According to TheRegister.com, Bryan Fleming, the creator of stalkerware called pcTattletale, pleaded guilty in federal court on Tuesday to one count of selling software designed to intercept communications. He started advertising the software in 2017 specifically to people wanting to spy on spouses or partners without their knowledge. Federal agents with Homeland Security Investigations have been investigating him since at least 2021. Fleming’s company went bust in 2024 after a hack that exposed 138,751 customer accounts and a trove of victim data. He now faces up to 15 years in prison and a $250,000 fine when he’s sentenced later this year, marking only the second successful US prosecution of a consumer spyware vendor since 2014.
The Business of Spying
Here’s the thing about this whole shady industry: the business model is brutally simple. You sell fear, jealousy, and control. Fleming’s playbook was classic—market directly to people’s insecurities. The plea agreement states he advertised to those wanting to spy on spouses. No pretense of “parental control” or “employee monitoring,” which is the fig leaf a lot of other vendors use. He went straight for the domestic surveillance market. And the software delivered, capturing videos of victims’ screens, texts, locations—the whole nightmare. But the timing is interesting. This prosecution comes after his own operation spectacularly imploded from shoddy security. Ironic, right? The spymaster gets spied on, and all his customers’ dirty laundry gets aired. It’s a pattern we’ve seen with mSpy and others. These companies often can’t even protect the data they steal.
A Rare Legal Win
Now, the big takeaway is that this is only the second guilty plea in a federal stalkerware case in over a decade. The last one was Hammad Akbar with StealthGenie back in 2014. That’s a shockingly low number when you consider how many of these apps are out there. So why is it so hard to prosecute them? A lot of them operate from overseas, or hide behind those “monitoring” excuses. This case had a clear hook: Fleming violated 18 U.S. Code 2512, which bans selling devices primarily designed for surreptitious interception. The feds had a solid paper trail, thanks in part to their investigation showing he sold to someone in California. But two cases in twelve years? That’s not exactly a tidal wave of enforcement. It probably feels pretty hollow to the thousands of victims whose data was leaked when pcTattletale was hacked.
Will This Change Anything?
Look, a 15-year maximum sentence is a serious deterrent—on paper. And forfeiting all property involved in the offense could sting. But I’m skeptical. The demand isn’t going away. For every pcTattletale that gets taken down, three more pop up. The real question is whether this guilty plea gives the DOJ a clearer blueprint to go after the bigger, more established players. It sets a precedent that marketing for “spouse spying” is a direct ticket to a felony charge. So maybe it’ll force some of the other vendors to at least pretend their software is for something else. But fundamentally, this is a demand-side problem. As long as people want to secretly monitor others, someone will build a crappy, insecure app to do it. The prosecution is a win, no doubt. But it feels like bailing out the ocean with a thimble.
