FetLife’s stance on privacy is the same as the RIAA’s stance on piracy, which is the same as Burning Man’s stance on scalping, which is the same as anti-trafficking activist’s stance on sex work. In a sentence, it goes like this:
“Punish anyone visibly breaking ‘the rules’ and ignore everyone invisibly breaking the rules, because these rules aren’t actually there to help anyone except ourselves, and we really need them to believe the rules we set out help keep them safe.”
Here’s the thing:
- Everyone knows DRM doesn’t stop piracy, and yet…RIAA sues computer-less family. In other words, DRM only frustrates legitimate users, while doing worse-than-nothing to stop “pirates,” it actually increases piracy.
- Everyone knows Burning Man tickets are often scalped for greater than face value, and yet…“We’re…going to reward the scalpers who don’t use their real names?”
- Everyone knows a paper trail helps law enforcement stop sex trafficking, and yet faulty logic is employed to censor the Internet under the guise of protection: “Taking something that is visible and making it invisible makes a politician,” or, I’ll add, the founder of a social networking website like FetLife, “look good, even if it does absolutely nothing to help[…]. It creates the illusion of safety[…].”
The following challenges were posted by Demon Kia.
Some clear, yes-or-no official answers to the following would be nice; it’s not immediately obvious to me that these have been unambiguously addressed:
- Did FL ‘catch’ Maymay doing this? Or did TeamFL find out what was happening because Maymay was live-blogging / -tweeting what he was doing as he was doing it?
- Would TeamFL know — as it happens — if someone else was doing this type of ‘security breach’ & the perpetrators were not live-blogging about it & did not make their results searchable on Google, just hung onto the data for their own purposes?
- Does TeamFL have any way to tell if this kind of thing has been done in the past by more secretive hackers?
- Has TeamFL eliminated the ability for this to happen again? Is that even possible?
- Is content which is ‘deleted’ from FL actually permanently deleted from the internet? Or does that content still ‘float’ around out there somewhere the tech-naive know nothing about, even if just for some window of time after the user ‘deletes’?
- Does TeamFL plan on doing more to warn FL users that nothing uploaded here is ‘private’, ‘safe’, or ‘protected’, given how many people indicate that they do think that FL is ‘safe’, ‘private’, &/or ‘protected’?
I’m always appalled at how many FL’ers do seem to think that their content is ‘safe’, ‘private’, or ‘protected’ on FL. For the record, I’m both ‘out’ & tech-savvy enough to know that FL (& the greater internet) is not ‘private’ in any substantive sense, that not even the ‘friends only’ settings offer much ‘privacy’.
In other words, I’m not FetLife’s enemy, despite FetLife’s and many of its users’ insistence to the contrary. Why am I not FetLife’s enemy? Compare the actions I took to the actions someone actually trying to do harm would take:
- I woke up yesterday morning and spent an hour or so writing a trivial (even stupid) 50 line PHP proxy, with no attempt, technically or socially, to hide what I was doing. Then, immediately, I publicized that fact as loudly as possible to focus intense attention on the technicalities.
- An actually malicious person would at least spoof referer and user-agent headers, and re-route their traffic through an anonymizing network like Tor, not to mention not publishing their work publicly and loudly shouting from the Internet’s rooftops that they were doing this! (Obviously.)
An actual enemy, folks who are already data-mining FetLife (if at least for the LULZ, but likely worse), isn’t going to live-tweet the fact that there are problems. They’ll just use the fact that there are problems to do whatever they wish, with no one else the wiser. As the messenger of uncomfortable truths, I’ve become familiar with getting shot (although FetLife sycophants like @LoveorLust prefer, and I quote, “Skinning…and…adding salt and crushed glass to the mix”) each time I do this, which is often:
I am very good at finding information. So are a lot of people. Most of the people who are really good at doing what I can do with information don’t care to show you how good they are at it. They would far rather keep you unaware and ignorant of what can be done with such information. Most of them are so good at it that they are hired by corporate or government interests for this ability. When that happens, they gain far, far more tools than I currently have to do what I can do even more quickly and more thoroughly. For most of us, corporate or government interests are not a threat worth worrying about. It’s people with personal grudges that are a real threat[…].
Clearly, I make many of you uncomfortable, or angry. Moreover, some of you believe me to be a threat of the form you describe. I certainly could be, no one’s denying that. But am I? Look at my actions, use the paper trail you know exists, compare them to the ones in your story, and try to figure out if my actions match your abusers’.
[…]
I’m not trying to tell you what is or is not dangerous to you—that’s up to you to assess. What I am trying to tell you is that there are things we don’t know, and by being uncomfortable, rather than being in danger, we can find out what those are so that we can choose to learn more about them or to dismiss them. But at least we will be choosing. We can not choose to do anything when we do not know that we do not know something.
Clearly, FetLife makes a lot of you comfortable. I think that’s very dangerous. It’s dangerous not just because it means you’re publishing information about yourself that anyone with an email address can access trivially, information that you clearly don’t want to make that public! It’s also dangerous because it keeps you isolated from people who do not spend time in FetLife. It filters its users’ reality to such a degree that many of its users are not even aware of. Worse, they don’t know that they don’t know this, and that’s the most dangerous thing of all. It creates a social filter bubble.
And THAT is what the BDSM Scene proper does, too. That is what ALL Scenes do. That is not just dangerous, that is oppressive.
If we do not understand how these Scenes work to filter information, then we are vulnerable to being controlled by those who do. We need to make sure that they’re transparent enough that we can see what the rules are that determine what gets through the filters, and ultimately makes it to us. I can make you uncomfortable because I can influence the filter. This is a power we need to be aware at least EXISTS, if not gain, ourselves.
Anyone who, after all this, still naïvely believes that FetLife and its powers-that-be are invested in your having the knowledge you need to have power over your own environment is, yes, delusional. So far, the single best comment about this entire issue comes from StudentEarthpig:
[Revealing personal information is] easier on Facebook than here [on FetLife].
…
Facebook even has a download link. Here’s a screenshot.
That’s more or less precisely why it isn’t a concern on facebook. No one is given a false sense of security and privacy. If the powers that be simply tell everyone “look, this really isn’t a secure area, check out this download button,” then it isn’t on the powers that be if people act like it is a secure area.
FetLife has this odd sort of security by obscurity thing, but it isn’t really obscurity… it’s security by non-tech-savvy-ness. If I make a circle of friends that aren’t tech savvy and I myself am not, there’s a good chance we will all convince ourselves this is a super secret secure place to post dirty little secrets about ourselves that would fuck our lives up if discovered.
This is so important, it deserves repeating:
If the powers that be simply tell everyone “look, this really isn’t a secure area, check out this download button,” then it isn’t on the powers that be if people act like it is a secure area.
For years—years—I have been harping on this one point. I have explained and re-explained my own motivations countless times. I have done this until I literally could not stomach the thought of doing so again. And then I did it again.
From the very beginning, the response has been delusional, inconsistent, self-contradictory. The pushback is identical in all cases, and can always be distilled as follows:
- Many say, “If you don’t want your personally identifiable information made public, don’t post it on the Internet.”
- While it sounds like common sense, this statement neglects to consider the fact that it’s impossible to use social media without providing “personally identifiable information” because what makes such networks valuable is such information.
- Companies know this, which is why social networks—including FetLife—are in the business of collecting your personal information.
- The people for whom “personally identifiable information” is not dangerous to be made public are people in positions of institutionally-backed power (they have many, often intersecting, privileges, such as myself). Therefore, when these people are suggesting that others not post to the Internet, what they are saying is, “You don’t deserve to have an online safe space for your self-expression.”
When it comes to FetLife, all of its users are marginalized (although some, like queer, POC youth, for instance are obviously even more disadvantaged) since FetLife is focused on sexuality and so much of the Internet is so hostile to sexual expression. In contrast, FetLife is a downright treasure precisely because it encourages sexual expression in a way literally every other large virtual public square that has ever existed in history has never done.
Doesn’t such a treasure—not FetLife.com the website, but your sexuality and the sociopolitical environment in which it was made possible to express—deserve serious, passionate protection, even love?
I have made that very case countless times before, too:
Both FetLife and Facebook arguably have monopolistic control over their users’ online social lives. But of the two, FetLife is in a far more trusted position because many people who use it do so precisely to avoid using services that aren’t friendly to sexual expression (like, say, Facebook). In other words, most of FetLife’s adoring fans don’t just treat the company like a friend, they treat it like the friend they send naked photos of themselves to, the friend they ask to pass on the sexually explicit note they wrote to their sweetheart(s). And not just any note, but the note about that totally taboo fantasy. Because, why not? That’s okay here! I mean, it’s FetLife, not Facebook!
And y’know what? That’s actually really cool! No, not just cool, that’s awesome. And not merely awesome, but culturally necessary. Just in case it isn’t clear, yes, I’m actually praising FetLife. But as the only large social network not actively hostile to (most) sexual expression, FetLife has also become the single, giant basket many of us have placed our eggs in. And that makes it even more important for FetLife to go the extra mile to secure us.
Yet FetLife does less-than-nothing to protect us; like the Emperor they are, they lie about their new clothes. And many of its users, these “well-adjusted” courtiers, having vested interests, see the Emperor as beautifully appointed. These courtiers who are simultaneously dismissive and outraged over my actions are the ones telling you, dear FetLife user, that you “deserve whatever approbation, embarrassment or other difficulties caused by your revealing sensitive details.”
But in a compassionate society like the one I am working to make, we would not abandon anyone across the digital divide because everyone has a fundamental right to express themselves, sexually if they wish, safely on the Internet.
And what does safety mean? Since having a false sense of security is more dangerous than having an awareness of one’s very real vulnerabilities, safety partly means aligning (and, if necessary, re-aligning) your beliefs about your reality with others’ ability to influence your reality. If you truly believe FetLife’s PR, then you have nothing to be worried about. If, on the other hand, you feel “completely violated,” then perhaps your beliefs about the reality of your existence in FetLife are not as well-aligned as your behaviors indicate.
Shooting the messenger will not change the message. When you get right down to it, all I did was remind you of that in a way you did not ignore.
Finally, I want to share an excerpt of this note I received privately—one of numerous messages I’ve been receiving privately over the course of the past day—because it warms my heart and, among all the vile, ad-hominem insults that make up so much of the boisterous Internet, these supportive private correspondences mean very much to me:
You’re a bit of a guardian angel for the BDSM community, you know? Admittedly, of the terrifying otherworldly avenging angel variety much of the time. ;) I don’t really understand why you take such good care of them in spite of all the rocks their puny kings and minions throw at you…except, of course, I do and I love you for it. You’re not guarding “the community”, you’re guarding the people in it. That’s noble work, and painful work, and tricky work[…]. Watching you do something this difficult so skillfully is beautiful; it also makes me[…]worry about your health a little and wish I could be there to support you in person. You have so much love for so many strangers. I realize that being a cyborg makes them less strange to you than you are to them, and I know this is an important part of your own Work regardless. Still, these people don’t love you back and that makes my heart hurt for you. That kind of unrequited passion is an incredible drain on a person. I hope you’re taking especially good care of yourself, mind and body, and that you’re setting boundaries around your engagement to the best of your ability.
I’ve made my point. Again. I may come back and make the same point yet again. I may in fact keep doing this until something actually improves in the architecture of the technology we use to make virtual safer-spaces.
But not today. It’s time to set one of those boundaries around my engagement of this issue. Let’s not forget that an equally important and very related issue is still raging: FetLife must adopt Proposition 429 immediately. (As an aside, I find it telling that many of the same people who are quick to throw out my name for the FetLife wankfest of safety are also against allowing its users to name alleged perpetrators of sexual assault….)
Consider the possibility that our collective energy is better spent forcing FetLife to make things better for us. And, consider, you do not need to play by the rules they set out for you. Ever.
This blog is my job. If it moves you, please help me keep doing this Work by sharing some of your food, shelter, or money. Thank you!
by Summerisle
12 Aug 2012 at 00:21
I can’t speak for others, but I rely on a kind of “soft” security to use FetLife. If someone like a co-worker sees my FL pics or writing, I can be fairly sure it’s because they created their own FL account. I’m OK with that. Sure, they’ve discovered that I have an FL account, but then they’ve got one too so they can’t act all shocked about it.
I’m much less OK with someone with no knowledge of FL coming across my kinky stuff. The fear is, with your little prank, you’ve exposed that to Google searches and casual browsing.
And as far as we all know, you are the first person to actually do this. You’re not really pointing out much of a “real” threat, since there’s little motivation to do what you did besides your own. Who would bother? Someone with a point to prove, I guess.
It’s a bit like you’ve gone to one of those remote rural communities where everyone keeps their doors unlocked, walked into an empty house uninvited, and left a security warning message on the pillow of the main bed.
by maymay
12 Aug 2012 at 01:13
The only reason I can see that you even have the temerity to believe that I’m “the first person to actually do this,” Summerisle, is because you are not paying any attention, so ensconced are you in your blissful ignorance. I am far from the first person to do it. And I even linked as much in my post, above. Since you may have the reading comprehension of an ant, let me highlight the parts you may have missed:
I have half a mind to turn off comments on this post if any more of them will be as willfully stupid as yours.
by Summerisle
12 Aug 2012 at 01:43
Someone else did an open proxy to the entire site? I missed that part.
by maymay
12 Aug 2012 at 01:50
Oh, I see, Summerisle, you object to the level of scale at which I made my point, but that’s all? I missed that part.
Also, hey, you might find this interesting. Also, and also, and also.
Need I go on? Don’t bother responding. I’ve made my point, and you’re getting blocked.
by Summerisle
12 Aug 2012 at 01:56
Sheesh, dude, relax. I’m not your enemy. I don’t mind you blocking me from your blog, but really, what was the point of that?
by maymay
12 Aug 2012 at 02:11
The point, Summerisle, was to make a fucking point. The point was to get people like you to stop pretending this isn’t a problem, because it is. The point is to get people to actually fucking respond to the issues, to actually force FetLife to keep their user’s information private, instead of constantly deflecting. I have been making the same points I enumerated in a huge number of other posts for a very long time now—for fuck’s sake, just follow and read the goddamned links, why is that so hard?—and every time I do it some ridiculously vapid person such as yourself comes along and distracts from it, which only feeds excuses and lies.
Enough. I could’ve linked your mobile phone number. I could’ve linked your home address. I found out all that and more in under 10 minutes after I saw your comment.
All that and a FetLife profile to boot. And with the FetLife Export tool I wrote, it’d take me about 30 minutes to download a full-text archive of your entire FetLife account history. It’s trivial to cross-reference all that with the other information you published about yourself. The point was to make the point. Thanks for volunteering yourself.
Don’t tell me to fucking relax. You, [Name], you need to stop spreading misinformation, to stop feeding the lies and the ass-covering bullshit from people like John Baku. People believe you when you do that because they want to remain blissfully ignorant of all this. And I won’t let that happen. So stop telling people like me to “relax” and start doing something actually useful, like pressuring FetLife and other service providers to bake in privacy controls from the get go.
by Thomas
12 Aug 2012 at 03:29
Maybe this analogy isn’t quite right, but here is how I see this whole debacle.
Imagine, if you will, a group of apartments are built within a gated community with a wall surrounding them all. There is a large gap in the wall that the landlord covered with a propped up plywood sheet, one that everyone could see if they looked for it, but for some reason they don’t see it. Their eyes tend to slide right over it because they a) aren’t looking for it or b) are used to it by now because it’s been there the whole time. Numerous people come along and point this out to the landlord, the people that work for the landlord, and the folks that live in the community. Everyone dismisses them, assuring them that everything is fine for one reason or another, such as a) the landlord will fix it eventually, or b) no one knows we live over here, so even if they can squeeze through the gap with the most minor of inconveniences they won’t.
Over time, the people pointing out the issue either get more vocal about the issue, or give up and walk away in frustration. Another person comes along, and after pointing out the issue for several years they draw up proposals for how the gap can be fixed. They lay out, in detail, the steps that could be taken to eliminate the issue and share them with the landlord, the tenants, and anyone else who is remotely curious as to how this could be fixed.
After being ignored by the landlord and reassured by the tenants that the gap isn’t *really* a problem, that the plywood does the job, this person rips away the plywood sheet and hurls it in the bin, leaving the gap open for everyone to see. The tenants flip out, now certain that nothing in their apartment complex is safe because they are just now realizing that none of their doors have locks, and the gate doesn’t shut, and on top of that there’s this gap in the wall that that person made!
Except, they didn’t make the gap – they just made it so the tenants could no longer pretend it didn’t exist. The wool has been pulled from their eyes and yet some still cling to it like a security blanket, insisting that the one who tore down the plywood has caused them this major issue when instead they should have been taking the existing condition of the gap to the landlord and demanded it be made right.
That gated community is fetlife, the gap is the minor barrier to content that making a free account removes, and the doors with no locks and the gate that doesn’t shut are the privacy controls that people don’t have, have never had, and assumed they did because their community was gated.
Those willfully ignorant tenants are the users, and the person who wouldn’t take “it’s not that big a deal†or “the owner will fix it eventually†for an answer is maymay.
by Tom Allen
12 Aug 2012 at 05:15
Let me help with some perspective.
It’s easy to think that only kinksters might use FL, and that you’re “safe” because, you know, if another kinkster finds you, then it’s okay because of the sacred bonds of the kink brotherhood will keep them from outing you. But non-kinky people know what kink is, and some of them – no, really – know how to register at kinky sites to look for things.
Imagine a man registered at FL, thinking that his personal information is secure. Now imagine an investigator registering at FL with the intention of trying to discover whatever he could about that man. The point here is just because someone registered does *not* mean that the person is kink friendly. One can simply look at the number of phony names on Facebook to see how such an action might work.
Pingback
by Guest post: Some Notes About FetLife’s (In)Security « Maybe Maimed but Never Harmed
13 Aug 2012 at 13:27
[…] as zealously as the most evangelical Bible-thumpers) has and continues to behave in horrible ways: FetLife—and many of the BDSM Scene’sters comprising its over a million users—shoot the mes…. To quote M. Scott Peck’s People of the Lie: A predominant characteristic…of the behavior […]
by Tyler
14 Aug 2012 at 14:16
I recently shutdown my FL account because of the fact that veil of security they purport to have is indeed a thin one. It should bother users that Maymay (or anyone) was able to make a proxy of the site, but the person to flame isn’t him. Flame FL, because you, as users, are how the site continues to exist. If they don’t listen to you, they don’t deserve your information (though I don’t think they deserve it in the first place, but that’s coming from someone who no longer uses their services). Make a stink about it – that’s the only way they will fix the flaws.
It’s FL’s responsibility to fix the issue, and, IMHO, they should thank him for exposing the issue and TELLING them about it. Instead of, you know, data mining the whole site maliciously, which is clearly possible.
Pingback
by No, the sky isn’t falling. It already fell, dumbass. » Not Just Bitchy
15 Aug 2012 at 19:00
[…] by attacking maymay, you’re just shooting the messenger. I’m not saying you have to like him, I’m not saying he’s never abrasive, […]