Now, the Federal Trade Commission (FTC) has defended its exclusion on Scott Zuckerman. He is the founder of the controversial stalking application, SpyFone. This decision, originally made in 2021, prohibits Zuckerman from “offering, promoting, selling, or advertising any surveillance app, service, or business.” The central motivation behind the ban comes from a high-profile data breach incident in 2018. This breach leaked the sensitive information of hundreds of thousands of users of his application.
In 2018, the security researcher known as Kromtech discovered a misconfigured Amazon S3 bucket controlled by SpyFone. This find of unsecured assets created a massive data exposure, exposing 44,109 unique email addresses and records from 3,666 unique devices. The incident prompted the FTC to finally take Zuckerman to task. For this reason, Zuckerman was forced to delete all data collected by SpyFone. On top of that, he was expected to have regular audits done and to maintain strong cybersecurity measures across all of his companies.
Still, even after this ban, we began receiving reports in 2022 that Zuckerman was—without anyone’s knowledge—operating another stalkerware company, SpyTrac. This enterprise included independent coders with personal ties to Support King, Zuckerman’s former firm with ties to stalkerware practices. The FTC noted that such actions seemed like a concerted effort to evade the bans it has placed on such actions.
Indeed, Zuckerman has publicly lamented the FTC’s insistence on security requirements. He says the fiscal liabilities they require are compromising his capacity to operate his other real estate investments. As the owner of a popular restaurant, he has been looking for ways to capitalize on Puerto Rico’s growing tourism market. In July 2025, Zuckerman led by example by petitioning the FTC to rescind or modify the original ban order. Unfortunately, the FTC rejected Mr.
“SpyFone is a brazen brand name for a surveillance business that helped stalkers steal private information.” – Samuel Levine, then-acting director of the FTC’s Bureau of Consumer Protection
Eva Galperin, the Electronic Frontier Foundation’s director of cybersecurity and a leading expert on stalkerware, praised the FTC’s move. She noted that Zuckerman was attempting to go around the ban. That is an indication that he does not understand the magnitude of his repeated violations.
“Mr. Zuckerman was clearly hoping that if he laid low for a few years, everyone would forget about the reasons why the FTC issued a ban not only against the company, but against him specifically.” – Eva Galperin
Galperin added that Zuckerman’s behavior shows he has yet to learn from his past failures.
Yet these events have played out against a national backdrop of growing security concerns about stalkerware. Over the past eight years, hackers have breached at least 26 stalkerware companies. Over half of these firms have unintentionally exposed sensitive data online. This dangerous trend underscores the broader identity and data privacy and security issues in digital applications.
