
Protecting Your Anonymity: A How-to for Sex Workers - panarky
https://www.eff.org/deeplinks/2014/07/protecting-your-anonymity-how-sex-workers
======
panarky
If Redbook users listen to the EFF and start using Tor, how soon before
there's a redbook8x7r8ewjk.onion version much harder to take down?

~~~
thejosh
This may sound like a very stupid question, but with Tor I've seen URLs where
they have whateverxx9191.onion, i'm guessing the first part is randomised, how
hard is it for them to get the first part of their name?

Is there a program or script that just keeps generating until the minimum hit
(redbook* would be acceptable etc) is made?

~~~
sirsar
There are a few different programs that will do it, but it comes down to brute
force, so the difficulty depends on the length.

[https://github.com/katmagic/Shallot](https://github.com/katmagic/Shallot)

[https://github.com/lachesis/scallion](https://github.com/lachesis/scallion)

~~~
tomjen3
FYI I just checked and Shallot is entirely CPU based, so for brute forcing
there is no point in using it at all - Scallion (open cl) will always be much,
much, much faster.

------
djent
Even the EFF now is recommending Bitlocker. Interesting.

~~~
Spooky23
Is there some sort of inside joke that I'm not aware of re: BitLocker?

By default, it does key escrow. It's pretty trivial to disable that. Other
than that, I've yet to hear any substantive reason why I wouldn't use
BitLocker.

~~~
michaelt

      Other than that, I've yet to hear any 
      substantive reason why I wouldn't use 
      BitLocker.
    

The thinking goes like this:

1\. RSA released software with backdoors, at the behest of the NSA.

2\. Therefore, the NSA has the ability to make companies release software with
backdoors.

3\. The FBI and British governments are known to have asked for backdoors to
be included in BitLocker.

4\. Therefore, the NSA has the motive to have a backdoor put in.

5\. Microsoft have not proved BitLocker /does not/ contain backdoors.

~~~
dijit
But you have to run Windows on bitlocker.

so you've already handed over your machine no matter what FDE you use.

certainly trusting less people is better than trusting more, since _any_
nefarious third party in this scenario already has the keys to the kingdom.

~~~
cookiecaper
Full-disk encryption is primarily used to protect _offline_ volumes. If no one
can boot your disk, it doesn't matter if Microsoft can upload its entire
contents to the NSA once Windows is started. The concern is that a flaw in
BitLocker's FDE would make it vulnerable to attacks while the volume is
offline.

FDE doesn't really protect online volumes. Yes, the disk is still encrypted,
but the OS transparently decrypts any requested sector, so other security
measures are necessary to protect mounted volumes.

------
paletoy
I do wonder about technical solutions: are there any decent way to write sites
that would:

1\. Run in the browser.

2\. Would be anonymous.

3\. Would use an anonymous host.

4\. Would encyrpt every private message, and would have clear differentiation
between public and private content.

5\. Would have an easy option to download an extension to offer greater
security.

6\. Would enable average programmers to build sites with it.

Is there something like this? And if not is it technically possible and what
are the technical challenges ?

~~~
diafygi
Yes! The basic philosophy is called "unhosted"[1], and there are several
libraries that are made to help build unhosted apps. For example, I made a
library called byoFS[2] that let's users connect Dropbox as an encrypted data
store. It has several proof of concept apps like an encrypted diary[3] and
end-to-end encrypted chat[4].

[1] - [https://unhosted.org](https://unhosted.org)

[2] - [https://github.com/diafygi/byoFS](https://github.com/diafygi/byoFS)

[3] -
[https://diafygi.github.io/byoFS/examples/diary/](https://diafygi.github.io/byoFS/examples/diary/)

[4] -
[https://diafygi.github.io/byoFS/examples/chat/](https://diafygi.github.io/byoFS/examples/chat/)

~~~
paletoy
This looks great ! I'll be looking into deeply later on.

For those seeking simpler explanation of this look at [1], 7th paragraph.

[1][http://readwrite.com/2010/12/24/unhosted#awesm=~oIRyT1V2mrAL...](http://readwrite.com/2010/12/24/unhosted#awesm=~oIRyT1V2mrALff)

------
thegeomaster
I fail to see how this advice applies specifically to sex workers. What I see
is a (good) guide on how to protect your privacy and keep your personal data
from prying eyes in the general case. You will be at risk of seizure,
surveillance or examination if you're doing less serious and more passive
stuff than a sex worker has to do.

EFF could maybe come up with some advice that will narrowly target sex workers
in this case. They mentioned MyRedBook was used to screen clients and keep
from predators, so perhaps some advice on how to do that now the site's down
will be valuable?

~~~
davorak
It seems to be about giving timely advise given the recent take down of of
myredbook.com

[https://www.eff.org/deeplinks/2014/07/whose-redbook-why-
ever...](https://www.eff.org/deeplinks/2014/07/whose-redbook-why-everyone-
should-be-concerned-seizure-myredbookcom)

hackernews thread:
[https://news.ycombinator.com/item?id=7974203](https://news.ycombinator.com/item?id=7974203)

------
bayesianhorse
I still believe "consent" and "free will" are overestimated when talking about
prostitution...

~~~
queerty
You don't understand what 'consent' means, do you?

~~~
bayesianhorse
I mean that in the sense that a prostitute needs to consent, and be able to
consent, to have sex with a client, otherwise it's rape, not a business
transaction.

Turns out, a large proportion, in some situations the majority, of prostitutes
can't even consent. They are underage, drug addicts (often not through a
conscious choice but through pimps forcing the addiction), regularly beaten
and/or they often are illegal immigrants (less legal protection).

That is why I say people overestimate the "free will" involved in
prostitutions. Especially in the lower end you will hardly find prostitutes
with clear cut cases of "I do it for the money". In european countries often
they could have a better life living on welfare.

And no, catching welfare payments is normally not more demeaning than getting
essentially raped multiple times a day.

------
truthmagnet
EFF are in full drama mode now. They have lost all credibility with me and
I'll never, ever donate to them again.

P.S. If you want to be safe from many online and offline predators, don't get
into sex work.

~~~
paletoy
Let's assume you start with the premise that preventing surveillance if a good
thing to do. In general, rational arguments won't get people to act. Drama
might.

But this post does seems like a reasonable post if you try and imagine it
through the eyes of someone who worked in myredbook.

> don't get into sex work.

That's not a good reason for them to be exposed to harm.

------
frozenport
I always felt this was the point of the Glory Hole
[http://www.urbandictionary.com/define.php?term=glory%20hole](http://www.urbandictionary.com/define.php?term=glory%20hole)
?

I feel the EFF has overstepped. At the end of the day, these people were
committing crimes, an article dedicating to protecting their privacy, and
impeding the law, is in bad precedent and has little to do with internet
activism and more to do with prostitution laws.

~~~
skrebbel
I have no idea why you're being downvoted. This thread isn't about "should
prostitution be legal".

~~~
netcan
I'm not sure if this is downvote worthy. It's certainly not upvote worthy.
"Stick to glory holes, hookers!" probably puts it into the negative range.

In many cases sex workers are breaking the law. So are various journalists,
bloggers, twitter users, homosexuals in a variety of countries. EFF & Tor
often aim to protect people from official persecution under the law in their
countries. Illegal does not necessarily equate to immoral.

This article and the articles it follows on from are in fact partially about
protecting prostitutes from legal action and from the indirect consequences of
legal action.

EFF: _The seizure is part of a disturbing trend of targeting sex workers_

Bay Area Sex Worker Outreach Project: _we also lost extensive online forums
for a community of sex workers to keep each other safe, screen clients, and
blacklist predators._

The bigger context of the article is what it means for anonymity, freedom of
association and free speech if an allegation and subsequent warrant can lead
to extensive records of everyone associated with a site being collected and
filed.

Imagine a forum dedicated to recreational drug use (one of the first online
discussion groups). Various people participate anonymously. Crimes (eg selling
supplying drugs are committed. The site is frequented by drug users,
advocates, maybe even rehabilitation professionals. A warrant results in full
records of every participant being leaked.

If you can't see the damage done to the right to free speech and association
by that, you are blind.

The comment boils down to 'Prostitution is illegal therefore protecting their
anonymity is wrong.' It doesn't understand the bigger point about the meta
issues. It's unintelligent. Flavored with 'glory holes, hehe' it deserves a
down-vote.

~~~
cwyers
The thing is that in the United States, the right to free association has
never been taken to be a right to associate for the purpose of committing
crimes.

The 'glory hole' thing in the original post was crude and pointless, I agree.
But the EFF here is straight up providing a guide to a category of persons who
are vocational criminals on how to do a better job of hiding their crimes from
the police. (The primary purpose of the site the FBI seized wasn't discussion,
it was solicitation -- the EFF never gets around to admitting that, that I've
seen, which AT BEST means they're unintentionally misleading people in the
course of their advocacy.)

I think a lot of people who supported the EFF in the past did so with the
understanding that they were protecting a lot of speech freedoms and privacy
rights. And yes, prostitutes and their clients do have speech and privacy
rights. But they're also breaking laws that have nothing to do with speech or
privacy, and the website was taken down in accordance with a reasonable police
investigation into such matters. If you think prostitution should be legal,
that's an entirely separate discussion, to my mind. But the EFF is moving into
something that seems really close to straight-up providing advice for
criminals in how to get away with crimes. And these aren't crimes against
repressive regimes, or civil disobedience, or anything related to what I
would've thought of as the EFF's mission. It makes me a lot less comfortable
with the EFF being the leading spokesman for digital freedoms.

~~~
netcan
IMO, there are several ways of looking at this. One way to see it, which is
possibly the position of the EFF and the sex worker support organizations they
cite see this is as an unjust law which amounts to legal but immoral
persecution of vulnerable people, prostitutes. Parallels could be a gay dating
site in Jamaica or a political dissident forum in China.

From another perspective, it's one of those grey areas where you agree the
activity should be illegal but prostitutes should be treated as victims or
vulnerable persons.

Parallels to an information site for recreational drug users or a needle
exchange. Harm reduction instead of law enforcement. Association is important
here.

This represents a loss of a resource which provides them support and helps
them bring down their risk of harm. More worringly, it's bullying. Creating a
fear of that any associations will be persecuted.

From the perspective most natural to the EFF, the problem is exposing everyone
because a few are suspected of criminal activity. Not all sex workers are
criminals. But because some (allegedly) criminal activities happened on the
site, everyone associated with it is compromised.

All together, this amounts to tactics fro preventing free association and
speech. It's staring off by targeting a group that no few will openly defend,
prostitutes.

I personally am sympathetic to all these views. I think prostitution (to the
extent that it is consensual) should be legal. I think that if it is to be
illegal harm reduction is much more important than enforcement. Arresting
prostitutes is like jail-time for illiteracy.

The most scary thing out of all of this is the exposure of anyone and everyone
that has visited or registered on these site. It starts with some marginal
group where many/most are breaking the law, some are breaking the law on the
site and everyone is marginalized by society. From there we gradually get to a
situation where any online criminality leads to massive data seizure and
exposure of anyone associated with the site.

Logged in to a body building site where some people sold steroids on IM, on a
list. Commented on a blog discussing civil disobedience where some petrol
bomber hung out, on a list.

