FTC Reaffirms Ban on Stalkerware Pioneer Scott Zuckerman
The Federal Trade Commission (FTC) has reaffirmed its prohibition against Scott Zuckerman, the founder of consumer spyware companies Support King, SpyFone, and OneClickMonitor, from participating in the surveillance industry. This decision follows a data breach that exposed sensitive information of both the company’s customers and the individuals they monitored.
In 2021, the FTC imposed a ban on Zuckerman, preventing him from offering, promoting, selling, or advertising any surveillance app, service, or business. The agency also mandated the deletion of all data collected by SpyFone and required Zuckerman to implement robust cybersecurity practices and undergo regular audits. This action was prompted by a 2018 incident where a security researcher discovered an unsecured Amazon S3 bucket belonging to SpyFone, which contained highly sensitive data, including selfies, text messages, chat app communications, audio recordings, contacts, location data, hashed passwords, and logins. The breach exposed 44,109 unique email addresses and data from 3,666 devices with SpyFone installed.
In July 2025, Zuckerman petitioned the FTC to rescind or modify the ban, arguing that the security requirements imposed by the order had financially burdened his other business ventures, which now include a restaurant and planned tourism projects in Puerto Rico. However, the FTC denied this request, maintaining the original restrictions.
Further complicating Zuckerman’s position, a 2022 TechCrunch investigation revealed that he appeared to be involved in another stalkerware operation despite the ban. The investigation uncovered that SpyTrac, a significant Android surveillance app, was managed by developers with direct ties to Support King. The breached data from SpyTrac included records from SpyFone, which Zuckerman had been ordered to delete, and access keys to cloud storage for OneClickMonitor, another of his stalkerware applications.
Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation and a prominent expert on stalkerware, commented on the FTC’s decision:
Mr. Zuckerman was clearly hoping that if he laid low for a few years, everyone would forget about the reasons why the FTC issued a ban not only against the company but against him specifically.
She added that the 2022 revelations suggest that Zuckerman did not learn his lesson.
Stalkerware applications enable users to covertly monitor others’ devices, often leading to privacy violations and potential legal issues. Over the past eight years, at least 26 stalkerware companies have experienced data breaches or left sensitive data exposed online, highlighting a consistent failure to protect both their customers’ privacy and the individuals being monitored.
The FTC’s steadfast position underscores its commitment to enforcing privacy protections and holding individuals accountable for violations. By upholding the ban on Zuckerman, the agency sends a clear message about the seriousness with which it views breaches of consumer trust and privacy.
