The U.S. Federal Trade Commission has declined to end a lengthy ban preventing Scott Zuckerman, the brain behind Support King and the SpyFone and OneClickMonitor applications, from engaging in the surveillance software business. The Commission’s action leaves one of the rare, wide-ranging bans on the books and also signals how regulators think about consumer spyware as being inherently dangerous for privacy and safety.
What the FTC order says about surveillance app bans
Zuckerman is forbidden from disbursing, marketing, or advertising surveillance apps or services, according to the order. It also includes the deletion of data gathered through his previous operations and robust security measures, with continuing independent oversight from civil rights experts. Practically, it stops him from relaunching or rebranding equivalent software—even if he does so with new ventures or affiliates under his control.
The FTC’s remedy is more than a simple cease-and-desist. It is designed to cover what the agency has called, in previous filings, systemic security problems and misleading design choices in apps that are engineered to be hidden, collect intimate information, and thwart detection by device owners.
Why the petition to lift the FTC surveillance ban failed
Zuckerman requested that the Commission overturn or modify the order, claiming requirements were expensive and onerous for his current non-tech-related businesses. He failed to demonstrate that there has been a change in any material fact or law, the FTC found, a significant threshold under its rules for reopening orders. Put another way, the Commission found no need to relax limits meant to shield individuals whose devices and private lives were compromised.
The agency has long cautioned that security and privacy protections are not something to add on as a mere afterthought—particularly for companies that handle vast amounts of sensitive data. “In surveillance matters, the risk calculus weighs heavily in favor of the protection of targeted individuals,” a position that history tells us the Commission does not reduce without strict evidence that there has been a sea change.
The data breach that exposed thousands of SpyFone users
The ban has its origins in a stunning lapse: an open cloud storage bucket linked to SpyFone that left highly sensitive data exposed.
The cache had selfies, along with text and chat messages, audio recordings, contact lists, location histories, logins, and hashed passwords. Security researchers said 44,109 unique email addresses were in the exposed data, including as many as 2,208 customers who had either posted a request for tech support or were still using the stalkerware, and content from some 3,666 phones running stalkerware.
More than the raw numbers, the breach laid bare how consumer spyware compounds harm. When installed on the phone of a partner, these apps can quietly relay location data, communications, and even images in an intimate context to the buyer. Advocacy groups such as the National Network to End Domestic Violence and the Electronic Frontier Foundation have documented how tech-facilitated abuse allows abusers to stalk and control victims. Security firms across the board, including Kaspersky and Avast, report tens of thousands of affected devices worldwide annually, emphasizing that this is not a niche problem.
A message to the stalkerware industry from the FTC
Here, the FTC’s ruling comes as part of a larger pressure effort on stalkerware makers. The Commission has previously targeted other vendors as well, including cases that resulted in data being deleted and the imposition of long-term security monitoring. Criminal enforcement in related spyware cases is also on the table for the Department of Justice, which should make it clear to anyone attempting to profit off secretive surveillance marketed under the guise of interpersonal monitoring that this crosses the threshold of acceptable law and practice.
Private platforms have also upped the ante. Policies in the app stores of major mobile platforms specifically prohibit surreptitious monitoring apps, while detection tools from security companies increasingly identify stalkerware behaviors. The Coalition Against Stalkerware, a collective of civil society and cybersecurity companies, also shares indicators and support resources for victims in order to limit stalkerware’s reach.
What comes next for enforcement and consumer protection
The FTC preserved one of its most aggressive remedies against consumer spyware by rejecting Zuckerman’s bid. The ban and audits from the order are still in place, and any violations could bring further discipline. For wannabe copycats, the lesson is stark: rebranding and pivoting won’t circumvent orders tailored to block secret spying.
For consumers and advocates, the decision serves as a reminder that those who reaped profits from invasive tools can, in fact, be held accountable for harm—including not just the corporate entities behind them but also individuals.
And for the surveillance industry, it underscores an uncomfortable truth: software designed to conceal, monitor, and siphon up personal communications without a user’s explicit informed consent undercuts itself by operating in the dark, inviting regulatory scrutiny, legal risk, or permanent bans.
