Fetlife privacy or lack there of
A few weeks ago, Maymay presented a fetlife exporter/backup tool at KinkForAll San Francisco 2. This, along with a couple other privacy related conversation at KFASF2 and the related feedback directed both at me and at Maymay, got me thinking. About privacy, yes and always, but also about how people perceive privacy and others’ understanding of it.
The first response I got, almost immediately, was in the “well of course it isn’t private it’s the internet!” camp. This range of responses seeks to dismiss concerns over privacy and security flaws in Fetlife by asserting that anyone who thought Fetlife was private in the first place is a poopy head.
There’s a problem. While the line of reasoning is generally correct – Fetlife is on the internet and therefore not private – that doesn’t stop people from treating Fetlife as private and sharing potentially damaging information via the service; perception is reality and Fetlife *feels* like a private clubhouse. Contrary to popular belief, however, this is not because some users are poopy heads. Knowledge of how your data is stored, accessed, and used is pretty technically savvy knowledge. That, or it is digital native knowledge – it is common sense, to the average 16 year old, that anything you post on the internet can be found by your classmates, parents, and friends, but applying this knowledge to Fetlife requires unlearning socially coded knowledge, which many older or less tech savvy users may have ingrained. So, while you might know that Fetlife isn’t private, I am unconvinced that all Fetlife users know this by default.
Fetlife is a BDSM community site, like the local dungeon it is safe and will protect my privacy.
False. Fetlife uses the goodwill and trust you’ve built with your local scene, especially the subcultural mores you learned before the internet was popular, to make you feel safe. This community goodwill does nothing to protect your data, however, because Fetlife has extremely low barriers to entry. Anyone – you, your boss, your mom, your estranged spouse – can get a Fetlife account. Furthermore, unlike in your local dungeon you can’t see them watching you.
Fetlife is better for privacy than Facebook.
Fuck if I know, but someone actually said this. This is sorta false. Which is to say, Facebook is not a safe space to put your deepest darkest secrets, however, I believe Facebook is safer than Fetlife in a couple of interesting ways. Facebook allows you to customize how and to whom your data is presented. It has user specific content segregation, meaning you can show something to your friends but still make sure your mom can’t see it. You can show something to people you know and their friends but not the world at large, etc. Fetlife does not. Any content you post to Fetlife’s forums, event pages and so forth is available to all other Fetlife users, and as we just heard, getting a Fetlife profile is trivial. As you can see, quite a bit of information is collected, but with the exception of your email address nothing is verified.
Then conversation about Maymay’s exporter tool heated up with the second and rather more bizarre thread of conversation that can be summed up as “how dare you!” and/or “this tool makes Fetlife unsafe!” Sadly, no, Fetlife has been unsafe far longer than this tool has been in existence. To my understanding, and more technical minds please correct me if I’m wrong, but this exporter tool doesn’t allow you to access any information not already a) public or b) accessible to the account you’re using this tool through (i.e. your account). And as we’ve now seen a half dozen times in this post alone, a Fetlife account is trivial to get.
The core of the problem is that Fetlife wasn’t designed for privacy. Instead, it depends on goodwill to protect its users. You know, your vindictive former spouse’s goodwill and agreement not to create an account, download the naked pictures you’ve posted to Fetlife, repost them to facebook, and tag you.
Fetlife does not protect users from each other, but it does isolate conversations from the rest of the internet. That sounds like safety, but is actually a gross approximation of such. When I use Facebook I can post a status that I only want close friends to see, when one of them links to it outside of Facebook any users not in that category “close friends” will not be able to access the content. Not so with Fetlife – you post something to Fetlife and a friend links to it from outside of Fetlife, sure enough anyone following the link will be presented with a page that explains that this content is only available to members. They can then sign up and access your content. It doesn’t matter if you know them, trust them, or are working for them: they can make an account and access the content you create.
What does an exporter tool do? Well, first it lets you export your data. Lets say you are looking for a job, you live somewhere conservative, and just to be super duper safe you want to take down your Fetlife profile. But maybe you’ve used it extensively for years and you don’t want to lose everything you’ve written. Well, now you have a backup option, go you!
The part that people seem to find frightening though, is that this also makes their content searchable. In its current iteration, I believe, it makes content that you created and then exported searchable if and only if you then post it somewhere outside of Fetlife, like a website you create. That is to say, if you do extra work to make it searchable then it will be searchable. What people fail to note, however, is that this content was already public. Your data was already vulnerable, there was nothing to protect it besides hobbled search capabilities, and as I’ve said before your biggest security threat is someone who knows you, and they know how to find you.
So what’s the takeaway here?
If the idea that Fetlife is completely open access once you’re inside A) makes sense to you (you know what that means) and B) doesn’t surprise you (you knew this was the case) then you are probably already treating Fetlife in a way that protects your privacy namely by not creating and sharing content you don’t want your mother and your boss to see. Either that, or you’re very comfortable with your mother and your future or current boss seeing naked pictures of you on the internet.
If, however, the above doesn’t apply to you, then you need to know that anyone with a Fetlife account can access any content you create. Furthermore, you need to know that the only thing stopping them from posting things like screen captures of things you’ve posted or from downloading and reposting your images, technically speaking, is goodwill. Yes, doing so will violate the Terms of Service, but violating the TOS will simply have that account banned from Fetlife, forcing the user to rather inconveniently make a new account.
And finally, if you are a digital native and unsure as to why this post needs to exist, consider that Fetlife’s user base includes a population that is very experienced with BDSM but not very experienced with the internet. Not everyone understands that a walled garden is a faulty privacy model.