Cybersecurity Part Two
By The Sex Ed
Illustrated by The Sex Ed
In the first part of our series on Cybersecurity, we got practical tips on how to stay safe online. It’s especially pertinent information, as more and more information comes to light about the ways that our privacy is—and can—be compromised. For the second part of our series on Cybersecurity, we are going to hear more from hacker and security expert Thèo Anastos, as well as victim’s rights attorney and founder of cutting edge law firm C.A. Goldberg & Associates, Carrie Goldberg. Carrie was a podcast guest on The Sex Ed Season 2 and is the author of Nobody’s Victim: Fighting Psychos, Stalkers, Pervs and Trolls.
In the podcast episode, Liz talked to Carrie about how she’s leading the fight against revenge porn. Carrie told listeners about a number of her cases that show how easy it is to abuse the online platforms that we use every day, including a lawsuit that she has brought against the dating and hookup app, Grindr.
Liz caught up with Carrie to ask about how the pandemic is affecting her clients; what cyber abuse she’s been seeing; to how you can send a nude in the safest way possible. Cybersecurity expert and ethical hacker Thèo Anastos chimed in to give his best tips for cyber safety.
Location Privacy
Liz: Many governments right now are using anonymized individual’s location cell phone data to measure how people are complying with mandates for isolation, self-quarantine and social isolation. I know obviously a lot of that is necessary to control the spread of COVID-19, but how does that affect us long term?
Carrie: I have the same question. I think the cell phone tracking that we can see in those beautiful graphs, like the one that showed us where all the vacationers in Florida went after they left the beach. I mean that was remarkable.
But I can predict that that calculation, that balancing act, is going to kind of correct itself as soon as this crisis is over. By then it's like what data do these companies already have on us? We also have to deal with the fact that some of our biggest tech entrepreneurs are also involved in the healthcare issues here, like Bill Gates. So there's a concern about how they're going to harvest our health data too.
[Ed. note: the ACLU recently released a white paper about the limits of tracking during an epidemic, suggesting that it may not achieve its desired outcome of limiting the spread of disease, and that by loosening restrictions on tracking individual’s data, it may do more harm than good. The paper can be read in full here.]
Zoom, Privacy Policies & Sex-stortion
Liz: ZOOM recently reported helping “over 300 million daily meeting participants stay connected during this pandemic. What concerns me is how many of my friends are just using Zoom or apps like Houseparty to have private conversations, and not aware that they've clicked agree on these privacy policies, which allows applications like Zoom or Houseparty to collect information. How do we make people more conscious of looking through these rather text heavy documents?
Carrie: I feel like people only care when they've been injured from some sort of privacy violation. I think it is really hard to care about privacy in the abstract for a lot of people. Many people will compromise privacy in exchange for convenience, and aren't super worried about the surveillance that these companies do because these products are just so useful and usable and we become dependent on them.
I think it's going to take like a groundswell of users to put pressure on the platforms to change, or it's going to take some sort of really major breach that people actually care about, whether that's finding out that these companies are recording us and sharing it with other tech companies, or somehow doing something else to share our user data.
There is also a lot of abuse that's happening right now under quarantine—a lot of it's in real life, people who live with their abuser, and a lot of it happening by offenders who are bored at home and their victim is a sitting duck. It's a scary moment and it's also scary for people who are recovering from abuse, especially when they're the victims of stalking and their devices are symbolic of these things that were used to harass and hurt them, and now suddenly they're having to Zoom chat into work meetings and be on all these Slacks with their colleagues, and it's just super fraught for them too.
Liz: We don't like Zoom here at The Sex Ed, because it's not encrypted. They have a lot of problems with their privacy policy, and I feel like we're one step away from Zoom orgies at this point. And I know you're very active in the revenge porn, but that just seems like a huge open door for people to be releasing sex tapes that they don't know that they're being filmed.
Carrie: Those are definitely things that would be susceptible to Zoom bombing and Zoom recording. Zoom has been on my shit list for about five months now, ever since The New York Times issued their expose into child sexual abuse material. One of the things the article talks about is how predators were live streaming kids getting injured, abused and sexually abused. That was happening on platforms like Zoom and Facebook Messenger.
The CEO of Zoom is acting like he's just awoken to the idea of online harassment. But do you not have any women on your team that could tell you all the different ways that your platform could be abused? But also, it was in The New York Times. What have you done to fix it since then?
I think one of the reasons user safety isn't prioritized, is because these companies have no liability for failing their users. There's this law that went into effect in 1995 called the Communications Decency Act, which basically gives these companies broad immunity from any sort of civil lawsuits. So we cannot hold these companies liable the same way we could for product liability issues, like if the brakes in our car went out, or something like that. Rather than hiring all these people to do content moderation and to be putting in all these great security safeguards, these companies just pocket that money and it makes them richer.
Liz: What about “Sex-stortion”?
Carrie: I think the main thing is just how many people are whipping their dicks out to people that are DM’ing them on dating apps and social media, and I've just never seen this huge increase in guys just immediately whipping their dicks out and then being blackmailed.
I’m getting three or four client inquiries from people who have claimed that they’re being sexstorted, everyday. In situations where a guy is maybe on a dating app and gets direct messaged by some super hot chick who's like, "Hey, let's meet over on Kik." She then seduces him and pretends to strip, but really it's a recording, and then he masturbates in front of his camera and five minutes later he gets a message saying, "Give me $1,000 or else your video goes to all of your Facebook friends," and then there'll be like a screenshot of the Facebook friends. Are people more trusting and gullible right now, or is it that a new more gullible type of person is exploring the internet and all the different pornographic possibilities of it?
I wonder if being cooped up all the time, if people’s risk tolerance when it comes to online behavior has increased a little bit, because we’re so under-stimulated with our surroundings that maybe we’re looking for more stimulants online.
Liz: With meetings being held online, what can we do to ensure our information doesn’t get stored, sold, leaked?
Thèo: Zoom and Google Hangouts are applications that people have been using, but the ones I recommend are going to be FaceTime, Signal or something like Skype.
If both users have a Skype, FaceTime and/or Signal account, it provides an end-to-end encryption. For example, let’s say you're FaceTiming someone, anything you have sent, be it audio or text messages, it only resides on the phone you've sent it off and then the device that the person is using to receive it. It's not going to end up somewhere in the cloud in storage.
Google Hangouts is not like that and so anything you send does get stored, same with WhatsApp or really any social media apps. A lot of the messages people send through those aren't actually private because they do get stored by the company.
Liz: How important is reading privacy policies?
Thèo: although it might be a hassle for reading the terms of service and the privacy policy is definitely recommended. The terms of service are essentially letting you know what you can do with the app, so you don't run into any issues where you could be misusing the app. And then the privacy policy is the company's intention of what they're going to do with the app. And so a lot of companies will have to say whether or not they intend to keep personal info and use it to give to a third party or other things of that nature.
So just reading the terms of service and privacy policy of an app before you download it, will really let you know what is happening when you use that app. As well as looking into who is behind the app like where the company's from and that company's reputation.
Dating Apps & DMs
Liz: How secure are dating apps?
Thèo: There are two parts to this. The first is the app itself and the company, and then the second is the people you meet on the dating apps. And so for the app itself, you just again, make sure to read the privacy policy. And if that company is intending to use your personal info to give to third parties for profit, then you just want to be aware of that.
And then in terms of the people that you meet on the app, just be careful. Do the research on them as well. Make sure you're not getting a fake name or any fake information that might lead to them being a little suspicious.
Liz: How can we protect ourselves moving from URL dating to IRL?
Carrie: My colleague and I were actually talking about it a day or two ago, and she made a really good point. She said there's now all the first dates are digital, and it's actually a really good way to screen somebody before meeting them in person. Before dating apps, in some ways things were safer, because we would meet somebody in real life at a bar and if they gave us a bad vibe, we'd notice it in a way that we wouldn't necessarily notice it through just digital communication. But now this is kind of a happy medium with the Zoom dates and things.
Liz: How can we vet potential partners we meet online?
Thèo: I think now that people are maybe a little anxious about the pandemic situation, they're just in general, more vulnerable and maybe overlook some red flags that are coming.
You want to do an evaluation of each individual at a time and meet them in person. Like when buying fruits and vegetables, you want to check out the fruit or the vegetable at the grocery store and make sure there's no flaws.
If the person's too eager to please, I would say that's one of their red flags. Or if they're fishing for information like address or maybe if they're talking how much you make. Just anything that you wouldn't necessarily even disclose with a close friend, maybe I would just make sure you're not giving off any, too much personal information about yourself.
And too many coincidences—if they seem to be perfect or know what you're thinking. I'd say that's a red flag because then they might be actually stalking you or trying to figure out what your interests are in a malicious manner.
Liz: What steps have you suggested people take to be proactive in terms of taking our safety and privacy into our own hands, because law enforcement isn't just not set up to protect individuals from stalking and harassment, especially women? So much of this starts online. It starts with dating apps. It starts with Instagram DMs.
Thèo: In real life you can look out and maybe go to a self-defense class [once quarantine is over.]
And then self-defense virtually, if you're getting trolled or threatened by someone, it's always a good idea to not reply to them, not keep in contact with them but also make sure you don't delete any of the texts or emails they may be sending to you. The reason for this is because if the threats start to increase or they start making life-threatening texts, you can always file a claim or take it to local law enforcement and if you had deleted them you wouldn't have any evidence.
Gavin de Becker has a book called The Gift Of Fear. And in that he describes essentially that it's just very important for you to cut any communication with the troll. It's better to not give them the attention and it makes them talk a little more. If you're not replying, then they might slip up and give you something to use for a lawsuit or to take to law enforcement to nail them with it.
Liz: I love The Gift Of Fear. It's tough to read, but it was very life changing to me. One of the things he really drills in is how important it is to tune into your intuition. If you meet someone online that seems too good to be true, they are literally your perfect ideal person, then probably they are too good to be true and you should back away. That you're wanting to look for the imperfect person, the person who has some flaws because we're all human. And if we're pretending to be you the most amazing person possible, it's very likely we're lying.
Carrie: This is what I devote so much of my practice to, is dealing with people who are the targets of ongoing, relentless, egregious stalking. And oftentimes there was a relationship that ended poorly, and then the stalking emanates from it, if the victim wasn't already being surreptitiously stalked during the relationship. A lot of our clients find out that their devices were being monitored, and that there were GPS trackers on their vehicles and stuff while they were in the relationship. We segment our offenders into different categories, and by far the most dangerous ones are the ones who are just absolutely focused and lose touch with everything else in their life. We work on getting orders of protection for our clients through family court. But really, our government has a monopoly on who gets arrested, and these people that are completely focused on, and obsessed with somebody, can't be stopped with an Order of Protection or a Cease and Desist or a lawsuit. They can only be stopped, in my experience, by being put in jail, and being out of access to their victim. They're not scared of lawsuits or family court. In fact, those things are kind of appealing to them because it means that they get to see their victim. I think that what is most necessary is for our law enforcers to take stalking really, really seriously and see it as an immediate emergency that requires immediate action.
Liz: What are some tips for people that are sending or exchanging nudes that we can communicate? What are some sort of brief sentences that we can communicate to the person that's on either the giving or receiving end of the nudes to clearly state that these are meant for you only?
Sending
Carrie: You can start by just saying, "I'm sharing these with you only. Do you understand that?" And see what the person says. But there are tips for ... If you're the sender, don't include your head if it's going to somebody that you don't know. Don't have anything in the background that would identify you like your college diploma, or a mug that says your business's name. If the person that you're communicating with is putting a lot of pressure on you to share images, even after you say you don't want to, that's a really good indicator that they're not going to honor your consent when it comes to nonconsensually distributing the images after they receive them. We find that when people are pressured to share, that's when the offender's most likely to be an asshole who disseminates the pictures.
For receiving
Carrie: I have advice for recipients of intimate images. I think you should be grateful that you're receiving them in the first place, and it's up to you to protect the privacy of the person that was generous enough to share them with you. And there are revenge porn laws in 46 states. So it's criminal to share them, to put them on the internet, to send them to your friends over Facebook Messenger. So just don't do it. Don't jeopardize your own liberties for a really shitty thing to do to somebody else.