Kink in exile

Notes from a kinky nomad

Disappointed

Today I am incredibly disappointed with chosen ignorance.  I am disappointed in people who choose to shoot the messenger rather than realize that their assumptions about security have been incorrect and I am disappointed in community leaders who continue to willfully mislead their site’s users into a disastrous sense of security.

If you can not afford to be outed you can not afford to use Fetlife.  Not today, but also not yesterday or last year.  The site offers no security, which Fetlife should have informed you of more clearly.

As daivox pointed out:

Anyone assuming that anything they post here is private is fooling themselves. It may be harder to get to, but all it takes is one compromised trusted account (a “friend”) one time, and your “private” stuff may become available forever. Not me being a dick, just simple computer security truth.

Or as EvilSeraph put a little more emphatically in response to another comment:

“However, I don’t expect a site who usually has to be logged into to see to be out there for the world to see. Distinct difference.”

No, there isn’t. You can’t even be considered naive, since you are apparently aware that anything you put up here is, in fact, freely and publicly available. You are, IMNSHO

A FUCKING MORON

and deserve whatever approbation, embarrassment or other difficulties caused by your revealing sensitive details

ON A FUCKING PUBLIC SITE

(Emphasis his)

Fetlife lacks security.  This isn’t news. To anyone.  WoD explains it as follows:

This is a NON-ISSUE

It is not reasonable nor proper for that guy to setup a proxy to do that, but its not a major security hole. Certainly nothing that should cause anyone to suddenly remove face pictures.

Why?

Because anyone can already gain access to all this content by merely creating an account (real or fake). No verification that the person is a “real/true” kinkster occurs. Its just like every other Internet site, you simply sign up and get access. Sign up and presto, you have an empty account that grants you access to all public FetLife content. The same information that proxy provides access to.

In fact, signing up for a new account (be it real, fake, sock puppet or whatever) would probably be easier than trying to use the proxy.

So, really, this proxy changes nothing.

WoD is almost right.  A proxy changes nothing in the actual tangible security of your information, but it does force you to face the truth.  A problem that some Fetlife users seem to be dealing with by taping their blinders firmly in place.  John Baku for his part having recently spoken to his own breach of community mores took this opportunity to assure users that the proxy has been blocked, but did not for a moment address the actual concerns around privacy on Fetlife.  Far be it for Fetlife to disabuse users of their idea of utopian secret garden on the World Wide Web, that would create a breakdown in the blind trust users seem to put into the site.  It would also be ethical.

Written by kinkinexile

August 10, 2012 at 11:12 pm

Posted in community

6 Responses

Subscribe to comments with RSS.

  1. This is NOT a non-issue. I’m TOTALLY aware that FL is not safe/secure/private. I totally get that it’s easily hacked and that there is practically no bar to entry. But you know what? There is the bar of MAKING A DANG ACCOUNT (or taking the effort to hack). Yes, everyone and their dog *can* make an account. I’m ok with what I put on FL being available to everyone and their dog who CHOOSES TO MAKE AN ACCOUNT. I’m not ok with it being proxy’ed out so that people can (with essentially NO EFFORT) see that information while choosing NOT to make an account.

    trusthynenemy

    August 10, 2012 at 11:57 pm

    • Can you explain why the process of making an account (or borrowing a friend’s) makes you feel that much safer?

      kinkinexile

      August 11, 2012 at 12:02 am

      • Who said it’s about safety? Privacy is more than safety. It’s also about degree of visibility. The conversation you have with a friend out loud in a random coffee shop is probably not the same one you would have on national TV. Both of these are public venues, but one of them is more visible than the other.

        Requiring a login, even a trivially acquirable login, to view content is reducing the visibility, even if it’s not increasing the security. It prevents major search engines from indexing the content and (generally) requires people to have a general idea of what they’re looking for to find it.

        That *is* a nontrivial difference.

        kitn

        August 11, 2012 at 11:33 am

  2. Kitn, that’s an interesting distinction and to some degree I am curious as to how much you have to know what you’re looking for in either situation (proxy vs fetlife), but there is one very important thing that given some of the beliefs I’ve seen come out of Fetlife’s users I have to throw out there:

    A conversation with your friend in a cafe is private by default and public through effort because it is not recorded. It is temporal, and it is in a context which you control. I don’t want anyone, not for a moment, to think that a conversation on Fetlife is like a conversation with a friend albeit be it in a public space. Conversations in Fetlife are recorded and they are recorded for all of Fetlife users be they kinky, curious, or malicious. It’s more like passing out a transcript of your conversation to everyone in the cafe then whispering in your friend’s ear and trusting your friend not to share.

    I’m not saying people don’t deserve privacy, I am saying and have been saying that Fetlife is doing a piss poor job of providing privacy OR security and it’s users are not well informed on the matter.

    kinkinexile

    August 11, 2012 at 11:49 am

    • The specific example I used wasn’t important – the idea of degrees of visibility was what it was trying to convey. Permanence doesn’t just throw visibility out the window – for instance, a doctoral thesis is generally stored permanently and publicly available somewhere, but that doesn’t mean that most people are going to read it. If someone is specifically looking to dig up information about you and knows that you have a doctorate, they can probably track it down, but if they’re just casually browsing books in a library they’re not going to stumble across it.

      I agree that FetLife does a subpar job of providing privacy, but I don’t think that eroding that privacy further is an ethical answer.

      kitn

      August 11, 2012 at 11:58 am

  3. […] If you use FetLife–and there are many good reasons to do so–please educate yourself about privacy and how to protect yourself on the site. I recommend the following security measures. But at the end of the day, if you cannot afford to be “outed,” you probably can’t afford to use FetLife. […]


Comments are closed.

%d bloggers like this: