Stella is a privacy and inclusion training specialist. She does private training for targeted groups such as domestic violence victims and works with businesses that are interested in improving online privacy, and shares short privacy tutorials on her TikTok and YouTube channel. We asked you to share any questions you had about keeping yourself (and your nudes) safe online, which Stella answers below.

First, my broad advice for anyone:

1) Use 2 Factor Authentication.

2 FA prevents someone from being able to open your Facebook or Google account on a device that you have previously logged in to. It requires them to have a login and a code. More info on 2 FA here.

2) Use a password manager.

Lastpass is free to use, as is Dashlane. They are super easy to set up. Password managers store all your passwords in an online vault. You protect this with one master password. You install Lastpass on your devices, following the links to “add extension” (which is sometimes only available if you pay, but these are well worth subscribing to). Then the PM auto-fills your passwords for you. Some websites and platforms still do not support auto-fill, so it won’t work all the time. But it works for Facebook and many others. It is better than having to remember all your passwords and it keeps them secure. It means no one can see your passwords over your shoulder.

3) Turn off location services in apps and on your phone until you need them on.

So for example, Uber and Lyft require location to be turned on, but you can turn them off after the ride. As I will explain below, location ends up in metadata on your photos and you want to avoid that.

4) Consider using secure search engines.

Try duckduckgo, Tor or Privacybadger to make your internet searches more private and secure.

 

 

4/21/2020 ADDITIONS:

 

5) Make your accounts private.

Unless you use your Instagram or Facebook for professional purposes, it is worth making everything private. Then people have to request access. It is worth periodically going through your privacy settings to check they are all still set as you requested. You can also change your URL (or how people search for you) on Facebook, Linkedin, etc. I have made mine completely different from my name.

6) Watermark your photos and send them on timed chats.

Apps like Canva are simple to use and offer watermark options. Or just write the recipient’s name in lipstick on an area that won’t be cropped out! Then send via timed chat so they have from seconds to hours to keep that image. You could also use sendsecure to send and receive files, should you want an extra level of security.

7) Photo Safety: Turn off location access in your device camera.

Photos contain all sorts of information such as time, date, and location if you don’t remove them. This is called Metadata—specifically, EXIF (Exchangeable Image File Format). Right-clicking on an image to see “properties” will show you what is contained in any image. You can often remove data using that same menu on a laptop. On a phone, Fluntro or Photoexifeditor are useful. Equally, photo apps such as obscura (iOS only) are lovely and also show you clearly what metadata is in each photo as well as allowing you to change it.

8) Porn Pass - Hard Pass!

One of the best ways to navigate the proposed Porn Pass legislation is to use a VPN (Virtual Private Network). These change the location of your internet provider. So you can access content available outside your own country. There are many VPN providers—I use Protonvpn, but there are others. Just bear in mind that your VPN provider can still see your activity, so choose one that you trust and read reviews like this one.

You can also use Tor. Tor has been designed so your ISP (Internet Service Provider) cannot see what websites you are visiting—a Tor exit node does. To put it simply, a Tor exit node doesn’t know your IP address, but it does know what websites you are visiting, and any unencrypted requests (non-https) can be viewed by the exit node operator. This means if you use Tor to log in to a website that does not use https, the operator of the exit node can view your email address and password. To avoid this, only use websites that use https, and use a disposable email address if possible. You should avoid using your real identity while using Tor.

9) Turn off airdrop and rename your devices/wifi network.

In Settings/General/Airdrop, choose to only receive from contacts or no one. Often unwelcome photos arrive via Airdrop on public transport.  In addition, go to Settings/General/About and give your device any name but your own. This way your device will not identify you in public areas. This name is what will show up on your in-car Bluetooth-linked systems, so choose wisely!

10) Create disposable or junk email accounts.

Gmail and protonmail are decent free and secure mail accounts that you can use to create accounts for all those occasions where you need to register with an email, such as when you're using hotel or restaurant wifi. Or you can use AnyName @mailinator.com—just beware as any mail sent to mailinator is accessible to anyone. So it is excellent if you want to use a fake name to use store wifi, but not if you are signing up for anything in your real name.

11) Get a privacy screen.

These can be fitted by Apple and most stores or you can do it at home. They prevent someone from seeing your screen if they are next to you. You can also get ones that just rest on your computer screen while you work or browse.

12) Run your updates.

Make sure that you run all your app updates. These are like vaccines for your apps. It means that the latest security fixes will apply to the apps you use.

13) Change default passwords on connected toys, wifi set-up, home assistants— everything.

Make sure that anything you use that is internet or Bluetooth-connected has a password that you created. My Vodafone hotspot, for example, had a password of admin admin which meant that anyone could have used it. When I set up my We-Vibe and other connected toys, I changed all the settings, device names, and made sure no one could add me as a contact on the app without an invite.

14) Zoom.

Here is some excellent advice on using Zoom and other webinar apps securely. The TLDR is to make sure you never post a Zoom link to a public site and keep your room private. Using a waiting room and allowing entry to each individual is also a good idea. Zoom is not malware, it just like any platform: not always designed with privacy in mind. So it is not BAD as such, it is sadly just necessary to use it with privacy in mind.

Now onto your questions...

What are the steps you should take if a photo of yourself ends up online without your knowledge/approval?

The first thing you should do is notify the platform that is showing the photo. Most sites such as Facebook or Reddit have specific “help@” or “security@” email addresses that you can contact.  They are required by law to remove such content. Some are slow in taking action, but do not hesitate to escalate. You can find more detailed advice at the Cyber Civil Rights’ Online Removal page.

Is there anything magical I can do about all the nudes I’ve sent already? (Mostly shared through messenger and I don’t think there’s a way to delete them).

Unfortunately, these are not possible to retrieve.

My advice for the future would be to use one of the secure apps listed below, use timed messages, ad make sure there is no metadata like location in the pictures you do send. You can also use apps like Metapho, but they have in-app purchases. The Norton safety page has some good advice I have copied at the end of this article.

I occasionally get DMs on Tumblr from people asking for my Amazon wishlist, PayPal, or things in order for them to "spoil me." I’m not a cam girl, but I sometimes post bomb selfies or provocative pics, and that’s when I’ll get DMs. I only replied to one ever and he said he had specific photo requests so I ignored it. Tips on how to execute this safely in the future?

For payments or cash gifts, I suggest using Square or Venmo. Square is more confidential in setup than Venmo, although both are secure. Venmo has privacy settings—always check and make sure your profile isn’t revealing your name or personal details.

If you do choose to receive Amazon gifts, I would advise setting up a PO box or locker. Ideally not near your home. I would also suggest asking another person to collect packages for you.

With the pandemic, there are many more contactless and online payment systems set up. This is helpful in some ways for discreet payment and privacy.

Any advice for cam girls? What are ways to keep our location and identity safe?

Keep location services turned off on any devices you use to record. Use a camera cover so that you can avoid being viewed without consent. Even Mark Zuckerberg has a cam cover on his laptop!

Also, be really careful that nothing in the background of your shot could be used to identify you. So no mail, personal photos, college or other pennants, local sports team flags, calendars, mail order boxes, etc. Make sure blinds are closed so they can’t locate you from a window view. Even things like birthday cards can give away information about you or your family.

What are the best ways to keep my password safe?

The best advice is to use a password manager such as LastPass or Dashlane. These manage your passwords securely. They are explained nicely here. Simple and best advice is: do not reuse them, do not stick them on a post-it note on your PC, and try to use random numbers and letters rather than pet names or birthdays.

What apps are safest for sexting?

I strongly advise using apps such as Signal, Wire, Line, WhatsApp, and Threema. These are encrypted, so they cannot be read or intercepted. Wire and WhatsApp can be locked using 2 FA. They are all available in the Android and Apple app store.

Aside from WhatsApp, all of them offer a timed message option. It’s similar to Snapchat but more secure. All of them offer the option to delete a message for everyone. You can completely clear histories in Signal and Wire. Wire also notifies you if someone takes a screenshot of a conversation.

Additionally, I would not use your real name or number to set up any messaging service. Wire is good because it only requires a username. Use a name that has no connection to you at all.

To set up a messaging service or any account, I would advise using Proton Mail. This is a secure, encrypted email service.

If you use Gmail or another Google mail service, set up 2 FA on that account. That way you will also be notified if anyone tries to access it. The set up is explained here.

What "rights" do employers have (if any) if it is discovered that you have nudes online/do cam work? (In Maryland if that helps narrow it down a bit).

I am not legally qualified to answer this definitively. I would suggest that you check any employment contract to see if it has specific clauses relating to freelance work or “moral” clauses. Here I am thinking particularly of the Oxfam workers who recently were fired due to paying sex workers while abroad because they violated a specific contract clause.

As a separate point, you have a basic right to privacy as an individual. So an employer does not have the right to sanction you for private photos. However, make sure that you do not use work devices or send any pictures, etc. over your work network. This could be a breach of contract, but is also best to avoid in general! I advise people to assume that any work device can be and probably is being monitored in some way. So use them strictly for your work. Definitely consult an attorney or legal advisor if you have questions relating to employment law.

I hope this all helps. I am always delighted to help if you need more information. Wishing you all much love, luck, and happiness.

Norton safety page excerpt:

How Do I Get Rid of EXIF Metadata?

Windows Explorer makes it easy to delete EXIF metadata from one photo or an entire batch of photos at once. Follow these steps:

● Open the folder containing your image files.
● Select all the files you want to delete EXIF metadata from.
● Right-click anywhere within the selected fields and choose “Properties.”
● Click the “Details” tab.
● At the bottom of the “Details” tab, you’ll see a link titled “Remove Properties and Personal Information.” Click this link.
● Windows will ask whether you want to make a copy of the photo with this information removed, or if you want to remove the information from the original. Choose the option you prefer and click “OK.”

Resources

jessysaurusrex: Jessy has a great blog on security advice and is very approachable on Twitter.

Electronic Frontier Foundation (EFF): EFF are a wonderful source of privacy advice and advocacy.

The Smart Girl's Guide to Privacy: A Privacy Guide for the Rest of Us: @violetblue wrote this book, which could be very useful to all of you. I have it and base my talks around some of it. She is active on Twitter and posts lots of useful advice.

@sectrashpanda is an account I run as a privacy advice page, hopefully it might be useful.