A former Department of Homeland Security cybersecurity chief — a man whose entire professional identity is built around keeping digital systems safe — just exposed the personal data of 17,662 anti-ICE agitators because he launched a website and forgot to put a lock on it. Not a complicated lock. Not some advanced encryption protocol that required a team of engineers. Basic API authentication. The digital equivalent of a deadbolt. The thing every first-year computer science student learns in week two.
Miles Taylor — formerly “Anonymous,” the cowardly pen name he used to trash Trump from inside the administration — runs an organization called Defiance.org. He teamed up with Lincoln Project co-founder Steve Schmidt and a collection of left-wing operatives to launch “GTFO ICE,” a platform designed to help anti-ICE agitators organize against immigration enforcement in their communities. The operation was backed by dark money — because the people who never stop lecturing us about transparency in politics built their resistance project on anonymous funding. Shocking.
For those unfamiliar with how APIs work: imagine building a bank vault but leaving the door wide open with a sign that says “COME ON IN.” That’s what Taylor’s team did. The site’s entire user database — names, emails, phone numbers, zip codes, timestamps — was sitting completely exposed, accessible to anyone with a browser and five minutes of curiosity. No password required. No credentials needed. Just ask and receive.
A researcher going by DataRepublican found it and put it perfectly: “The man who ran the third-largest federal department…who oversaw election security architecture…can’t secure a sign-up form.”
Let that sink in. This isn’t some amateur blogger who taught himself to code on YouTube. Miles Taylor served as Chief of Staff at the Department of Homeland Security — the agency specifically responsible for protecting America’s critical infrastructure from cyberattacks. He then moved to Google, where he worked on security and trust issues for one of the most sophisticated technology companies on the planet. His entire brand is “I understand how to keep things safe.” And when he built his own operation, he deployed it with less security than a MySpace page from 2004.
Bluesky — the left’s preferred platform for people who found Twitter too ideologically diverse — immediately melted down. Posts flooded the site warning activists their information had been compromised: “Bluesky is in full panic. A full on exposed API has revealed thousands of people who signed up for the GTFO ICE site.” The people who spent years screaming about government surveillance and data privacy just handed their personal contact information to anyone on the internet who wanted it — because the cybersecurity expert they trusted couldn’t be bothered to set up basic authentication.
Among those 17,662 people who trusted Taylor’s operation with their personal data was actor Mark Ruffalo — the Hulk himself — who apparently gave his name and contact information to a website with the security posture of a kindergarten arts and crafts project.
The coalition behind GTFO ICE is worth examining, because it reads like a greatest hits of resistance grift. Taylor’s Defiance.org. Schmidt’s Save America Movement. A project called Salt Box tracking ICE detention facilities. The media contact is Scott Goodstein, a veteran of Obama’s 2008 digital operation and Bernie Sanders’ 2016 fundraising. This is the left’s varsity squad — seasoned operatives with decades of combined experience in technology, communications, and political organizing. And not one of them thought to ask, “Hey Miles, did you add authentication to the API?”
The dark money angle deserves its own paragraph. This organization was soliciting monthly memberships up to $1,000 with limited apparent accountability for where the money went. The same people who built careers railing against anonymous donors and shadowy political money were running their own operation on exactly that model — while simultaneously failing to protect the personal information of the true believers who signed up and trusted them.
DataRepublican didn’t just find the open door. They walked through it, catalogued everything inside, and published the results. The breach was so obvious, so completely avoidable, that it genuinely raises the question of whether anyone on Taylor’s technical team has ever actually worked in security — or just attended conferences about it.
Here’s what gets lost in the comedy: those 17,662 people handed over their real names, phone numbers, and home zip codes to an organization promising to protect them. Some of them may be in genuinely sensitive situations. Some may face real consequences from the exposure. They trusted Miles Taylor — a man who spent years billing himself as a guardian of American security — and he couldn’t be bothered to install a digital deadbolt.
The resistance doesn’t need enemies. They’ve got Miles Taylor.
