| Apr 7, 2018
This is an attempt to present and ingrain a digital remedy for enduring the condemnation and censorship by a puritanically afflicted government and subsequent regulations. Not unlike when the techies intervened in the Arab Spring coming to the people’s aid at liberating their voices and enabling them to hasten their emancipation. Removing the hand covering one’s mouth and safeguarding against future oppressive grips is the foundation for enacting change.
Digital security has many layers like an onion. If the core is considered oneself and aspects one is under direct control, then there is expansion outward toward elements of one’s security that increasingly are outside of one’s control, such as laws. All layers are integral to one’s security. The first line of defense would be laws, but one would be foolish to depend upon the laws and the governments that enact and enforce them. Thus, the more layers one has, the more difficult it is to compromise one’s security, with the security that is under direct personal control being the last rampart in the multi-faceted approach to security. Therefore, we start with securing one’s digital devices.
It is important to know that no security is guaranteed infallible. Also, one’s threat level determines the security measures to be implemented. It is a fine balancing act between appropriately securing oneself against the determined threat level and usability. If the security implementation is too complicated to set up, then one is likely not to adopt it. Likewise if it is complicated or cumbersome to use, one is inclined to not use it.
Security and privacy, though technically are different issues, are really two sides of the same coin. As privacy is dependent upon security, for the sake of ease of conversation, the term security will be used with the combined meaning of security and privacy.
One can have the most secure device or platform, but if one’s passwords are rubbish, then it is all for not. Passwords are often the weakest link in security, which is why it is often the starting place for any hacker or other entity attempting to breach an individual’s or company’s security. Following will be outlined some general guidelines for creating and managing passwords.
First on the agenda is to begin using a password manager. Recommended is 1Password. A password is paramount to security. If one can remember all the passwords one uses, then they are not secure. 1Password will be able to manage all passwords and other highly sensitive information. In the end, one will only need to remember a handful of secure passwords, the crucial one being the password used to unlock 1Password — perhaps the reason for the name. Other passwords that will need to be remember would be for one’s devices, which should be different for each. One’s smartphone, tablet, computer, and 1Password should all be different securepasswords.
1Password will provide one with a secret key. To initially log in from an unrecognized device, one will need the password and the secret key. Because 1Password is the crux of one’s security it is important to have the secret key accessible via more tangible means. For example, if all of one’s digital devices were confiscated, one would need to gain access online from another computer’s web browser to 1Password. Since the master password is memorized this is not an issue, but the secret key will need to be retrieved by other means. A common method of achieving this is surprisingly low-tech. Print the secret key onto two pieces of paper. Cut them into slips just big enough to contain the secret key and then hide the two slips of paper in two entirely different locations. If one is in the home, then the other should be outside the home — one’s car for example. Furthermore, do not label the secret key paper in any way.
As a general principle, a password should be no less than 13-characters in length, contain at least two special characters, two numbers, and two capital letters. Ideally, 20-character passwords should be endeavored, especially for more sensitive information. Three categories of passwords will be outlined here.
A character password is a password comprised entirely of disparate characters. An example would be, mG(VLetTh)8#@VjT392V. By virtually all standards, such a 20-character password is secure and for all intents and purposes can be considered unbreakable with today’s technology. A character password should the staple of anyone’s password repertoire. Using a password manager, such as 1Password, not only makes using such passwords a viable option, but easy as well. With the click of a button the password and other relevant login information is automatically filled in.
A worded password is one’s go to solution for a password that needs to be remembered. Such a password, although lengthy and appearing complicated, can be easily remembered because it can be constructed in a way that makes sense and as a result of needing to be remembered, will be used often thereby aiding memorization. A worded password is constructed by joining two or more words together interspersed with characters and numbers. Although it is not recommended to create passwords that are immediately relevant to oneself, such as a birthday, favorite hobby, etc. One can create a worded password that makes sense as it relates to something known or of interest personally. An example of a secure worded password for one interested in physics would be Newton&Einstein4E=mc2. A password such as this would be secure and for one interested in physics could make sense — Newton and (&) Einstein were physicists for (4) coming up with Einstein’s formula (E=mc2) related to mass and gravity, which both were scientifically associated with. A worded password would be what is used for unlocking 1Password, one’s computer, etc.
A passphrase would be a sort of sentence without spaces. A saying or quote would be a possible candidate. If the passphrase contained various punctuation, so much the better. To gain the most security out of a passphrase, as it is often void of characters and numbers, it will tend to be longer. An example of a passphrase would be “Yousayyouwantarevolution.Well,youknow,weallwanttochangetheworld.” Lyrics from the Beatles “Revolution.” A passphrase is not often a chosen means of password as a worded or character password often provide the best balance between security and usability, but is presented here for sake of giving one options in password creation.
Although not a password, it is related to one’s password security protocols. Two-factor authentication (2FA) is a means of diminishing the risk of a hack or other type of infiltration. With 2FA one will also need access to the device that does the verification. By using 1Password, 2FA can be managed from within the program. This means that one has access to 2FA regardless of the device used, even if one has no devices and must access 1Password from an unknown computer via its web browser. Any website that can have 2FA enabled, should. Provided it can be done via 1Password. There are other means of 2FA, such as using a text message. Although better than no 2FA, it is not by much.
Turn Bluetooth off when not needed. This applies to both iPhone and Android. Keep all software and apps up-to-date and only download software and apps from official sources, such as Apple’s iTunes Store or Google Play. There are certainly many more security conscious settings and tweaks that can be done to one’s devices that perhaps will be gone over at a later date, but the following are concerns applicable to sex workers.
Throughout this article, the first device listed will offer the most detail in explaining the topic’s nuances, with the remaining device instructions being limited in scope to specifically adjusting the setting or feature as it pertains to that device. Therefore, it is recommended to read the information contained within the first device being expounded.
Smartphones & Tablets
Passcode & Encryption:
Although both iPhone and Android are being explained here, as they are the two most common devices used today, it is recommended to use an iPhone. It is understood that this is an inflammatory recommendation and controversial, but the iPhone is by default more secure and easier to adequately increase security on than an Android device. Additionally, Apple, the company that makes iPhone, has a record for taking privacy and security seriously; has a reputation of defying law enforcement and governments in defense of said security and privacy; and does not have a business model dependent upon commodifying their user’s data to make a profit — such as with Google, the makers of the Android OS.
Begin with securing the device from unauthorized access. This should be done with a passcode. It is recommended to use at least a 7-digit numerical passcode. This is because one’s smartphone is a device that is constantly being accessed throughout the day, so if one were to use a more secure passphrase it would render the smartphone cumbersome to unlock and therefore, one would become inclined to dispense with the unlock security measure. Do not use thumbprints, facial recognition, or other biometrics for securing the device. These can be more easily bypassed than a passcode as well as put one in a position to be compelled to unlock the device against one’s will. Such biometrics are okay to use once the device is unlocked, such as making purchases or downloads, etc. Additionally, with Android, do not use patterns for unlocking one’s device. These can easily be spooked.
Go into (Apple instructions) Settings > Touch ID & Passcode and turn the feature on. Enter the desired passcode. It will require one to re-enter the passcode, then select Require Passcode and choose Immediately. As already stated, do not use Touch ID (i.e. fingerprint) or Face ID (facial recognition) to unlock the iPhone. It is acceptable to use these for Apple Pay and other features if one chooses. When enabling a passcode on an iPhone the device will be encrypted, further hindering attempts to get access to the information on the iPhone without unlocking the device. In the section for allowing access when the device is locked, this will depend upon one’s use of the iPhone. Siri is okay to allow, as Apple has done an acceptable job of not allowing Siri access to critical information without unlocking the iPhone. The Recent Notifications should be thought through carefully however. This will display things such as text messages and e-mails. Later it will be discussed how to modify how this information is displayed on the lock screen. However, e-mail and messaging will not be handled via the built-in normal methods (discussed later) and therefore may become unnecessary to concern oneself with. Finally, turn on Erase Data. This will cryptographically erase all data on the iPhone after ten failed attempts to unlock the device. This is the feature that makes a 7-digit passcode a viable option for securing one’s iPhone, as there is no way to brute force one’s way into the iPhone within ten attempts.
Go into Settings > Security > Encrypt phone. A passcode will be set at this time for unlocking and decrypting the device. In Security turn on Automatically wipe. This will securely purge all data on the device after ten failed login attempts.
Notifications that appear on the lock screen of an iPhone are often overlooked when auditing the security of a device. These are seemingly innocuous alerts, but can have the potential of displaying potentially incriminating or compromising information. Therefore, one should consider carefully what apps to allow notifications and how the information will be displayed. This is done in Settings > Notifications. (Apple Instructions) As it pertains to the sex industry, seriously contemplate Calendar, Google Voice, Mail, MEGA, Messages, ProtonMail, and Signal apps. The built-in iPhone apps will be familiar; the others will be encountered later.
The Mail app ideally will not be used and therefore concerning oneself with the notification settings of it may be unnecessary if this is the case. However, if the Mail app is used, turn off Show on Lock Screen.
The Show on Lock Screen for Messages and Google Voice apps, since there is a possibility of receiving messages via these apps despite using an alternative and more secure means of communication, should be turned off.
The Calendar app is dependent upon one’s choice of using it. If using it, do not have Show on Lock Screen turned on. If choosing to use the app for scheduling, realize that although Apple secures the data synced and stored via the iCloud service, they hold the keys. Without technical explanation this means that despite them taking privacy and security serious, they can be compelled by U.S. court order to turn over certain information. Since they hold the keys, they have the ability to do this even without one’s consent. If using the app and taking advantage of iCloud syncing so as to use the app across all one’s devices, then it would be advisable not to enter incriminating information of oneself or others. Another option if iCloud syncing is not a necessity, one can turn the syncing off (via iCloud within Settings) and have the data only on the iPhone. In such a case one could then use the app freely as the information it contains is secured by the device’s security.
MEGA and ProtonMail Show on Lock Screen should be turned off, while it is okay to have such notification turned on for Signal. For Signal, go into the Settings within the app and choose Notifications. Select Show and choose No Name or Content.
One should use discretion regarding all other apps being conscientious of what and how much information it will display on the lock screen. For the most part such information will be controlled from within the iPhone’s Notifications center, but occasionally additional tweaking can be done from within the app’s settings as in the case with Signal.
Android works in a similar way to what was explained above for iPhone. Navigate to Settings > Apps & notifications > Notifications> App notifications and tweak each app as is necessary so as to not display content on the lock screen.
Regularly backing up one’s mobile device is an important habit. If one’s smartphone is backed up and it gets damaged or confiscated, then once a new device is acquired, all that is necessary is to plug the device in and restore it from the backup.
Enable Find My iPhone. Indeed, this should be set up on all Apple devices, including one’s computer. This is a useful feature not just for locating a lost or stolen device, but also for securely and remotely wiping its contents in the event it is lost, stolen, or seized. Although the device will need to be turned on and have access to the Internet via cell or Wi-Fi, it is better than not having it enabled. In the event of seizure, time is of the essence. One will need to get to a computer, any computer, and log into iCloud to wipe the data. This will need to be done while the seized device is in transit as once it gets into the hands of the IT division, they will know to isolate the device from any Internet access.
Lastly, turn on Guided Access. Guided Access allows the iPhone to be locked into the currently opened app when Guided Access is activated. This is a useful security feature not just for handing one’s phone over to their child to play with, but also when handing it over to the authorities. An example use would be at a protest and using one’s phone to take pictures. If Guided Accesses is turned on while using the Camera app, then if the phone is lost or grabbed from one’s hands, access will not be possible to the remainder of the phone and its data. Likewise, if law enforcement request to see the phone and the photos, they would not have access to anything other than the Camera app and the information they claimed they wanted access to.
Enable Google Play Protect. This is done in Settings > Google > Security. While in this security area, also enable Improve harmful app detection. Google Play Protect is the medium by which Find My Device can be accessed, thereby providing one with the ability to locate and remotely wipe one’s device should the need arise.
For additional data protection on the Android device, within Storage settings, set it to store data in internal storage.
Finally, activate Screen Pinning on Android. Turning the feature on is located in Settings > Security & Location > Screen pinning. Once turned on, it can be activated from within an open app by tapping Overview, swiping up, and then tapping Pin Pin. This will enable the locking of an app in a similar way to Guided Access discussed above.
It is acknowledged that the choice of computer is often viewed as a very personal choice, and like the smartphone, can be quite a volatile subject. Such debates are beyond the current scope, instead endeavoring to offer the best solution(s) with regards to security and operating within a hostile environment as activists, some journalists, and of course, sex workers often find themselves. With that said, the best choice for computer is going to be a PC running a Linux distribution or a Mac. However, since it is Mac and PCs running Windows that are the most common, these will be the two that are explained here. However, one should be advised that using Windows, regardless of the security “hardening” one does, will not be on par with what can be accomplished by using Linux or Mac.
Like one’s smartphone, the security process begins with securing the device against unauthorized access. This involves both establishing passwords and encrypting the computer.
Under the Apple logo in the top left choose System Preferences, then Security & Privacy. Then select the FileVault tab (Apple instructions) and turn FileVault on. It is recommended creating a secure worded password that can be remembered from the password creation section above. It will also generate a recovery key, which should be recorded in one’s password manager. This password creating after turning FileVault on both encrypts the computer and creates a password screen prompt when turning the computer on or waking from sleep.
While in this Security & Privacy settings area, from within the General tab select Require password and set it to immediately. Select Disable automatic login. As for the Allow apps downloaded from: this will depend upon one’s tech competency. If one is confident in one’s ability to discern safe apps to be downloaded and scrutinize their integrity, then allowing apps downloaded from the App Store and identified developers will be acceptable. Otherwise, one should limit apps downloaded only from the App Store.
And finally, while in the Security & Privacy area, make sure the firewall is turned on. Mac has an excellent built-in firewall, so the need to install one from a third party is not necessary.
Lastly for passwords, disable root user and establish a firmware character password (Apple instructions). The root user is disabled by default, but if one has enabled it and cannot remember how to disable it, follow Apple’s instructions here. To set a firmware password, while turning on or restarting the computer, hold down Command-R. Once the Apple logo appears it is okay to release the keys. Once the utilities window appears choose Utilities then Firmware Password Utility. From here, turn on Firmware Password. Once this is done, quit the utility and restart the computer as normal. This firmware password will not be needed for most people under normal circumstances, which is why a character password is an acceptable choice here. Therefore, the password can be among the most secure password choices, as it does not have to be memorized or entered regularly.
With Windows a login password and disk encryption are separate affairs. To set a login password follow the instructions here. While instructions for encrypting a Windows device can be followed here. To confirm the password is required immediately, navigate to Settings > Accounts > Sign-in options.
To set a firmware (UEFI) password on a Windows PC access the Start menu then Settings > Update & security > Recovery > Advanced startup > Restart now. After the computer has restarted, Troubleshoot > Advanced options > UEFI Firmware Settings > Restart. This will restart the computer into the UEFI options where the firmware password can be set. It is also recommended, while in the UEFI options to check for any UEFI updates.
For turning the firewall on, follow the instructions located here.
Anti-virus and malware protection is a critical component to one’s security, as this is the most common method in which a device gets compromised. Talks about Signal, for example, potentially being “hacked” are a result of a devise being infected with malware. It is not that Signal itself has been compromised or hacked, but rather that the device has been and therefore the intruders are able to obtain the information being sent via Signal before it is encrypted on the sender’s end. Or a keylogger malware infecting a computer or other device thereby compromising one’s security as it records everything that is inputted via the keyboard — passwords, etc. These are just a few examples of how critical virus protection is. It is not necessary to explain the setup for various anti-virus software, as they are relatively self-explanatory. However, it is important to select the best. With regards to anti-virus protection there are several to choose from that are consistently at the top of the ratings. These are Avast, Malwarebytes, Bitdefender, and Kaspersky. It is important to have one’s computer constantly monitored by anti-virus as opposed to occasionally running it to see if one has been infected — i.e. to nip it in the bud before it happens. With that said, Avast is the recommendation. It offers top-level anti-virus protection for free, with additional protections if one chooses to spring for the paid version. However, if one were to pay for anti-virus protection, then perhaps Malwarebytes would have to be the recommendation. Obtain virus-protection software, install it, and set it to load when the computer starts and run in the background constantly scrutinizing data for malicious content.
Although a virtual private network (VPN) is being discussed within the computer section of this article, it equally applies to one’s mobile devices. Connecting to the Internet, especially a public Wi-Fi, should always be done via a VPN. This helps to ensure the information being transmitted is secure, and helps to add a level of location security in that one’s location is seen as being the location of the particular server chosen. The technicalities are not necessary here. Not all VPNs are created equal. For example, using a free VPN service only gives one the illusion of security. They are not secure and only serve to transfer the commodification of one’s data from a company like Google, for example, to the free VPN company instead.
The recommendation here is to use TorGuard, although Private Internet Access and NordVPN are other top choices. NordVPN makes use of TOR, which can make accessing some sites a hassle if one doesn’t know how to circumvent the screening. Whereas Private Internet Access can be a bit difficult to set up for people not familiar with VPNs. TorGuard (doesn’t make use of the TOR as the name would seem to imply) offers the best balance between security, ease of use, and usability. As a VPN partially has the responsibility of protecting one’s identity, it is advisable to create the TorGuard account with a nom de plume and pay for the service with Bitcoin or a gift card, which TorGuard offers. Obviously the Bitcoin wallet used will have to be clean (i.e. not tied to one’s legal identity), or the gift card used should be purchased with cash.
Settings: Tunnel Type set to OpenVPN, Protocol to UDP, Port/Auth to SHA256, and Cipher to AES-256-GCM. Auto connect will be personal choice. Under More Settings > General, ensure that Arm killswitches is checked. Under the App Kill tab set it to automatically quit certain apps in the event the VPN loses connection. This will be dependent upon the apps one uses and for what purpose. An example would be to have one’s torrent app terminated upon disconnect as in some countries one’s ISP monitors website traffic and assume one is behaving nefariously if one is using a torrent. In Network > General, check all boxes. And under Select Interfaces check Wi-Fi. It may also become necessary to use “stealth” VPN if within a country or organization that censors the Internet, as well as some ISPs censoring one’s Internet access. An example of this would be the Great Firewall of China. In such cases Select Server and filter by Stealth. This will display only stealth servers and one will be able to surf the Internet without censorship.
There is only one recommendation for web browser regardless of the platform or device (mobile or computer) and that is Firefox. Although one will not be able to tweak the settings as advised here on a mobile device, it is applicable to computers. Although there are a couple other secure browsers for sure, Firefox wins out hands down being consistently among the top in every metric. There are two phases to setting up the web browser. The first is tweaking the settings, while the next is installing necessary plugins.
In Firefox’s Preferences starting with the General section, ensure Firefox is set to automatically install updates and search engines. The remaining settings within General are not relevant to the topic at hand, however, that does not mean one should not carefully make decisions regarding them.
In the Search tab, select Ixquick. It will be necessary to set this up before it will appear in the list of available options. Ixquick must be one’s go-to search engine, while DuckDuckGo and/or Disconnect can be secondary options if one feels the need. It is always good to have a backup. On the Ixquick main screen will be an “Add to Firefox” option. This will enable the selection of the search option in the dropdown mentioned above.
Within the Privacy & Security segment, make sure the following options are checked: Always use private browsing mode; Accept cookies from websites with third-party set to Always; Override automatic cache management limiting it to 1 MB; Tracking Protectionset to Always; Do Not Track set to Always; Block pop-up windows; Warn you when websites try to install add-ons; everything toward the bottom under Security checked; and Certificates set to Ask you every time, with Querry OSCP … also checked. Everything else within Privacy & Security should be unchecked with the exception of the Address Bar section. This can be as personal preference dictates.
Using a Firefox account is convenient for usability and does not significantly impact security. However, uncheck Logins and Addresses. These Firefox settings get the basic Firefox software set up to be more secure. As has already been mentioned, nothing is perfect, and these settings and upcoming browser plugins are no exception. Again, these suggestions are providing the best mix of security and usability while taking into account the aforementioned threat assessment.
Plugins found under the Add-ons menu option, the following extensions should be installed and set for automatic updates: Cookie AutoDelete by Kenny Do; HTTPS Everywhere by EFF Technologists; IDN Safe by Aykut Çevik; Privacy Badger by EFF Technologists; and URL analyzing with VirusTotal by James Fray.
Previously what has been being dealt with was essentially a base level of security that people should be adopting. It is important to care about free speech, which security is an important component, before it is threatened. Now we begin to enter areas that are more nuanced and applicable to the sex industry.
Signal is a pseudo-replacement for one’s traditional phone, texting, and video chatting. The downside is that is does require the person to whom one is communicating to also be using Signal. This will make it difficult to use personally with the exception of the friends and family one knows that cares about their security. But for dealing with clientele, it should be insisted upon and eventually it will become the norm within the industry.
One should be forewarned that Signal does use one’s phone number to register; so using one’s personal phone number would not be advisable. Since there is no ability to have multiple accounts on the same Signal app, it poses a bit of a frustration for those interested in using it for business and personal use. One option, if using Android, is to create two separate logins on the Android device. Some people find this a viable solution, however, most do not as one then cannot send or receive messages on the other account one is not logged into. It is a cumbersome solution. Another solution is to use Signal on one’s smartphone logged into the Signal account most often used, and then install Signal on another device, such as a tablet, and login to one’s other Signal account. Regardless, the level of security in one’s communications for both oneself and clientele is a necessity. Additionally, at least when dealing with clientele, use disappearing messages (instructions found here).
To be able to set up Signal without revealing one’s personal phone number to one’s patrons make use of a Google Voice phone number. Obviously this Google account would be under one’s pseudonym and not tied in any way to one’s actual identity or other information. Although Google is not a recommended company to do business with, it is useful to have a Google account for some situations, such as this, to be used conscientiously and cautiously. In this case, the number is only going to be used for the purposes of setting up and using Signal. Although a client could text the number using conventional means, they will not receive a response since one does not actually use the account. For this reason, it is also advisable to not have phone calls to that number forwarded to one’s phone number. This ensures that clients must communicate via Signal. Although the number used to register Signal is not needed once this registration process has been completed, it is recommended to use a Google Voice number as opposed to a burner phone. This is because there are occasions where one will need to re-register the number with Signal, therefore, a stable number to be used will eliminate the hassle of having to distribute a new phone number. The process of registering Signal is simple, once Google Voice has been accessed, log in and await the text message Signal will send via the Google Voice phone number provided. Enter the verification code in Signal received by text via Google Voice. The process is done. It should be noted that for a person to show up in the Signal contacts, the phone they registered with Signal would need to be added to one’s contacts.
If one wishes to amp up one’s security protocols, then verifying a person’s Signal account is a good idea. Additionally, one can also verify an individual call with the words that appear on the screen at the beginning. This ensures no person has infiltrated the communication.
A pleasing sight is seeing the number of everyday people discovering and adopting ProtonMail as their e-mail. Like Signal, this must become an insisted upon form of communication. E-mail between other ProtonMail accounts is automatically and seamlessly encrypted, but for those whom remain resistant to secure e-mail adoption ProtonMail offers a solution. It is possible to secure e-mail from one’s ProtonMail account to a non-ProtonMail account. This is done by adding a password. Remember that encryption is only as strong as the password used to secure it. This password then can be conveyed to the other person, a client for example, via Signal or in person. Ideally a different password will be used each time, and of course it should be strongly encouraged that the individual begin using ProtonMail. Additionally, as with Signal, there is the option to have the message self-destruct after a chosen period of time. This should be utilized regardless of communicating with another ProtonMail user or not. The length of time before destruction should be a balance between the receiver having a reasonable amount of time to process the information conveyed and the sensitivity of the information. More sensitive information should be set to self-destruct sooner than non-sensitive information.
The important setting for ProtonMail will be, located in Settings under Account, Email Content’s Load remote content should be set to Manual. There will be a button on each e-mail to load the content if it is decided the e-mail being received is trustworthy, in which case the e-mail will appear as normal. Such a setting is a security precaution, as it is easy to transfer malware via such remote content contained within an e-mail.
MEGA is a secure cloud storage service that should be used for one’s data. It offers syncing of information so one’s data is always kept in sync and available via the cloud or other devices. Additionally, MEGA offers secure chat, which could be used as a Skype (which should not be used) alternative for those with such a need. All of one’s data should be securely stored in the cloud. This ensures access to one’s data regardless if one’s devices are lost, stolen, or seized. Should it be suspected that a seized device has been or will be compromised, go online to MEGA (indeed, this should be done for all accounts in such a situation) and change the login password. This does not do anything to keep one’s data from being accessed via the compromised synced device, but it does ensure one can continue to use the data on additional devices.
Regarding Dropbox: This is a useful cloud storage and syncing service that integrates exceptionally well with other apps. Although it is not recommended to use Dropbox for sensitive information, it can be useful for transferring data between people or getting access to one’s data via various apps. Again, this should not be done with sensitive information, and it is suggested to only use it sparingly and as a temporary solution for moving non-sensitive data around.
The area of social media becomes a bit more ambiguous with regards to providing a definitive and acceptable solution. The tech world has provided the populous with Signal, ProtonMail, and MEGA, offering solid ways to securely communicate and store data. Although there are some intriguing social media solutions that have been offered, none have achieved the level of security and ease-of-use as their communications and data storage counterparts have. The current tried-and-true method used by those in danger of being censored is choosing a web hosting service in a country amiable to the industry and then mirroring the site for added resilience.
As this pertains to the sex industry, this will mean choosing a hosting service in a country that is legally hospitable to it. While by no means exhaustive, the list with the most favorable and progressive prostitution laws are New Zealand, Denmark, Netherlands, Germany, Belgium, Austria, and Greece. None of these countries are outside the scope of any of the U.S. intelligence alliances, but there is no acceptable country with favorable sex work laws that is. Therefore, although it is unlikely the use of such intelligence alliances with the U.S. would be used for the purposes of shutting down and individual’s sex website, legal in that country, it is nonetheless a possibility. Therefore, it is important for the sex worker industry to work together mirroring one another’s websites.
Mirroring a website will be perhaps the most complicated solution mentioned here and is dependent upon the community working together, it is an ideal solution if one is able to achieve it. Having one’s site hosted in a country with legalized prostitution is an excellent first line of defense, but if the site gets censored it is offline during the time it takes to set it up with another web host. Mirroring mitigates this downtime. It creates a sort of digital whack-a-mole, allowing the site to remain in operation during the web host transition. Perhaps the ideal tool for achieving this is GNU wget. Adequate information for downloading, installing and using wget can be found via EFF.
Web host and WordPress are often misunderstood. A web host is a company that has servers and allows someone, or a company, to use their servers to run their website. The domain example.com remains under the ownership of the person or company and can thereby be transferred to another hosting company one may move to in the future. Once one has purchased a hosting plan via a web hosting company, one then chooses what platform to install to run the website. This is a content management solution (CMS), and hosting services will offer a variety of these solutions that are set up for easy installation. Additionally, one can also choose to upload and install a CMS not offered by one’s web host. WordPress is often one of these solutions that is offered by default by web hosts, or is chosen to be uploaded and installed by the user. This is for good reason, as WordPress is the best platform for most people’s needs. There is unfortunately some confusion regarding the recent SESTA-FOSTA law and WordPress. There are two avenues for using WordPress. One is via WordPress.com, henceforth referred to as WPcom. Then there is WordPress.org, hereafter referred to as WPorg. WPcom is WordPress’ hosted blogging platform analogous to Blogger.com and other blogging sites. Consequently, any blog hosted by WPcom that involves sex work will be in threat of being shut down by WPcom as a result of the current SESTA-FOSTA law. However, WPorg is not affected by this. Therefore, anyone using an install of WordPress for one’s website via a web hosting service is not affected by this. Although the web host’s terms of service may prohibit such websites from existing on their service as well as if the hosting service operates within the U.S. they may also be forced to terminate the website.
Other Social Media
Diaspora is perhaps a Facebook alternative solution the sex industry could utilize provided one chooses a pod outside the U.S. and ideally within a country that has legalized prostitution mentioned above. While Switter would be a possible suitable replacement for Twitter. Switter is effectively the same as Twister repurposed for the sex industry. For this reason it is a more viable option than Twister itself, as Switter’s origin is Austria, a country mentioned above friendly to the sex industry. The crinkle with these social media solutions is that it does require others, including clientele, to be using the system as well.
The use of Bitmessage can be a vital component in ensuring one’s audience has an authoritative source to reference regarding one’s information. This is important not just for communicating or updating contact information, but also for conveying to one’s audience that a post, for example, came from you and not an imposter. Additionally, if one needs to switch domains, it offers an avenue for certifying the information is legitimate. This is done with Bitmessage by way of Subscriptions. Although Bitmessage is a messaging platform, one that is the highest level of secure communication possible today, especially if used in conjunction with PGP, it can also be used to send out mass messages, which people can subscribe to.
Please refer to the “Getting Started with Bitcoin” article for Bitcoin basics. In there it is recommended using Coinbase for one’s cryptocurrency exchange. This still holds true, however, the exchanges Xapo, CEX.io, and Bitstamp are also prestigious exchanges that could be considered. These other options may be desired as it is understandable that people may wish to do business with an exchange located in or near one’s own country. However, if venturing outside the above offerings and considering other exchanges, besides the soundness of the exchange one must also consider how it handles funds. Stay away from any exchange that handles exchanges using Tether tokens. This will often be abbreviated as UST in an effort to deceive people into thinking the exchanges are done using USD — U.S. dollars. UST is used by a vast number of exchanges for a number of reasons. One being that the exchange is unable to secure banking for their transactions. Another major factor is that it offers a fast and inexpensive way of holding funds being exchanged between fiat currencies and cryptocurrencies that are tied to the value of the U.S. dollar. This protects the funds exchange from rapid exchange rate fluctuations, as the U.S. dollar is less volatile in its oscillations than most cryptocurrencies.
Unless dealing only in cash and/or Bitcoin, there arises the necessity to exchange value between funds, such as Bitcoins to one’s local fiat currency or vice versa. This means that, as a sex worker, one’s money is at risk of seizure or being forbidden from patronizing a particular banking institution. This risk is less of an issue with individual sex workers than it is with a business in the sex industry, but it is there. For this reason, it is suggested not keeping one’s money in a single place. Depending on the amount of money one has at any given time, it can be spread between one’s local fiat currency, Bitcoins, investment banks, and other banks or credit unions.
Should one wish to go the extra mile in shielding one’s legal identity from one’s Bitcoins, then a “clean” Bitcoin wallet should be established and kept clean. A clean wallet means that the wallet used was never, and never will be tied to one’s legal identity. This means that one will conduct oneself only with Bitcoins, foregoing exchanging it to another cryptocurrencies or fiat currency via an exchange. Additionally, if one wishes to get money into this clean wallet, there are classifieds to meet people in person locally who wish to sell Bitcoins, and there are also Bitcoin ATMs. Using the map link provided, one can locate a Bitcoin ATM nearest oneself and use cash to purchase Bitcoins. The regulations on Bitcoin ATMs vary by country, but if fortunate enough, one will be in a country where the Bitcoin ATM does not require ID.
So, this concludes one’s essential digital prophylactic process. It may have been dull, but it is a necessary process to go through. Hopefully it has been presented in a way that makes it relatively painless for the non-techie to set up and use. Although certainly not ironclad, the solutions presented here will offer sex workers a way of resisting censorship and conceivably a means to stand up to the tyrannically religious control of women thereby forming the foundation for change. For silencing people is the first step to controlling them. Now unite and be heard!