San Francisco Police Drone Feeds Leaked Online for Six Months
Security researchers discovered live surveillance video from five SFPD drones streaming to a public web address with no authentication required.

San Francisco Police Department drone surveillance footage streamed openly on the internet for approximately six months after someone created a public link to five aircraft feeds with no password protection, according to security researchers who discovered the exposure.
Security researchers Sam Curry and Maik Robert found the unprotected stream while examining Skydio's systems in mid-June. The leak exposed real-time color and thermal video from SFPD's Skydio X10 drones, along with location metadata and pilot identification information, to anyone who located the public web address.
The researchers archived roughly 48 hours of operations before reporting the issue to Skydio. Their collection includes 60 videos from 20 separate flights, totaling more than three hours of aerial footage. Analysis of the videos identified hundreds of people and vehicles captured on camera, including clear facial images of dozens of individuals.
What the footage revealed
The leaked videos document police operations ranging from vehicle pursuits to wellness checks. In one incident, four drones tracked a suspect across San Francisco in response to what SFPD described as an alleged auto parts theft. The footage shows a drone zooming in on an SUV's license plate, following the vehicle through traffic, then tracking the driver after he exited and hid behind a parked car in an apartment complex. Multiple drones converged on the location before officers tackled the suspect.
Other videos show police inside a high-rise apartment during a missing person investigation, officers speaking with homeless individuals in an alley, and surveillance of people who appeared uninvolved in any criminal activity. One video captures a person sitting alone on a rooftop in response to a prowler call. Another follows two young men to a basketball court where they begin playing, prompting the drone to depart.
The archive also contains detailed telemetry data: more than 5,000 GPS coordinates tracing 44 miles of flight paths, along with altitude, speed, and battery information. Six SFPD pilot names and email addresses appeared in the logs.
How the exposure occurred
Skydio's software allows users to create shareable links called ReadyLinks for video streams, with options to require authentication or set expiration dates. Someone with access to SFPD's Skydio system created a link in December with no authentication and a one-year expiration date. That link subsequently appeared in AlienVault Open Threat Exchange, an open-source database used by security researchers, where Curry and Robert discovered it.
Curry and Robert reported their findings to Skydio approximately two days after discovery, and the feed was taken offline. However, the link had potentially exposed drone operations for six months before detection, with no confirmation that the researchers were the only viewers.
Why it matters
The incident exposes fundamental tensions in police drone adoption. SFPD's fleet expanded from six drones to 98 between 2024 and early 2025, with officers logging more than 1,400 launches. While the department maintains a transparency portal publishing flight logs without video, this leak provided unprecedented public access to operational footage that police departments typically withhold even under public records requests. The exposure demonstrates how surveillance systems create what privacy advocates call "toxic assets"—sensitive data vulnerable to breaches that can reveal far more than intended about both investigation targets and bystanders. With AI analysis increasingly capable of processing vast video archives, the privacy implications extend beyond individual incidents to systematic monitoring of urban life.
SFPD stated the link was "for law enforcement purposes only" and was "improperly obtained," though the researchers accessed it without bypassing any security measures. The department said it has implemented more restrictive sharing protocols and is investigating whether others accessed the feed.
These details were first reported by WIRED.
This is an original analysis by the Omega editorial team. Source reporting: WIRED.
Want systems like this working for your business?
Book a Call
