Flight Tracker LED Ripoff - Part 2: It's so much worse
Welcome to the botnet. Your concerns have been ignored
Date:
[]
Views: [269]
Categories:
[projects]
Tags:
[flight-tracking],
[FlightTrackerLED.com],
[flight tracker led],
[botnet],
[tailscale]
This is a follow-up to a previous article:
Flight Tracker LED Ripoff
It discussed how I put online a guide to build a Flight Tracker, showing what aircraft are nearby, using a Raspberry Pi and an RGB LED screen. I later discovered someone selling these as their own creation with no attribution to the original project.
Chicago John
Earlier in the year I wrote about how I discovered that someone was selling one of my pet projects, the Flight Tracker, as their own work without any accreditation. A couple of months after I posted it the culprit reached out to me and made a few promises, Chicago John.
I've been meaning to write a blog post to conclude the tale, but everything was so uneventful that I never really felt like I had much impetus to revisit the topic. I had been quite happy to leave up my original post and let people make their own decisions about whether they'd build a flight tracker from the instructions online or purchase one from Chicago John.
Then people started contacting me to explain their interactions with Chicago John and showed off what they've received from him. What I've learnt has horrified me enough to write this blog to warn people: unless you want Chicago John to have 24/7 remote access to your home network, avoid purchasing a Flight Tracker from him
The Good
Back in April, I wrote about finding out that someone had taken my Flight Tracker project and was passing it off as their own product. All I was looking for was my work to be credited. It was a bit of a howl into the night without much hope that there would be any response, but to my surprise in June I got a response from the "Official" (lol) Flight Tracker LED Facebook account.
The conversation essentially goes:
- Him: Sorry. I'll stop selling these
- Me: Just give credit
- Him: OK. Here's me giving you credit
Which was a good response and also why I didn't post a follow-up article. There wasn't much left to say. Now that I've decided to return to the topic, let's just post the whole conversation so we can all have a bit of a laugh, also I want to draw the reader's attention to a few points:
- Yes, he immediately spells my name wrong
- Whinging that the idea he stole doesn't scale well for him to turn a decent profit
- A very reasonable explanation about his FR24 licensing - not that I've been able to test the veracity of his claim
- More complaining about how much effort ripping off my idea has been
- A promise to post his code to GitHub to pull himself in line with my license. Something I can't find any evidence of him doing yet
- More complaining about my project not scaling well and an appeal for some tips
[18/3/2025, 16:34] Colin:
Hey John,
Do you think you could credit my flight tracker that you're selling? It's a bit weird that you're selling it as something you've come up with yourself.
All I'm looking for is a wee credit. Open-source projects like this are our CVs: passing off someone else’s work as your own robs me of the chance to showcase what I can do.
[2/6/2025, 21:25] Flight Tracker LED:
Collin
Apologies
New phone, never got these apps transferred. Just seeing this now
First of all. You’re 100% right. I’m going to give you all the credit.
Second, less important, is that I have stopped selling these. Nonetheless, how can I make this right for you?
Read through your article. Thank you for not doxing me.
Regarding the API key I actually did go down the commercial use route for the fr24 data which is why it was priced how it was.. nonetheless hope all is well and more than happy to connect
Happy to take the whole thing down, but will wait to hear back from you
[3/6/2025, 16:37] Colin:
Yo. Thanks for getting back in contact.
I'm not going to ask you to shut your operation down. Just make sure you stick to GNU GPL v3.0 and give credit where it's due
[3/6/2025, 16:42] Flight Tracker LED:
Definitely will give you credit man. I’ll update the sites today and post links to your GitHub / blog and my source code
I still don’t think I’m going to continue selling them, however. It’s not really profitable or scalable and frankly a ton of work and I never planned on this
[5/6/2025, 4:37] Flight Tracker LED:
I'll be getting the credit on Etsy and Instagram also. Let me know how this looks
[5 Jun 2025, 4:44] Flight Tracker LED:
Again, I'm really sorry... Was not my intention to not give you credit I just got carried away and things were moving fast.
I don't know what the state of the site is going to be. People (obviously) find this very cool and it does bring joy to them.
The main thing that makes it tough is that it's not really scalable in terms of manufacturing enough of them and selling them at scale. I make all the boxes myself and it just takes time to source all of the parts too.
Anyway, if you have any thoughts/ideas let me know
[5 Jun 2025, 4:46] Flight Tracker LED:
Added some credit in the product page also
If I'm ever feeling a little bit of imposter syndrome, I just need to remember the gumption shown by Chicago John here. Nothing will stop him from reaching his goals, not even common decency.
It was important for me to post the entire conversation here for three reasons:
- You can see that I made a simple request and it was kinda fulfilled. Certainly enough for me to stop caring about all this
- This is the extent of our back-and-forth, which is important to note as we're going to discover that when called out on his behaviour, Chicago John will claim that we're tight and have worked together on this project. Sorry John, in case you were left thinking otherwise, but we're not buds
- Chicago John loves pointing out his website's T&Cs to people so I'm suspicious he might be a litigious sort, so I thought it best to be open and honest
The Bad
Since publishing the original post, people have been getting in touch with me while looking for support with the Flight Trackers they bought from Chicago John. I've also found people on Reddit looking for support from the open-source community there. The best information about the product from Flight Tracker LED came from someone I'll be referring to as Cool Guy.
Cool Guy had purchased one of these Flight Trackers as a present for someone and immediately ran into trouble with it. It started with a flickery screen, progressed to a fried SD card. Initial attempts to fix it failed as Chicago John's approach to providing support and updates is rather unconventional. Instead, Cool Guy ended up having to get a new SD card so that Chicago John could get him to reinstall my code, followed by an extra layer of his own gumph to get it working again.
This didn't resolve the flickery screen, but it did leave Cool Guy realising he'd been had by Chicago John and should have just made a Flight Tracker from scratch himself the first time around (it's really not that hard).
A note about flickery screens: I've been playing around with a few different models of these screens, from the more expensive Waveshare version that Adafruit sells to the knock-off version that are a fraction of the price. Those cheaper ones are exceptionally sensitive to noise. If I take a device that's working perfect and then swap out for a cheaper screen then the noise and flicker is immediately noticeable. It's worth forking out for the higher quality version if you think this will bother you.
Over the course of our conversation I got some fantastic insights into the Flight Tracker LED operation. For example, the precision craftsmanship boasted on the website:
Check out the wire he's using for the solder bridge on the RGB driver. Ewwww. It's not even the correct gauge!
Chicago John also likes to get legal when he thinks people might be stepping on his hard intellectual property:
Chicago John:
Please keep in mind section 5 in my TOS. I am ready and willing to enforce these at any moment. You do not have any written permission to create a derivative of this.(c) To violate any international, federal, provincial, or state regulations, rules, laws, or local ordinances.
(d) To infringe upon or violate our intellectual property rights or the intellectual property rights of others.
(e) To reverse engineer, decompile, disassemble, or otherwise attempt to discover or extract the source code of any software contained within the device or any related product.
(f) To copy, modify, reproduce, distribute, republish, display, perform, post, transmit, sell, license, or create derivative works of any part of the device, including but not limited to the software and source code, without our express written permission.
Which is hilarious given his propensity for profiting off other people's hard work. When called out on this, we see a clear misunderstanding about absolutely everything open-source:
Chicago John: The open source code is not protected feel free to use that! It’s for learning and experimenting! The open source version is in no way shape or form meant for commercial use. That’s why it’s out there. There is a ton of proprietary code besides the basic flight tracker.
Ah yes, Collin and I have actually talked extensively about this 👌
At the point of this conversation my code was covered by no licence. Let me carefully break down why this is important:
| Statement | Fallacy |
|---|---|
| Code is protected by default | Technically, without an explicit licence, nobody has permission to use it commercially |
| Not open source | Putting it on GitHub ≠ “open source.” Licensing makes something open source |
| No commercial/non-commercial distinction | Without a licence, both are prohibited |
| Proprietary code claim is irrelevant | If someone's work incorporates your code without permission, it’s infringement |
| Misrepresentation | Lying about extensive conversations is a serious falsehood |
By putting a licence on this code in April it actually makes it easier for people to use commercially as long as they stick to the rules of GPLv3... providing you're honest.
Oh, and when the going gets tough, here's an example of the high-quality support you're likely to receive:
Chicago John: I’ve spent a lot of my free time which isn’t much as it is trying to fix this for you which is taking away from fun parts (building a new website for the configurations)
You know what really kills the fun in a project, John? Having to support people you’ve sold a sub-par simulacra of my work to.
The Ugly
Fuck me. Now we get to the entire point of this article. For the non-technical, consider this entire next section blaring with klaxons, red flashing lights, and the smell of burnt hair. This is dangerous and disgusting 📢🚨🔥
The reason that Chicago John's ability to help Cool Guy was compromised was that when the SD card failed, he'd lost the ability to use Tailscale to connect to the device. Every Flight Tracker LED shipped by Chicago John appears to come with Tailscale already installed, giving him full remote access out of the box.
Tailscale is what I'd install on a computer I’d want to manage remotely as if I was sitting at it. As long as the device has an active internet connection, I'd be able to reach it via Tailscale. This means that when you've got one of Chicago John's devices on your network, you might as well have him sitting beside you with a laptop on your network any time he wishes.
The reason I'm confident in saying these devices are shipping with remote access enabled is that prior to the fried SD Card Chicago John had remoted into Cool Guy's device to tweak some setting: switching to a 24-hour clock and UK date format.
Imagine you bought this device for your office? Congratulations, you've just wrecked your ISO 27005 compliance as you've now got an uninvited threat-source in your network. Nowhere on the Flight Tracker LED website is this laid out to the buyer.
But hey Colin, couldn’t that random Wi-Fi gadget I bought from Amazon do the same thing? Yes and no. Those ESP32-based widgets are usually simple microcontrollers running locked-down firmware and because they’re sold in huge volumes security researchers and tinkerers are constantly tearing them apart. If a manufacturer tried sneaking in something shady, it would likely be spotted (eventually). By contrast, Flight Tracker LED is built around a Raspberry Pi, a full Linux box running custom code from a single unaccountable seller. Once you give someone persistent remote access to that, you’ve effectively parked a general-purpose computer on your LAN with no outside oversight of what it’s doing.
This method of providing support and updates is kind of overkill solution that you go for if you have no idea what you're doing 💀
When asked directly whether this setup gave Chicago John access to the rest of Cool Guy's home network, he either lied or was dangerously clueless, assuring Cool Guy that it was safe.
Fin
At the end of the day, open-source is about community, collaboration, and credit. If you're going to use someone else's work, just do it respectfully. The tech world is a fishing-village, eventually, the truth catches up.
For anyone who’s already bought one of these boxes and found it doesn’t work, I’m sorry you’re dealing with this. My actual build guide is still available and if you do it properly I promise it won’t include surprise remote access or half-melted solder bridges.
If you’re still thinking of buying from Chicago John after all this, well... good luck, and maybe set up your router to keep the box away from the rest of your network.