Hi mastodon! In the last few days I've been talking w/some North American #sexworkers & folks in the adult industry whose safety has been deeply compromised by #SESTA #FOSTA. I mentioned mastodon as a possible social networking platform that could be shaped to help SWs protect themselves–do you agree? Do you have experience as an #admin or #mastodev who can support or advise? Help is urgently needed! Contact
survivorsagainstsesta@protonmail.com
Please boost!
#letussurvive #helpneeded #infosec
@Riley yeah, this is my surmise also :> obv I don't have the experience or knowledge to speak to that in an authoritative way, but I'm sure there's some on masto who could
@paralithode Not an admin or a dev, but I would say that if you're going to do that, stick to instances hosted outside of the US, with 100% non-US ownership, administration, and moderation. Ownership and hosting in Europe is probably best (along with following GDPR laws), as that's probably the strongest privacy protections against American police prying.
That should insulate the staff from any criminal or civil liability under #FOSTA, because they'll be outside of the US's jurisdiction.
@paralithode Actually, 100% German staff is probably the best bet - AFAIK Germany does not have extradition treaties to the US. (Note that all staff must be fine with never entering the US, or a country that will extradite to the US.)
@bhtooefr @paralithode Germany does have extradition treaties to the USA.
@tastytea @paralithode Hrm, wonder what it is that prevents them from being used in the VW case, then.
@bhtooefr @paralithode Germany doesn't extradites german citizens. Just as the USA doesn't extradites it's citizens.
@tastytea @paralithode OK, then you merely need German citizens to own and operate the site, from within Germany (and not to travel to any country that will extradite them to the US).
@paralithode Hi, the Cloud Act now makes it possible for US agents to enforce their law on foreign hosted data.
By hoosing Mastodon you gain visibility so you can have witnesses if you are a victim. But Mastodon doesn't use encryption atm, so privacy may be a concern even on pivate posts.
An off-grid solution could be Secure ScuttleButt, but you lose the visibility. Depends on what you seek.
Getting a better idea of the SW's threat model is probably the 1st step before choosing a platform.
@ordinarylava @paralithode I second what Ordinary Lava said.
There is no one-size fits all solution. The first step is to understand what your people would like to do (advertise? chat internally? spread the word about bad clients?) and what threat actors they need to worry about.
@paralithode A few ressources :
Threat Model : https://ssd.eff.org/en/glossary/threat-model
Secure ScuttleButt : https://www.scuttlebutt.nz/
Semaphor (another off-grid messaging/social network) : https://spideroak.com/semaphor/
You can have a look at Matrix/Riot, too : https://about.riot.im/
Other secure and decentralized communication systems exist , like Ring https://ring.cx/ or Tox https://tox.chat/
Decentralized protocols can be data consuming and battery draining on smartphones, but they're safer.
@ordinarylava thanks for sharing all the info! This sounds like it might be exactly the kind of thing the folks at letussurvive@protonmail.com might be interested in hearing about! :>
@paralithode I'm glad if it helps. You can find loads of tips here : https://ssd.eff.org/
Stay safe!
@paralithode I'm not a fan of SESTA, but can you elaborate on how it endangers sex workers? Are they more likely to engage in walking the street since they can't advertise online anymore? Or is the issue related to using tweets as an insurance policy in case things go wrong with a customer?
@stevewood I'm not a sex worker or a trafficking survivor, so I can't claim to have a nuanced understanding of the concerns they have–I read articles like this one
https://brokeassstuart.com/blog/2018/03/09/why-sex-workers-are-fighting-the-anti-sex-trafficking-bill/ & they seemed pretty convincing :>
@paralithode Can you explain more about safety?
@JordiGH I think any reply I could give would be pretty similar to this one; I'm an outsider, just trying to listen, research & trust those who are most affected :>
https://mastodon.social/users/paralithode/statuses/99744794737136299
@paralithode As from my experience, I would recommend Retroshare. It is p2p (or actually friend2friend) social media software. No servers, high security, you can connect it over TOR network, create communication channels limited only to "circles"...
Downside : the intrface.
(uder heavy development)
@aran sounds cool, might be worth sending 'em an e-mail! :>
@paralithode Yes, Mastodon could potentially help protect sexworkers but it depends on what they’d like to do with it. I’d be happy to help you bounce ideas around. I’ve not deployed a Mastodon instance yet but I have 25 years experience deploying and securing production systems.
@paralithode This would likely depend on law enforcement treaties between the US and the country where an instance is hosted.