In February 2026, my friend was picked up by Sheriffs in Nevada on a traffic violation. He was placed on an ICE hold, released, then arrested in the parking lot by ICE agents and handed back to the sheriffs, who held him off the record. He disappeared for three days. No one could find him in any system.

I had a standing promise: if he was ever detained, I’d get him out, but I had to find him first. So I built the first version of a jail roster monitor that Sunday morning. It was simple: poll the 2 nearby County sheriff’s app APIs and 2 other nearby county web APIs, match against his name, alert our Signal group. Monday morning it found him. They had finally re-registered him into the system on an ICE hold. This is ICE's 287(g) program at work: local sheriffs operating as ICE’s distributed detention infrastructure.

Then he was transferred to a multi-agency detention center in Washoe County, mixed into general population on an ICE hold. He disappeared from the Douglas County system but never appeared in Washoe’s. Gone again. While looking for other ways to find him, I looked into VINELink, a self-styled national victim notification system, and discovered it’s operated by Appriss Inc., a subsidiary of Equifax since 2020. Later, when I audited the sheriff’s apps, I found VINE integration baked directly into the app platform: the apps are silently routing inmate search data to Equifax’s infrastructure whether the user knows it or not. Nevada had terminated their own VINE agreement in August 2025 and replaced it with SAVE (save.nv.gov), so I built a scanner for that instead. But the bigger realization shaped everything that followed: the data aggregators aren’t the source. The source is better. Harder to maintain, but better. Every layer between you and the data is another entity logging your query. So we went direct: raw sheriff APIs, raw booking systems, raw state databases.

I saw a clear pattern: the app that Douglas County uses, OCV, aka “TheSheriffApp”, is the same platform serving hundreds of agencies. I used Claude to scale the monitor across Nevada and California the next day. Within a week it covered 55 sources across 9 states. Then I started auditing the apps themselves.

What I found inside

I reverse-engineered 8 OCV sheriff apps across Texas, Florida, Georgia, and Nevada. Every one shares the same backend, the same hardcoded API keys, the same analytics infrastructure. Independent county branding over a single private company’s servers. The findings:

• 8/8 ship Firebase Analytics, Google AdMob with persistent advertising ID, and GPS location services; three independent tracking pipelines in a “community safety” app
• 8/8 request fine GPS location, phone state, and contacts access. One requests SMS read/send, microphone, and call log interception
• TagAlong: continuous GPS surveillance that uploads point-by-point coordinates to OCV’s servers; not the county’s. The code tracks “UserView” objects through “Trip” sessions in real time. This is person tracking, not asset management
• Appriss VINE integration embedded in the apps themselves: OCV routes inmate search data through vine.prod3.myocv.com to Appriss Inc., an Equifax subsidiary. Users of these “community” sheriff apps are unknowingly feeding query data to a credit bureau; this isn’t a service you opt into, it’s baked into the platform
• All 8 apps share the same AWS Cognito identity pool and the same hardcoded YouTube API key — a single backend operating behind the branding of independent county sheriffs
• 52 hardcoded secrets extracted across 8 apps; API keys, AWS credentials, Firebase project IDs, all sitting in the bytecode

The combination is the point: fine GPS + advertising ID + Equifax-owned search logging means that the act of looking for your loved one creates a location-tagged, ad-network-linked record at a credit bureau.

I discovered over 1,000 agencies signed up for 287(g) agreements with ICE, 137 operating under the jail enforcement model. I added this data plus ICE detention facility locations to a coverage map.

What I built instead

Frio monitors the same data sources with a zero-knowledge architecture: the operator cannot read the queries, cannot see who is searching, and cannot access the results. I’ll walk through the design — NaCl sealed-box encryption, content-addressed memory shards with time-based decay, and the Spiritwriter agent governance framework that delegates work to untrusted agents with cryptographic accountability. The search service is live and free.

I’ll close with where this is going: Percival (camouflage nodes disguised as local news sites), distributed contributor networks where even adversarial participants are forced to contribute real value, and the tension between zero-knowledge design and the aggregate intelligence needed to measure the scope of illegal detention nationally.

What the audience takes away

• How a real surveillance stack works at the bytecode level — and how one person audited 8 apps in parallel using AI agents
• The zero-knowledge architecture patterns behind Frio and Spiritwriter (Frio's back-end memory architecture will be open sourced)
• A framework for thinking about when the act of searching is itself the threat model
• How the 287(g) program turns county sheriffs into ICE’s distributed detention infrastructure, and what the technical countermeasures look like