Just as you take steps to protect your personal safety and health while engaging in real-life encounters, a sex worker should also be mindful of the dangers of the online world.
As we wrote in a separate blog post today, the sex worker forum MyRedBook, along with its companion sites, have been seized by the FBI in connection with a criminal indictment. This could potentially mean that sensitive user data is in the hands of law enforcement.
We will be watching the situation closely to see how it develops. In the meantime, we hope that sex workers take advantage of some of the tools other vulnerable communities have used to keep themselves safer from government oppression.
No tool is foolproof, but we believe the following may be helpful:
Use Tor
One of the major concerns with the seizure of MyRedBook is that, regardless of what names or email addresses site visitors used, they could potentially still be tracked via IP addresses.
There is a way to avoid this, one that has been used by individuals in oppressive regimes across the world. As EFF technologist Cooper Quintin explained in a recent blog post, Tor is a network and a software package that helps anonymize Internet usage. Tor hides the source and destination of Internet traffic by routing it through various relays across the Internet.
There are many options when it comes to Tor, but the easiest way to use it is to download and use the Tor Browser Bundle, a version of Firefox that comes preconfigured to use Tor. If you were technologically savvy enough to use MyRedBook, then you have the skills to install this piece of software.
Use TextSecure
Phone numbers associated with individuals who used MyRedBook may have been seized. Records of text messages are particularly vulnerable to surveillance and seizure by law enforcement.
For Android users, TextSecure is one way to lessen this risk.
TextSecure is a free, open source app that encrypts all text messages stored on your phone. When it is used with other TextSecure users, it also encrypts your text messages over the air. It can replace the ordinary messaging system on any Android phone. While it is most secure when other users also have TextSecure, the encryption of messages on your phone is helpful regardless.
Unfortunately, TextSecure is not available for the iPhone OS at this time, although it is in development.
Use good password security
Another concern around the MyRedBook seizure is that passwords may have been seized. Password security is one of the easiest and most overlooked ways that anyone can make surveillance and targeting more difficult.
Many people re-use passwords for various accounts, or use short, simple passwords. Instead, you should use complex, unique passwords. Pick something that you haven’t used anywhere, and change it regularly. One way to make this easier is to use a password manager to store long, difficult passwords, or even generate passwords for you.
KeePassX is an open-source program you can download for free. Once you’ve downloaded it, you can create a database to store your passwords. The database is secured by a master password. You should ensure that this password is very secure, and easy to remember.
Use disk encryption for your computer and mobile device
Full disk encryption is one of the best ways you can ensure all the private information on your laptop, phone or tablet stays private if it's lost, seized, stolen, or if you choose to sell or give away your device in the future. Without it, anyone with a few minutes of physical access to your device can copy its contents, such as e-mail, contacts, web browsing history, etc., even if they don't have your password.
The latest version of Windows, Mac, iOS and Android all have ways to encrypt your local storage. You just need to turn it on. On Android devices, disk encryption can be enabled under security settings. Enable BitLocker on your Windows computer, and on Mac devices enable FileVault. Linux distributions provide a disk encryption checkbox you can check during installation.
Encryption requires a strong password to keep your data safe. On mobile devices, the disk encryption password is usually the same as your screen lock password, so make sure you use a strong, hard-to-guess screen lock password.
Remember, none of these tools can completely anonymize you—but they can help anyone who wants to engage in free speech without government detection.