Read on Twitter
Online privacy: a thread for sex workers.
I've known a lot of ladies who outed themselves accidentally (myself included) so here is a comprehensive list of privacy tips & tools.
(Repost of the original, since I formatted it badly)
Rule #1: Always use a VPN....
I've known a lot of ladies who outed themselves accidentally (myself included) so here is a comprehensive list of privacy tips & tools.
(Repost of the original, since I formatted it badly)
Rule #1: Always use a VPN....
Rule 1) Always use a VPN. ProtonVPN has a free one that works great & is compatible with all your devices, so no excuses. Download it now if you don't already have it, for laptop, phone & tablet. Always use it, every time, no matter what, even at home. https://protonvpn.com
Rule 1a) ALWAYS use it because hotels especially will track your web traffic & kick you out without a refund for browsing certain sites. (But really, don't let your home internet know what you're doing, either, so ALWAYS use it)
Rule 1b) When traveling, ignore the wifi & make a hotspot using your phone for ads/email. A lot of plans include 2gb+, but check your data allowances to avoid hotspot overages, bc they get expensive. And still use the VPN, so your traffic is less traceable, period.
Rule 2) Never use the same pics of you on your pro social media that you do on your personal social media. Photos are VERY easy to search, and even similar photos with the same background/furniture/clothing can get tagged. Also, facial recognition is a thing now.
Rule 2a) This extends to photos of pets. Don't post pets, period, on both profiles - do it on one or the other. We tend to think less about how our pets are recognizable, but they might be even more so for some creepers.
Rule 3) If you have personal social media, go into all of your profiles. Change your name to a fake one. Make your featured pics something that isn't you. Check ALL settings, lock absolutely everything to friends-only. Disable tagging, location data & facial recognition.
Rule 4) Check your social media settings routinely. They love to change these without telling you & suddenly all your info is public. Any time you get a TOS update, it's time to check your settings again.
Don't forget to check your google account too; it saves GPS data.
Don't forget to check your google account too; it saves GPS data.
Rule 5) Check your device settings & Apple ID too - laptop, tablet, & phones. The defaults are terrifying. Don't forget to check photo settings, since they default to location-tagging media. Go through every menu under "settings" & lock everything down.
Rule 6) Avoid using the same phones/laptops/etc for work that you do for home. Even just using the same wifi can link your social media accounts (use the VPN!).
If you must use the same laptop, then create separate user profiles to help avoid accidental cross-posting.
If you must use the same laptop, then create separate user profiles to help avoid accidental cross-posting.
Rule 7) Never EVER use social media apps; they steal & compile data in order to make money from you. Log in using a web browser only, and use private browsing mode. If you don't, people who call/email WILL see your social media profiles suggested on their own social media.
Rule 7b) Don't ever give a social media app your real phone number. Ever. All they need is your email address. If you're setting up 2-factor authentication, use your work number or you can use a VOIP number. Once again, never mix work & personal names/numbers.
Rule 8) Enable 2-factor authentication whenever possible in your account settings. This sends you a code by text message whenever you log into your accounts, & will make it much more difficult for someone to hack into your stuff even if they steal your password.
Rule 9) Change your passwords once a month. I'm weird & keep mine memorized, but a password manager like Dashlane works great & should be compatible with all your devices.
Rule 9a) Use a different password for every account.
Rule 9a) Use a different password for every account.
Rule 10) Use encrypted, offshore email whenever possible. I really like safeoffice, but protonmail also works great and has a free option for light users. Keep in mind your emails to/from other users are only encrypted if they are also using secure email.
Rule 11) If it's on the internet, it's there forever. Seriously. ForEVER. Sites exist simply to aggregate social media posts, ad posts, porn, even things you've restricted behind a paywall, they will be there for. ev. er.
If you post it, make sure you're okay with that.
If you post it, make sure you're okay with that.
Rule 12) If you won't use ProtonVPN (free!) or NordVPN (excellent!) then do your research & make sure that whatever you find is zero-knowledge (doesn't store your traffic) and doesn't have a DNS leak (rendering it useless).
Test for this: http://dnsleaktest.com
Test for this: http://dnsleaktest.com
Rule 13) Keep GPS turned off on your phone especially when taking pics, or your it'll embed GPS location in your files. Turn this off in settings, & run your pics through an exif remover before posting.
GiMP has one built into the export menu & it's free. http://gimp.org
GiMP has one built into the export menu & it's free. http://gimp.org
Rule 13a) If you don't remove exif data, then you may have some really horrifying personal info in the metadata for your photos. Make sure you remove it. Seriously, use GiMP. It's free, it's a great image editor & can have the exif data auto-removed in the image export.
Rule 14) For in-person meets, keep your bluetooth turned off & if you're home, make sure none of your smart TVs, wifi or other devices are named after your real info. Same goes for nearby sharing on phones. Disable this in your settings, or your phone name & info is easy to get.
Rule 15) When registering a work phone, use a fake name. Prepaid plans are cheap & don't require ID, but it's worth investing in a good phone (iPhone or hardened Android) for the security features which brings me to...
Rule 16) Always use a passcode lock, NEVER use biometrics (face ID, fingerprint, etc). Use the 6-digit PIN only & set it to engage immediately on locking the screen. Biometrics can be obtained without your consent.
Enable the killswitch: auto-device-delete after 10 failed logins.
Enable the killswitch: auto-device-delete after 10 failed logins.
Rule 17) Check settings for each app, make sure it doesn't show notifications on the lock screen. You don't need a nosy client (or family member) seeing txts & emails. This is for your clients' privacy, too.
Rule 18) For in-person meets keep a separate drawer where clients can stash their belongings including watches & glasses. Hidden cameras are easy to come by, it's not worth the risk. I've seen way too many hidden-cam vids on sketchy review boards & porn sites.
Rule 19) If you allow pics/vids, make sure you're OK with them being on the internet, totally outside your control, forever, always, because sooner or later one or more of them WILL get there. Even if you trust your client, someone in his life may steal it & seek revenge.
Rule 20) Consider your clients' privacy also. Free services like gmail, hotmail, etc are free because they aggregate user data & sell it for a profit. Use safeoffice or protonmail instead. Keep anything in your phone minimal & password protected & everything else offshore.
Rule 21) If you have to keep local files, use a secure delete file shredder and partition part of your HD and encrypt it. Try http://veracrypt.fr and https://ccleaner.com (just the free version!).
Rule 22) NEVER allow your computer or internet browsers to store your passwords or save your login information for next time, this is a HUGE security risk if anyone gets a hold of your devices. Log in fresh, every time, and use 2-factor authentication. (see rule #8 for more)
Rule 23) When using Chrome, don't sign in. There's no reason to do this, all it does is allow them to save your data & sell it & there's zero benefit to you.
Also, use private browsing mode. (And a VPN!)
Actually, just don't use Chrome. Use Firefox. https://mozilla.org
Also, use private browsing mode. (And a VPN!)
Actually, just don't use Chrome. Use Firefox. https://mozilla.org
Rule 24) When posting in forums & on social media, be careful what you post. Don't post about public events, emergencies, etc that may be near your home or places that you frequent. Savvy stalkers can use this to find you IRL (ask me how I know this 
)
)
Rule 25) Be careful about posting small innocuous bits of personal info such as "I like burgers", "this restaurant is my favorite", "I have to get a burger here every time I visit x". Apart they may mean nothing, but savvy stalkers can compile this info to find you IRL.
Rule 26) When touring, don't post selfies from your hotel room. There's a site aimed at stopping trafficking that has a database compiled from well-meaning travelers of hotel room interiors, addresses, & room numbers, meant specifically to identify what hotel & room# you're in.
Rule 27) Suggested by @AlyxWolfe: never tell anyone your real name no matter how trustworthy they may be now. I'll add to that: don't give a client your real phone number/email either, or any personal online usernames/accts even if they don't show your real name.
Rule 27a) This is because any of those things can be used to easily find your real-world info. I'm not gonna go into how here, bc I don't want that info misused. Also, never leave your purse unattended or mail where it can be found. For hotels, put your ID/valuables in the safe.
Rule 28) Any apps you use to add filters or blur to your photos (pixlr, picmonkey etc) will keep the unedited versions of your photos & some will turn them into stock images afterward. Check out GiMP as an alternative. (it's free!) https://gimp.org
Rule 29) Facial recognition: Keep in mind that once it's on the internet, it's there forever - there are data companies making their living by perfecting AI/facial recognition software.
If you post your face, make sure you're ok w/it being there for EVERYONE to see, forever.
If you post your face, make sure you're ok w/it being there for EVERYONE to see, forever.
Rule 29a) if you travel internationally, this may eventually be a concern if it isn't already. (some travelers have reported issues after Er*s)
This technology is new & unregulated. Consider cropping or obscuring your face in your photos if you're concerned about FR.
This technology is new & unregulated. Consider cropping or obscuring your face in your photos if you're concerned about FR.
Rule 30) Be savvy about your social media, and what you're posting. Twitter is known for shadow bans, which can really hurt your visibility.
You can use the tool here to find out if you're appearing in search results or not: https://shadowban.eu
You can use the tool here to find out if you're appearing in search results or not: https://shadowban.eu
Rule 31) Rule #31: Donât preemptively block civie contacts on your social media that you use for work. There are apps that will show who has unfollowed/blocked & you may inadvertently out yourself.
Rule 32) Be careful when registering for CashApp - the phone number you use to register may show up on the transfer history and on bank statements where the other party can see it. Thank you to the anonymous gent who sent this one in!
Rule 33) Don't use the "login with facebook" or "login with google" options when signing up for accounts, this creates a massive opportunity for privacy invaders like google to peep your info & sell your data, & makes it easy to seize control if someone hacks your accounts.
Rule 34) If you canât use your own computer, (or even if you can) throw a copy of TAILS on a usb drive & work from that. It contains a safe OS with all sorts of secure tools built right in, like TOR & Thunderbird.
Brought to my attention by @organotoy
https://tails.boum.org/install/
Brought to my attention by @organotoy
https://tails.boum.org/install/
Rule 35) When staying in hotels, keep the TV off & hide the remote; many hotels now put reservation names on the TV & it'll show on the guide screen.
@Leyla_Amar reminded me about this one!
@Leyla_Amar reminded me about this one!
Rule 36) Important tip from @Leyla_Amar: Screen yourself the way you would clients. Use every variation of all your names possible. Clean yourself up from the internet. Ask to be removed from sites. Reverse image your own photos.
I'll add: do the same w/ your email & phone#.
I'll add: do the same w/ your email & phone#.
---I'd like to correct my original post - I put "ladies" but that's not quite as inclusive as I'd normally try to be. So, while it is technically ladies I've known who have outed themselves by accident, I wholeheartedly welcome trans, male, queer & enby SWers using this too---
Rule 37) Brought to you by @vixen_for_hire:
Use a Firefox extension called Multi-Account Containers to help keep trackers from cross-referencing your work/personal email & social media.
For Facebook, use Facebook Container.
https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/ https://addons.mozilla.org/en-US/firefox/addon/facebook-container/
Use a Firefox extension called Multi-Account Containers to help keep trackers from cross-referencing your work/personal email & social media.
For Facebook, use Facebook Container.
https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/ https://addons.mozilla.org/en-US/firefox/addon/facebook-container/
Rule 38) Brought to you by @cliterarybuff -
Hotel room safes may be easy to break into for someone who knows a couple of easily searchable tricks. If you're going to hide belongings/valuables in a hotel room, hide them well. Don't use the same hiding place every time.
Hotel room safes may be easy to break into for someone who knows a couple of easily searchable tricks. If you're going to hide belongings/valuables in a hotel room, hide them well. Don't use the same hiding place every time.
Rule 38a) Because local hobby boards sometimes share info about where providers hide cash, etc & that can make it easy to rob you: Hide things when guests aren't looking & where it's easy to keep tabs. Never leave guests unattended in your room - EVEN regulars.
