The following article was published by someone calling himself "Samuel Smith" from Hong Kong, on IPCamTalk and Reddit, concluding that I, quote, "should be cancelled". Both sites subsequently removed it with neither our involvement nor request.
I do believe in freedom of speech, even for China Communist Party shills, even when it is against me. Ergo, presented below, in full, the article, with a short response by me after it:
Unmasking IPVM
How a toxic mix of rage, inferiority spawned the security industry’s most polarizing figure
Samuel Smith
On the evening of November 13, 1994, Dartmouth University’s Student Executive Assembly Committee signed a letter calling on its 19-year-old Secretary, John Honovich, to resign. The letter stated Honovich had acted to promote his own interests and consistently caused "infighting, confrontation, unproductivity, a poor public image, and has run counter to the expectations of the student body we are expected to serve efficiently and honorably.”
The next morning, the Dartmouth Editorial Board said, “In meetings Honovich has shouted over other members, raised his voice at administrators and chanted incessantly that the president and vice president are 'liars;' he has embodied the plague that has sickened the Assembly over the last few years. In an organization that should no doubt incorporate political viewpoints spanning an immeasurable spectrum, tolerance, cooperation and respect are necessary. The difference between good and bad politicians is knowing where to draw the line - and the Assembly cannot stand idly by while Honovich repeatedly crosses it. The only way the Assembly can hope to regain the respect that Honovich has destroyed is to show the campus that it will not stand for such irresponsible, distracting and disrespectful behavior and that it will stand up against members who use the Assembly as a tool for their own political gain.”
An immature, vain, aggressive and irresponsible teenager became an immature, vain, aggressive and irresponsible adult. It probably would not surprise anyone who knew John Honovich and saw his rage at Dartmouth that he would later so frighten a 41 year-old male that [the man] asked a court to issue a restraining order against John Honovich; or that a security equipment company would fire him; or that he would launch a tabloid website called IPVM to attack and bully the very industry that refused to accept him; or that, perhaps most outrageously, he would think that it would be ok if he hacked into Americans’ security cameras, posted their personal data on his blog and then encouraged others to hack into those cameras too.
This is the story of how John Honovich’s duplicitous website lies and cheats to make him more money.
John Honovich Manufactures Controversy to Make Money
IPVM is a subscription-based website founded in 2008 by John Honovich, a self-proclaimed leader in the video surveillance industry. According to one website that has covered John’s Honovich controversial behavior, “Many believe that he generates controversy through his abusive attacks on companies in the industry and then makes those same companies subscribe to his service so they can review his attacks.”
John Honovich and his helpers at IPVM review products and provide commentary on security industry companies and individuals. The source of any additional funding remains a mystery. His commentaries are highly biased, misleading, and often false.
As the same website that chronicles some of John Honovich’s most egregious infractions stated, “The site does not limit itself to attacking small companies. No company in the surveillance industry is immune to his outbursts. However, is his plan truly to build a subscriber base forced to pay to read the latest malicious content posted about their company on his blog or is there something more deep rooted that forces his pen?”
John Honovich Targets Asian Companies for Being Asian
John Honovich’s greed is only exceeded by an intransigent rage that helps drive him to deploy litany tactics designed to go after any Asian technology company simply because they are Asian.
When the Chinese two-way radio company Hytera submitted public comments to the FCC regarding a proposed rulemaking aimed at curtailing Chinese telecommunications companies operating in the U.S., John Honovich and his employees—without any credible evidence—accused the company of lying.
When Japanese stalwart Panasonic alerted its partners regarding a U.S. policy that would potentially impact their ability to purchase Panasonic products, IPVM again accused the company of knowingly deceiving its partners.
And when a prominent US cybersecurity expert joined a major Chinese tech firm, John Honovich was not ashamed to openly called him “White Monkey.”
John Honovich Is So Biased that the Mainstream Press Does Not Trust Him
John Honovich has set himself up as an unregulated, one-stop testing/media/lobbying operation, which uses its platform, former employees working at mainstream media outlets, and contacts on the Hill, to harass, defame, plant negative and misleading stories about, and—apparently—directly lobby against leading Chinese technology companies. Congressional authorities have been notified about John Honovich’s potential flouting of lobbying disclosure requirements. In August of 2021, House and Senate ethics officers— as reported by Axios—even sent John Honovich a letter indicating he could be required to register as a lobbyist. In a terse and ironic—considering John Honovich’s history of bullying anyone who disagrees with him— comment to Axios, John Honovich accused Hikvision of “bullying a small US business.” John Honovich’s website plainly admits how it operates:Notable media outlets like the Associated Press, the London Times, CNBC and Foreign Policy--when alerted to key facts about John Honovich—have either clarified previous reporting or made editorial judgments not to cover certain issues solely seeded by John Honovich or his website.
One industry trade reporter said, “No one likes John Honovich or believes much of what he says, but you also don’t want to be the one he’s bullying, so I just ignore him.”
John Honovich Hacked Cameras to Peek Into Our Bedrooms
In John Honovich’s crusade to destroy one company in particular—Hikvision—he hacked thousands of its devices without the consent of their actual owners. He then produced a YouTube video instructing the public on how to hack those cameras.
In 2017, John Honovich searched the Internet for Hikvision cameras and used a known vulnerability to bypass the username and password of more than two-thousand unpatched cameras across the United States and Europe. As a result, John Honovich gained unauthorized access to computing systems (IP cameras) owned and managed by U.S. and European citizens.
John Honovich violated U.S. law thousands of times to do this. Section 5 of the United States Computer Fraud and Abuse Act states, “Exceeding Authorized Access. Several portions of the CFAA prohibit obtaining information by accessing a protected computer either (a) without authorization, or (b) in a manner that ‘exceeds authorized access.’”Apparently, he does not think the law applies to him.
An IPVM video instructed viewers how to exploit a vulnerability on any camera that customers had not yet patched with the firmware that the company posted online six months prior. This caused significant exposure to U.S. and E.U. citizens who own and use those cameras to secure their properties and lives.
On December 18, 2017, John Honovich published an article on his website that is open for public viewing. The article explains how John Honovich used the Hikvision vulnerability to gain unauthorized access into the cameras of U.S. citizens who connect their cameras directly to the Internet and who did not patch their cameras in the eight months since the company released the patched firmware. It also includes a map that plots the suspected location of each camera in the United States. When a visitor to the website hovers their mouse over the map, a popup image shows a screenshot taken by John Honovich from each camera that he illegally hacked. Here is an alarming example that shows how John Honovich leered into a child’s bedroom.
In a public blog post, John Honovich brags about his unethical and potentially illegal activity against U.S. citizens who own the company’s cameras. From the article:
“Device IPs were exported from Shodan, the result of a search for Hikvision cameras in the US. Each device was evaluated against 3 key criteria:
Was it located in the US, based on results of an IP Geo LookupJohn Honovich admits that he used the vulnerability to gain unauthorized access to victim IP cameras; looked at the name displayed on the video images; and took a picture from the camera. And on January 2, 2018, John Honovich updated his hack map article to include cameras all across Europe. To this day, the article and the map of IPVM hacked cameras remain accessible and open to the public.
John Honovich Bullies Anyone He Disagrees With
When the FCC invited interested parties to comment on its proposed rule-making that would effectively ban the sale and marketing of certain Chinese companies, John Honovich’s predatory instincts sprung to life. When 20 American Dahua partners came out in support of Dahua, John Honovich published their comments and images on his tabloid, in what appears to be a shameless attempt to place a Scarlet Letter on hardworking Americans.
He followed up this attack by blasting nearly 100 small-medium sized American business owners who also supported Hikvision, and were participating in the FCC process, by openly naming and shaming them on his website.
One U.S. business owner said, “Why is this guy putting my name out there!? This is a public comment period and I have every right to comment. For someone who says he’s a voice of the people, it’s pretty ironic that he would try and silence me this way.”
One American company had enough. In a cease and desist letter sent to IPVM, one security equipment maker said,“Your campaign to intentionally defame Arecont includes recent postings by you entitled ‘Lying at Arecont Vision’ and ‘Liars at Arecont Vision’. In these postings, in which you say you are relying on the findings of an alleged security blogger, you accuse my client of lying in its advertising, specifically with respect to a MegaDome® print advertisement. You also make an off-handed remark alluding to what you characterize as Arecont’s ‘fallacious megapixel math.’ I will give you the benefit of the doubt - this one time – that, perhaps, you honestly believed at the time that what you posted was true and that the image in the circle marked ‘actual image’ was not an actual image from Arecont’s camera. Be advised, however, that the image in the circle labeled ‘actual image’ in Arecont’s print advertisement is, in fact, an actual, true image from an Arecont camera. Rather than falsely conclude that the image was simply too good to be true and, therefore, that it must be false advertising, you should have investigated the quality of Arecont’s products more thoroughly. Then, perhaps, you would not find yourself in the situation you are now in. Dissemination of false, defamatory information is actionable in a court of law.”
John Honovich Should be Ignored … and Cancelled
John Honovich’s time at Dartmouth was a harbinger of things to come. As one website cataloging his infractions put it:
“Recently, court documents were obtained detailing a dark past with allegations of physical and mental abuse. This in itself may not be as telling as the actual statements of his 41-year old male accuser. Statements like ‘He [John Honovich] always carried out his threats which got worse when I complain and/or challenge his control or power.’ The complaint continues, “He brags about his ability to verbally attack others. He squeezes his girlfriend’s head and pulls her arms behind her back.” And finally the complainant filed a Restraining Order against John Honovich indicating that “[John Honovich] would cause any reasonable person to suffer extreme emotional distress.” Mr. Honovich then continued to violate the Restraining Order and was arrested by the Honolulu Police Department. He was ordered to immediately turn over all firearms, ammunition, permits and/or licenses to the Honolulu Police Department.”
As yet another blogger stated:
“One by one, the pieces [of John’s life] are not that damaging, but put together, they paint a picture of a man with an unusual, and perhaps morbid psychology. It takes more than a little poking fun at people to have 8 out of 12 people sign a petition for your resignation. It takes a little more than friendly harassment to get a TRO [temporary restraining order] stuck on you. It takes more than a few inflammatory tweets to get someone to create a whole blog dedicated to exposing him.”
John Honovich is simply not credible. He cannot and should not be trusted. In fact, given the serial nature of his transgressions, John Honovich should be cancelled.
While "Smith" makes a broad array of accusations that I am happy to address, as people are interested, I will start by focusing on 3 particular ones.
Dartmouth Student Government: I was 18 years old, not 19, and while in November there was a letter calling for me to resign, just 2 months later, that same student government elected me Vice President. I am not sure how productive it would be to analyze the details of what I did as a teenager more than a quarter-century ago but suffice to say, the situation was more complex and I had far more support than "Smith" construes.
Arrest by the Honolulu Police Department: That was more than 20 years ago. I had an argument with a housemate about the rent which led to him getting a TRO against me. Then, when another housemate arranged for a mattress company to return a mattress I had bought, the housemate who got the TRO contacted the police arguing that by having the housemate facilitate returning a mattress, I violated the TRO. This was as bizarre as it sounds. The charges were shortly dropped, without me doing anything.
Hikvision Hack map: This is something that Hikvision has been complaining about for years. Hikvision's Jeffrey He notably declared that "This is the most outrageous behavior I have seen in my 27 years in the global security industry." Evidently, it was even more outrageous than Hikvision placing a backdoor in tens of millions of its devices or abusing human rights in Xinjiang or selling manipulated fever cameras, etc. As we explained at the time, we simply used the authorized access that Hikvision designed into their products.
I think criticism, even of this variety, is useful for the subjects to better understand their actions and to improve. For sure, I am more mature and sophisticated than I was a teenager, the core thread of this article.
As for "canceling" John Honovich, as IPVM approaches 30 team members, our goal is beyond "John Honovich", to be an institution that researches, exposes, and advocates for better and more ethical usage of technology around the world, including the PRC and USA.
Any questions or feedback, please let me know!