Cyber Security for Sex Workers

Tips for Maintaining Security and Privacy as a Sex Worker in the Virtual World

Cybersecurity may not sound like a particularly sexy subject, but it has undoubtedly been a hot topic for the past few years. Our data has become one of the most precious commodities in the global market. As a security researcher and sexual abuse survivors advocate, I have been made abundantly aware of the need for accessible personal security resources, particularly in underserved populations like BIPOC, LGBTQ+, and sex worker communities. Sex workers are amongst the most vulnerable targets for forms of cyber abuse like doxxing and content theft. Below, you’ll find some of my top tips for maintaining security and privacy as a sex worker in the virtual world.

Instagram is notorious for exposing finstas with their “Suggested for You” feature.

What’s something re: cybersecurity that newbie sex workers may overlook?

Though it seems to be a widely acknowledged concern, it can be difficult to separate your personal and professional presence online. Here are some best practices for decoupling the two:

  • If you are interested in making a professional social media account, do not sign up using your personal phone number. Instead, use a burner. Instagram is notorious for exposing finstas with their “Suggested for You” feature. To combat this, create a Google Voice account and use your new number to sign up.
  • Make a Cashapp account just for your clients. Never use a personal Venmo account for work! Venmo is a socially driven platform, don’t make your private business public.
  • Make sure the images you share on work-related accounts remain as such. Don’t reuse photos that have been posted on personal social media accounts.

I love taking nude selfies, but I’m terrified of getting hacked. Is there even a remotely safe way to store them?’

Unfortunately, any data can be susceptible to a cyberattack, but you can take precautions to lower risk. Often, people have their phones set to back up their images to a cloud account automatically. Though cloud accounts can be outstanding for easily accessible storage, they do not offer a ton of security (iCloud is notoriously vulnerable). Cloud accounts can be accessed using just an email address and password, so we need to encrypt the data before uploading. Encryption renders data meaningless unless you have another key to that data. Boxcryptor is a Google Drive, Dropbox, and OneDrive compatible encryption software.

While you can always watermark your stream by using software like ManyCam, it’s important to note that screen recording can’t really be controlled.

How can I send pictures without geotagging myself? Should I send a screenshot?

When you take a picture on a digital device, it exists in the form of an Exif file. This type of file includes your camera settings and the exact time, location, and copyright information of the image capture. While screenshotting an image is an adequate solution, apps such as Exif Metadata and Photo Exif Editor simplify the process of modifying or erasing metadata without sacrificing resolution.

Are there any precautions I can take to prevent people from screen recording my cam shows?

While you can always watermark your stream by using software like ManyCam, it’s important to note that screen recording can’t really be controlled. Companies like Netflix use Digital Rights Management (DRM) technology to prevent screen recordings, but this occurs within the application’s source code. Unless you’re developing it yourself, it is costly to implement. At the end of the day, whether it is by screen recording, a video camera, or a polaroid if someone wants to record your content, they will.

Unfortunately, incognito mode is an often-misunderstood feature.

I want my browsing to remain anonymous. Is incognito mode enough?

No! Unfortunately, incognito mode is an often-misunderstood feature. While it prevents some types of temporary information like cookies and browsing history from being saved, it leaves a lot to be desired in terms of keeping your data safe. Here are two things to keep in mind:

  • Incognito mode won’t erase your download data. Downloaded something for your eyes only? Don’t forget to head to your downloads folder and hit delete.

It doesn’t prevent Domain Name System (DNS) database logging. The DNS is a directory of names for everything connected to the internet. Think Whitepages, but instead of phone numbers, you have IP addresses. By default, most internet service providers will set you up with an unencrypted DNS, exposing a list of the websites you’ve visited while also making your connection more susceptible to interception. For this reason, it’s wise to use a virtual private network (VPN) with its own private, encrypted DNS. VPNs mask your IP address and create encrypted tunnels to protect your data from prying eyes. ExpressVPN is an excellent choice as it has been independently audited to confirm its infrastructure security. Since ExpressVPN is based in the British Virgin Islands, the company is not subject to any minimum data retention requirements nor are they bound to respect any court orders issued from outside of the jurisdiction. ProtonVPN is a free, Swiss-based alternative that offers the same benefits; it just isn’t quite as speedy.

Are password managers safe to use?

Yes! While they aren’t impenetrable, they make it much easier to use long, strong, and unique passwords, which is crucial for maintaining good cyber hygiene. Password managers undergo independent audits to ensure security. NordPass is a good one.

Do you have any secure messaging or email recommendations?

ProtonMail is a secure service that provides end-to-end encryption, meaning only the sender and the recipient can read the contents of your emails. It does not require any personal information to set up an account, meaning there isn’t an innate connection between your identity and your email account. ProtonMail is an open-source platform, meaning anyone can look at the source code to ensure their security claims are valid.

Messaging is where things start to get sticky. While the Signal app has many pros like end-to-end encryption, self-destructing messages, and open-source code, it has one critical vulnerability: it exposes your phone number. If you’re talking to trusted friends and family, this shouldn’t be an issue. However, if you’re attempting to remain anonymous, avoid exposing yourself by signing up using a Google Voice number.

Another bonus of using Cashapp is the ability to perform transactions using cryptocurrency.

I’m interested in working as a virtual sugar baby. Is there any way to get paid without revealing my identity?

Yes. Cashapp is a simple way to send and receive virtual payments anonymously. All you need to receive a payment is an email address (use a burner!) and a $Cashtag, keeping sensitive identifiers like your phone number private. If your client does not have a Cashapp account, simply send a request to their email or phone number using the app, and they will receive an option to pay by card. Another bonus of using Cashapp is the ability to perform transactions using cryptocurrency.

Cashapp follows the Payment Card Industry Data Security Standard (PCI DSS), the same standard used by major credit card companies, ensuring end-to-end encryption for all payments. While Venmo and Paypal are also PCI-compliant, they expose sensitive data such as your email address and phone number.

While Cashapp is a handy app, keep in mind that neither the sender nor receiver is protected by much. Generally, once payment is sent, it cannot be canceled. For this reason, make sure to confirm the payment is being sent to the right person. It should also be mentioned that if you are scammed on Cashapp, you likely won’t be getting your money back.

It’s good practice to Google yourself every once in a while to see what’s out there.

I searched myself the other day and was horrified to find my address online. How do I get this information off the internet?

While it’s essential to accept that most things are on the internet forever, there are some steps you can take to make sensitive information less readily available. It’s good practice to Google yourself every once in a while to see what’s out there. Here is a quick guide on how to help clean up your virtual presence.

I found some of my content on another site. What can I do?

The Digital Millennium Copyright Act (DMCA) was a law passed in 1998 which penalizes digital content providers who infringe copyrights. If any of your content is stolen, you can file a DMCA Takedown Notice.

If you need assistance removing stolen images or have other concerns about non-consensual pornography, you can reach out to LaBac, a hacker collective dedicated to combating tech-enabled abuse, directly on OnlyFans.

If you need assistance right away or just want to learn a bit more, check out the community-based, sex worker-friendly cybersecurity resources below.

With the global pandemic approaching year two, the demand for virtual sex workers has never been greater. Though it’s impossible to mitigate all workplace risks, good digital hygiene habits can keep cyber threats at bay. I’ll leave you with my top tip: whether it’s online or IRL, the best kind of security often comes in the form of community. If you need assistance right away or just want to learn a bit more, check out the community-based, sex worker-friendly cybersecurity resources below.

DCRYPTD

LaBac

C.A. Goldberg, PLLC

Global Network of Sex Worker Projects

Artboard Created with Sketch.