First of all, I’m by no means a security expert. For advice from an actual expert who did actual research, you should really buy a book like Violet Blue’s The Smart Girl’s Guide to Privacy. That said, I’m going to talk about some simple safety stuff and why it’s important, and you can decide whether or not I’m full of shit.
1. Username/handle/profile name – particularly on Fetlife, this should not be a name that you use anywhere else. Using the same name in more places makes you easier to google. Being easier to google makes you easier to find in real life. Also, the more places you use that name, the more chances you have to slip up and attach identifiable information to it. Taking myself for example, given my age, location, and the fact that I’ve mentioned being a programmer on this blog, there are only so many people I could possibly be. Fortunately for me odds are good that my boss wouldn’t give a shit if someone outed me, but people who can’t afford to get outed need to be more careful than I am about what personal details they share.
2. Pictures: like your username, any pictures you put on your Fetlife profile should not be used anywhere else. It’s very easy to take an image (even on Fetlife, sure they’ve disabled right click save but that doesn’t actually accomplish much), plug it into Google’s reverse image search or TinEye, and find everywhere else that image exists. Those are really handy tools if you’ve been talking with someone online and have doubts that their photos are really of them, but they can get you in trouble if you use the same images on Fetlife and in any place attached to your real name.
Pictures on Fetlife are simply not secure. Pictures anywhere on the internet are simply not secure. If it can be viewed, it can be saved and posted elsewhere or shared in ways you didn’t intend. You can make it a pain in the ass to steal photos or videos, but you can’t make it impossible. Even if it were possible to keep people from saving an image on the internet to their computer (that’s not even slightly possible and never will be), it will never be possible to prevent someone from viewing an image anywhere on the internet and taking a picture of it with a camera. If you can see it with your eyeballs, the camera can see it too. Now your ‘it’s safe if it’s on Fetlife’ image can be posted anywhere. Sure, you have to log in to see the images so you can steal them, but it takes maybe a minute to create a new Fetlife account, and still less than five minutes if you create a new email address to go with it.
3. Email addresses: the email your Fetlife profile is attached to should not be used for anything else. This makes it easier to keep everything separate and make sure you never reply from the wrong address, it makes it easier to keep things private even if you check your main email where other people can see you, and it makes you harder to google. If you’ve ever posted that email address anywhere else, that might come up if someone googles your address.
4. Real name: don’t use it anywhere in connection with a profile you don’t want connected with your real name. All sorts of sites, from twitter to Fetlife, will ask you for a name. Don’t give your real one. They will never know. Make up something plausible sounding if you like, but unless you’re paying for something online and need to give a name that will match the name on your card, there’s no reason you have to give your real name anywhere online. This may sound obvious, but people have gotten burned by not realizing that twitter displays both your “name” and your handle on every tweet you make.
5. Personal details: people can track you down with surprisingly few details. Be careful how much you talk about your hobbies, or what you do for a living, or where you live. Even if you’re just talking about the weather, that can help people start narrowing down where you are. Like I mentioned earlier, knowing that I’m a female programmer means there are only so many people I couild possibly be. Knowing that I like whisky means there are certain events I’m likely to be at. Knowing that I’m a gamer means there are other events I’m likely to be at. Knowing both of those things means you can look at members of different groups and see which ones appear in both groups.
6. Location: you don’t have to share this either. Many many people on Fetlife list themselves as being from Antarctica to obscure where they actually life. Even if you list yourself as being from Antarctica, be aware that you can still be tracked by which groups you’re a member of or where you post regularly. Your recent activity is very easy to find – it’s at the bottom of your Fetlife profile. If you frequently post in the Fargo Moorhead Fetlifers group, for example, it’s not going to be hard to figure out roughly where you live. If you can’t risk being found, stick with groups that are for certain topics, not particular locations.
7. Public wifi: don’t do anything sensitive on public wifi. You don’t know whether the network was set up correctly, you don’t know who else is on there, you don’t know whether the network itself has been compromised. It’s not at all difficult to see all the traffic on a network, not just the stuff that’s intended for your device. Fetlife keeps everything encrypted now, but they didn’t always. Other sites may not encrypt anything at all – if you don’t see the padlock icon (in chrome it’s at the left side of the url/search bar), don’t do anything you wouldn’t want other people to be able to see.
8. Browsers: if anyone else uses your computer and you want to keep things private, you need to clear your cache, not bookmark anything sensitive, and not allow your browser to save passwords for anything sensitive. Chrome, for example, will only allow you to view the actual password if you enter the password you logged into your computer with, but you still don’t want it to save passwords because you can see the name of the site and the username without having to enter a password. If you don’t want people to know you use Fetlife, you can’t let your browser keep a record of you having a Fetlife password.
9. Passwords: don’t reuse them, have a strong password, make it hard to guess, etc, etc. This is all stuff you’ve probably heard before. I recommend using a password store like KeePass or LastPass. If you use one of those, you only have to remember one password, no one else can even see which sites you have passwords for, and you can use extremely strong passwords or ideally pass phrases (instead of a single word, use a sentence) without having to put a huge amount of effort into memorizing them. Strong passwords are important because they make it much harder to bruteforce your password. It would take a human ages and ages to type in every possible combination for a six character password that’s only letters, but a computer can do that in no time flat. If your password is long enough and has enough different characters, it becomes more and more work to generate and test all the possibilities.
Readers, do you have any other safety tips?
A reader was kind enough to mention a couple of things I completely forgot about.
1. EXIF data on photos! When you take a photo with a phone or digital camera, it stores a bunch of metadata like the date and time it was taken. Most of it’s probably safe to share, but some phones/cameras will save GPS data as well. To view and/or remove that data, you can use a site like this one or just google EXIF data viewer or remover. Don’t send photos with EXIF data still in the file unless you’re comfortable with everyone who gets a hold of that file knowing exactly where it was taken.
2. Email addresses: always create your own, don’t use an address anyone created for you. Gmail (and probably others) will show you the location of your last login so you that you can tell whether it was you or if your account got hacked. If someone else created the address for you, they will probably have access as well and will be able to find out what city you’re in and possibly what IP address you logged in from, which can be used to narrow down your location with a site like this one.