The company also released details on a new computer model it created that is designed to more accurately answer a fundamental question: How does its autonomous driving software stack up against humans? 

Wing, the Alphabet-owned autonomous drones company, is pushing into seven more U.S. cities through its partnership with Walmart. Wing isn’t the only company using drones to autonomously deliver groceries, and while it’s certainly not mainstream yet, it isn’t a novelty anymore in certain markets.

One more thing …

Since the SpaceX IPO has just wrapped, I thought I would share some initial reactions from our TechCrunch staff. Senior reporter Sean O’Kane and AI editor Russell Brandom recorded a special episode of the Equity podcast Friday to give first impression. I suggest a listen!

The SpaceX IPO has finally arrived — here’s what TechCrunch editors think so far.

Looking for the most recent Connections answers? Click here for today’s Connections hints, as well as our daily answers and hints for The New York Times Mini Crossword, Wordle, Connections: Sports Edition and Strands puzzles.

Today’s NYT Connections puzzle has a varied mix of difficulty. I really enjoyed the blue group, once I made the connection. Read on for clues and today’s Connections answers.

The Times has a Connections Bot, like the one for Wordle. Go there after you play to receive a numeric score and to have the program analyze your answers. Players who are registered with the Times Games section can now nerd out by following their progress, including the number of puzzles completed, win rate, number of times they nabbed a perfect score and their win streak.

Read more: Hints, Tips and Strategies to Help You Win at NYT Connections Every Time

Hints for today’s Connections groups

Here are four hints for the groupings in today’s Connections puzzle, ranked from the easiest yellow group to the tough (and sometimes bizarre) purple group.

Yellow group hint: Keep at it!

Green group hint: Prep to party.

Blue group hint: Year of the goat.

Purple group hint: Blooming buds.

Answers for today’s Connections groups

Yellow group: Staying power.

Green group: Get ready for a night out.

Blue group: Chinese zodiac animals.

Purple group: Flowers.

Read more: Wordle Cheat Sheet: Here Are the Most Popular Letters Used in English Words

What are today’s Connections answers?

The yellow words in today’s Connections

The theme is staying power. The four answers are legs, momentum, stamina and traction.

The green words in today’s Connections

The theme is get ready for a night out. The four answers are accessorize, change, primp and shower.

The blue words in today’s Connections

The theme is Chinese zodiac animals. The four answers are dog, dragon, horse and snake.

The purple words in today’s Connections

The theme is flowers. The four answers are anemone, larkspur, monkshood and phlox.

A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation.

The U.S. Department of Justice announced Thursday that 44-year-old Oleksii Oleksiyovych Lytvynenko pleaded guilty to conspiracy to commit wire fraud for his role in Conti ransomware attacks conducted between 2021 and 2022.

According to prosecutors, Lytvynenko and his co-conspirators deployed Conti ransomware on victim networks in the United States and abroad, stealing data and encrypting devices to extort Bitcoin ransom payments.

According to the DOJ, Lytvynenko admitted to joining the Conti conspiracy in approximately September 2021 and possessing data stolen from eight U.S. victims and four overseas victims.

He also admitted to joining a team run by another Conti conspirator, where he worked on coding a “loader,” a type of malware used to load software needed to carry out attacks.

The Conti ransomware operation was one of the most prolific cybercrime groups active at the time, targeting hospitals, businesses, schools, and government agencies worldwide.

Court documents state that Conti targeted more than 1,000 victims worldwide and collected over $150 million in ransom payments.

The guilty plea follows Lytvynenko’s extradition from Ireland to the United States after his arrest in July 2023. Lytvynenko now faces a maximum sentence of 20 years in prison.

The Conti ransomware gang emerged from the Ryuk cybercrime group and was closely tied to the TrickBot malware syndicate.

The group became notorious for large-scale attacks against healthcare organizations, governments, and enterprises before shutting down in 2022, following the leak of its internal chats and increased law enforcement pressure.

Security researchers believe former Conti members later splintered into other ransomware groups, including BlackCat, Black Basta, ZEON, Hive, Quantum, BlackByte, Karakurt, and the Silent Ransom Group.

In September 2023, the U.S. and the United Kingdom also sanctioned and charged nine Russian nationals associated with the TrickBot and Conti ransomware cybercrime operations for attacks against more than 900 victims worldwide.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Advertisement

Get the whitepaper

Editor’s take: Google has long moved away from its “don’t be evil” motto, instead deepening its involvement with US defense-related initiatives. The company is reportedly providing expanded access to its AI services for the Department of Defense, including programs associated with Secretary of Defense Pete Hegseth. The shift has reportedly prompted some longtime engineers with ethical objections to leave the company.

René Mayrhofer, a principal software engineer for Android Security and self-described pacifist and privacy advocate, has resigned from Google. The engineer had worked at Mountain View since 2017 but said he had become increasingly dissatisfied with what he sees as the company’s departure from its previously stated – and repeatedly reaffirmed – moral principles.

In a personal farewell note sent to colleagues and obtained by Business Insider, Mayrhofer said he felt he had no choice but to leave, arguing that Google had completely lost its moral compass. The note, sent on May 18, also criticizes the company’s leadership over its decision to move away from carbon-neutral goals, citing the high energy demands required to run Gemini’s AI models.

Even worse, the letter continues, “the current Google management is now signing deals with the US Ministry of War – where ‘any lawful purpose’ by the current US government has already been repeatedly demonstrated to be in violation of international laws.”

Mayrhofer has since confirmed the authenticity of the letter, saying he no longer feels able to work for a company involved in military AI applications. He added that there are still “very good” people at Google, but argued that their influence has become increasingly marginal compared to the company’s overall direction.

Google debuted on Wall Street in 2004, promoting its now-famous “Don’t be evil” motto as part of its outsider image in the tech industry. The phrase was later incorporated into the company’s code of conduct, where it remained – at least in some form – until 2018. Today, the Alphabet-owned company is increasingly involved in AI applications with military use cases and is working with the Pentagon on classified projects.

Google’s evolving stance has proven controversial, with some employees expressing opposition to its defense-related contracts. Mayrhofer noted that Google offered him a job in 2017, but said the company has changed significantly since then. He argued that executive leadership is now approving military-related deals with limited internal discussion or communication.

“I am a pacifist, and have long ago decided that I will not personally work for militaries engaging in offensive warfare,” Mayrhofer said in his letter. Google’s willingness to “proactively harm people is not something that I can or will be involved with.”

The engineer said that, unlike many of his colleagues, he is not financially dependent on Google. In addition to his work on Android, Mayrhofer is also a professor at Johannes Kepler University in Austria. He said he has previously been able to contribute to Android security while maintaining his academic position in the European Union. Now, however, he fears that some of Google’s AI products could be used for mass surveillance, including against European citizens.

“I am quite sad that it had to come to this, and desperately hope Google management re-discovers its moral compass,” Mayrhofer’s said in his letter.

Suppose your giftee loves growing mushrooms but has graduated to more challenging varieties. In that case, North Spore makes an automated monotub ($150) that can be paired with either substrate or the brand’s fruiting blocks. It keeps the growing environment with the proper airflow and humidity, and I’ve grown so many mushrooms in mine that I’ve turned into a Crazy Mushroom Lady, leaving bags on neighbors’ porches and chasing down acquaintances in the grocery store.

(Note that the photo above shows golden oyster mushrooms, which mycologists are investigating as a potential invasive species. North Spore says it is currently phasing out its yellow oyster mushroom kits while it works on developing a sporeless strain.)

Grow Your Own Medicinal Herbs

I get pitched a lot of gardening-related books for this guide, but this new-release hardcover from Texas-based gardening influencer Vanessa Minton, of From the Garden, is one of the more useful and well-organized ones I’ve seen in a long time. It’d make a great gift for those interested in natural medicine or just gardening in general. You can start with the basics, like design, hardiness zones, and soil requirements, or search by plant—each plant page provides the medicinal properties, growing and planting information, and ways it can be used (infused oil, tincture, tea, poultice, syrup). The recipes for things like infused salts, herbal teas, and syrups are detailed yet easy to follow, but it’s also just plain fun to read straight through.

A Decorative Indoor Trellis and Plant Saucers

If your friend or loved one is supporting their vines or floppy potted plants with bendable moss poles or, worse, a jerry-rigged ladder made out of duct taped pencils (it was an emergency, OK?), treat them to one of these hand-finished, laser-cut plant supports. There are staked and modular versions (my favorite is the wonderful-smelling, extendable redwood Zella) as well as coasters, wall mounts, and saucers that water your plants from the bottom. I have tested many of them—including the classic versions—and all have added a dash of style while lending critical structure to floppy and vining plants. Can’t pick just one? Check out Treleaf’s collection of gift bundles.

Succulents in the Mail

Lula’s Garden’s heart-shaped box is featured in our guide to the Best Flower Delivery Services, and since then, I have had multiple people recommend the brand to me. I have now tried it, and I have to agree—this is an excellent gift. It’s fun, stylish, and priced the same as or even less than transient flowers. Not everyone is inclined to take care of a houseplant, but succulents are super easy to care for, and the box they arrive in doubles as a planter. All you have to do is unbox and use the included pipette to add a few squirts of water. The gardens are contemporary yet neutral enough to fit in with just about any decor. Just a heads up that unboxing the gardens that come with rocks (like the Bliss) may be a little messy, but the more premium gardens (like the Urban) don’t have any loose parts and come out of the box looking exactly as they do online.

For Making Compost Indoors

Reencle

Prime Electric Composter

As seen in our guide to the Best Kitchen Composters, the Reencle Prime doesn’t fully make ready-to-use compost, but it comes the closest out of any of the major brands. It functions a lot like a heated trash can—just throw your kitchen scraps in, and microbes will break them down over time into a sort of loamy mixture. When the volume of the Prime reaches the fill line, the mixture can be scooped out and added at a 1:4 ratio with potting soil, then left to cure for three weeks. After this, it can be used for both outdoor and indoor plants. Not only will it free up space in your giftee’s trash can and cut down on dangerous greenhouse gas production, it will make their plants happy.

Modular Landscape Blocks

It’s frustrating to spend untold time and money on your garden vision, only to find that landscaping elements like real rock walls and edging can cost thousands of dollars. If your giftee loves making their garden pop, these PolyRock blocks come in modular, six-block sections about 4 feet long. They slot neatly together like Legos, look exactly like real rock, and are flexible, so you can use them straight or curve them into a circle. No digging or leveling is required, and they’re easy to detach and move around if you change your mind or design plans. You can choose from gray, brown, black, or white tones. I have a strip of gray blocks installed along the front of my house, and more than one neighbor has thought it was real rock. The adjacent grass has even been cut with a string trimmer every week for months, and there’s still nary a scratch on the blocks.

A Do-It-All Cart

Gorilla

Poly Garden Dump Cart

Don’t torture yourself with an inefficient wheelbarrow! A garden cart might seem like an odd gift at first, but this is the all-category MVP of my yard and household. It not only carries mulch, plants, and yard tools, but it can also tote up to 600 pounds for the small version and 1,200 pounds for the large, which has allowed me to transport everything from giant pizza ovens to bags of smoker pellets. The cart’s got a quick-release dump latch on the front and pneumatic tires that handle mud and sand with no problem. I’ve tested other carts in the past, but this is the only one that has earned a permanent spot in my garage. If your giftee lives on a large plot of land or needs to transport a lot of pots or other supplies around their house, this will be an invaluable companion. Note that it will require some assembly, but it didn’t take more than an hour.

A Candle That Smells Like Tomatoes

You might be thinking: Why on earth would someone want a candle that smells like a tomato? I certainly did, when WIRED reviewer Louryn Strampe crowned a tomato-scented candle as the overall best pick in her Guide to the Best Scented Candles. However, now that I’ve smelled it myself, along with a handful of other versions (LAFCO’s is my second favorite), I completely get it. I was immediately transported back to being amid sun-warmed tomato leaves in my grandfather’s garden, but my teen son, who doesn’t have the same association, also immediately recognized it as a distinctly summer smell. It’s warm and vegetal, but still sweet and fresh. It’s sure to remind your favorite gardener of the good times ahead.

A Quality Pair of Gloves

I’ve used a lot of gardening gloves over the years, but these two are my all-time favorites. Digz’s long-cuff garden gloves keep dirt, leaves, and other detritus out when you’re reaching down deep into something, and they’re invaluable for pulling out blackberry vines, goosegrass, and other long and/or sticky weeds. (Digz also makes some excellent tools with soft, ergonomic handles, but those aren’t as widely available.) If you’re looking for something sturdier, longer-lasting, and more versatile, Vermont Glove has been hand-sewing goat-leather gloves since 1920, and the Flatlander design dates from that time. These gloves are both ridiculously soft and insanely sturdy—my husband and I have both used them for all manner of yard work, including pulling thorny weeds, and they have stood up beautifully despite their lightweight feel.

Charlie Javice, the convicted Frank founder, is reportedly seeking a presidential pardon, with her camp quietly courting people close to the Trump administration, according to the WSJ. So far, her name hasn’t turned up on a formal clemency request list at the Justice Department, it adds.

That list is growing fast. As the administration reportedly weighs handing out roughly 250 pardons this summer to mark America’s 250th birthday, a wave of clemency requests is pouring in from white-collar defendants — including Sam Bankman-Fried.

JPMorgan can’t be pleased by any of this. Last September, Javice was found guilty of fabricating millions of customer accounts to inflate her startup’s value before selling it to the bank for $175 million. She’s now serving more than seven years and is appealing, arguing the case against her was unfair.

The bank may have extra cause for concern given its relationship with President Trump. In early 2021, it closed accounts tied to Trump and his businesses shortly after the January 6 Capitol riot, a move that Trump has since called political “debanking,” suing JPMorgan and CEO Jamie Dimon for $5 billion. (JPMorgan denies any political motive.)

Javice has powerful friends, too, including Apollo’s Marc Rowan, an early Frank investor who testified on her behalf at trial. Rowan has donated to Trump’s campaigns and, since his reelection, has given millions more to Republican congressional groups.

A hot potato: Several police officers across multiple states and jurisdictions have been arrested in recent months for allegedly using AI-powered Flock license plate readers to stalk their ex-partners. Marketed to law enforcement as a public safety tool designed to help catch criminals, the cameras have faced significant backlash from civil rights activists over privacy concerns.

According to reports from various local and national news outlets, at least 18 police officers have either been arrested, fired, or placed under investigation for allegedly abusing data from Flock AI cameras to stalk their ex-partners. Investigators told 404 Media they believe the cases represent only the tip of the iceberg, suggesting that many incidents go unreported or are resolved informally with warnings rather than disciplinary action.

In one of the most egregious cases involving the misuse of Flock AI license plate readers, former Orange City, Florida police officer Jarmarus Brown was arrested in February. He is accused of repeatedly searching his ex-girlfriend’s license plates more than 100 times to track her movements and of sharing videos of her vehicle using his official agency-issued laptop over a seven-month period in 2024.

In March, Milwaukee police officer Josue Ayala resigned after being accused by his ex-girlfriend of using Flock license plate readers to track her and her ex-partner across the city. He was later arrested and charged with one misdemeanor count of attempted misconduct in public office for allegedly using his authorized access to search the Flock license plate database 179 times for personal reasons.

In a separate case dating back to 2024, former Sedgwick, Kansas police chief Lee Nygaard was accused of tracking his ex-girlfriend’s vehicle 164 times between June and October 2023. He also allegedly ran her new boyfriend’s license plate 64 times and physically followed the couple in his police vehicle. Nygaard eventually resigned and admitted his actions were motivated by jealousy.

Several other cases involving law enforcement officials using their access to stalk and harass former partners have been reported across the country over the past several years. Privacy advocates argue that the true number of incidents is likely significantly higher, as many cases go unreported or are handled internally by agencies to avoid potential legal liability.

In response to growing concerns over surveillance and abuse of power, several police departments have ended their contracts with Flock Safety. According to a recent report, 53 municipalities across 20 states have either rejected or deactivated Flock cameras, with the Atlanta-based company also accused of attempting to limit public access to information about police searches of its license plate database.