Fetlife has been in the news recently for all the wrong reasons. Somebody scraped a bunch of user data off it and published it on the open web. This wasn’t a hack. They simply created a normal free account, which just takes a few seconds, and then ran a script to browse the site and download user profiles accessible to all fetlife users. They claimed that this was to demonstrate the lack of security in Fetlife. That position was undermined somewhat by the fact that they only took data from female users under 30 years old and published it in a file called ‘The Fetlife Meatlist’.
Understandably this pissed a lot of people off leading to articles like this and this. While the person who did it is obviously an asshole, I can’t say I was particularly surprised. There have been numerous articles over the years highlighting this potential attack, as well as previous technical demonstrations of the approach. Of course that doesn’t much help the 99% of Fetlife users who are busy getting kinky rather than reading techy sex blog articles.
It’s tempting to say that you should expect anything published online to be public. That’s both true and missing the point. Privacy is not a binary concept. At one extreme you have things like password protected accounts for storing private cellphone photographs. At the other you have sites like reddit and blogs like this one. To access the former you need either a hacker or a security flaw in the storage system. To access the latter you just need a web browser and an internet connection. Neither provides guaranteed privacy, as a lot of celebrities recently found out. Yet expectations of the two are clearly different.
Social media sites like Fetlife and Facebook fall someone between those two extremes. The problem is that their business model of eyeballs and advertisers pulls them towards the openness of a reddit or a blog. The expectation of their users, particularly for a content sensitive site like Fetlife, pulls towards greater privacy and protection. To date it seems that Fetlife has biased towards its advertisers over its users. So yes, you should always work on the assumption that anything stored online may become public. But that doesn’t absolve Fetlife of the responsibility to strike the right balance between its business model and its users privacy.
In the meantime, if you do take kinky selfies, be careful how you share them. Although if anyone wants to send me some, I promise to be careful with them!
This is by the Belgium artist Benoit Feroumont, who posts his erotic work under the handle Gracy Gimp.
Hi Paltego:
This is a very thought provoking post. I deleted my Fetlife account awhile back because I didn’t use it much and I was concerned it was just sitting out there waiting to be hacked. In general I seem to be pulling away from expressing myself on kinky social media platforms and bulletin boards. I just assume that anything I put out there is fair game. Fetlife seems like a very easy site to hack as you have clearly demonstrated and I would rather be safe than sorry. The site just seems wide open to me. These days I mostly confine myself to reading and writing blog fodder rather than joining online communities specifically intended for kinksters.
Hey hmp,
Happy I provoked some thoughts! The issue of online privacy is definitely a thorny one.
I’ve kept a fetlife account, but I don’t post on it. I just use it to dip in when somebody on a blog references something inside fetlife. Personally I find the model of interaction inside it very strange. It’s not a natural one for me.
The techy nerd in me also can’t help pointing out that technically the site wasn’t actually hacked. All the data posted was generally available to anyone who joined. So it wasn’t like the cellphone photo hack. But by automating the collection of the information and then putting it on the open web there was clearly a change in the degree of privacy and searchability of the data.
Thanks for dropping by. Hope you’re well.
-paltego
Knew I was right not to put any face pictures or indication of my real name on there. This kind of thing (to a less extreme extent) is why – I just figured that anyone could be on it/take stuff off it and then who knows where it’ll end up. Some people have been surprised by the fact I’m so tight-lipped about any personal information when it comes to kink online, but quite open at events and stuff. But that’s because IRL, I can control who I tell (and if someone wants to “out” me, they’ve got to admit they were at that rope bondage workshop too). I can’t do that online, and especially not on Fetlife.