So, I want to take a little time to talk about a rather unsexy aspect to working in the industry that applies, I think, whether you are a cam model, adult film actor, or technician working on the production side.
Whatever your role, you’re going to be taking a lot of photographs and video – unless you’re working exclusively in live cam rooms, in which case how the hell are you promoting yourself without either of those two things?
And I suppose, at some level, everything I’m about to say regarding people who work in the industry also applies to anyone who keeps a sizable collection of porn – for their own amusement, to share with friends, or whatever the heck turns you on.
At any rate, taking (or downloading) lots of photos and video also means storing lots of photos and video. And more than likely, unless you do everything yourself, you’ll eventually need to hire somebody to retouch those photos and edit those videos to get you the perfect compilation of cuts and brilliantly breathless audio overdub.
But, unless you’re absolutely daft, you probably don’t want to just slap all those naughty snaps up in DropBox (hrm), OneDrive (ungh!), or god-help-you Google Drive (oh hey’ll no!)
Why the hell not? I mean, these platforms all have end-to-end encryption, right?
Wait. Did Vivian just say half of the industry are out of their fucking minds?
Let me just channel Cory Doctorow for a bit and take a second to explain a few cybersecurity buzzwords and what they mean:
- Encryption at rest: your files are encrypted while stored on the hard drive, so only authorized users can access them.
- Encryption in transit: your files are encrypted while the data is flying across the Internet (weeeeee!), usually by TLS – or if you’re an ancient sea beast like me you probably still call it SSL. Generally speaking, only the sender and receiver should be able to read the data.
- End-to-end encryption: this is a nebulous term that could mean the data can not be read at any point along its journey, but may also simply mean that it’s both encrypted-in-transit and encrypted-at-rest. (In such cases, parts of the data (usually metadata) may not always be encrypted or there may be short stops along the way where the data is decrypted for brief periods of time.)
And, yes, all the major file sharing cloud platforms offer a certain level of privacy and security through encryption, both while sending/receiving files and storing them.
But dig in for a second and consider this thoughtfully?
For Authorized Use Only
Who counts as “authorized” to unlock your files and see their contents? Well, in commercial versions of those big cloud sharing services, that’d usually be the company owner and any IT people they may hire. In both the commercial and consumer versions, it most likely means at least some IT people who work for those big companies like DropBox, Microsoft, or Google.
That being said, we haven’t even taken into consideration just how attractive a target these big tech providers are to hackers of both the criminal and the state sponsored kind, both of whom would love to (and have in the past, on multiple occasions) obtain the master keys for literally every single customer in the whole wide fucking world.
Taking Liberties with Our Data
Also, from a legal perspective, wherever you live in the world and in practically every instance you can imagine, authorized users also means members of government or law enforcement who request to see that content.
Think this cannot happen in the US, because of something-something 4th Amendment? Well, I used to believe that to.
However, according to the ACLU, the federal government currently has the authority to order US businesses to give the NSA access to their communications devices.
- Warrantless Surveillance Under Section 702 of FISA
- Despite Bipartisan Outcry, Senate Betrays the Fourth Amendment and Passes Bill to Expand Warrantless Government Surveillance – April 20, 2024
Now, a “US business” may sound like a big corporation, but it also includes tens-if-not-hundreds of thousands of sole proprietors, so called gig-workers, including independent contractors in the adult entertainment industry and – even if nobody in government believes it does – you can bet it includes all these big tech companies whose services we use, as well as the adult entertainment businesses that we work for.
But, aren’t these protections that were put in place for our own benefit? Aren’t they needed for national security?
Consider for a moment how badly implemented has been SESTA-FOSTA and how many consenting, adult sex workers it has hurt in the name of preventing human (and child) trafficking)? Does anyone really trust law enforcement not to use these abilities to righteously and aggressively pursue child pornography, whether real or only imagined? Personally, I would not take that bet.
Perhaps I’m only being paranoid here, but the truth is that the laws can change any time. Things that are legal now might be made unlawful later. Nobody really knows who will win the next election cycle in any given year, and regardless of who wins, I’m not taking odds that everything they do will be in my personal best interests as a member of an already marginalized group within society.
Like a Bird on a Wire
I haven’t even gotten into all the risks that may arise from badly configured certificate infrastructure, such as the massive data breaches that occurred within the federal government as a direct result of Microsoft’s failure to take warnings about vulnerabilities in SAML seriously, leading up to the crisis at SolarWinds back in 2020.
- Microsoft Chose Profit Over Security and Left U.S. Government Vulnerable to Russian Hack, Whistleblower Says
- Nine Takeaways From Our Investigation Into Microsoft’s Cybersecurity Failures
Or, if you’re looking for a more recent example, consider CrowdStrike’s massive Windows Update fail that brought down systems all over the nation including hospitals and airlines.
If big tech firms, cloud service providers, and major cybersecurity players cannot be trusted to keep government agencies and our critical infrastructure safe, why the fuck should we trust them with a collection of our nudes?
So, Cloud Sharing Is Broken.
Now What?
I hope I’ve convinced you to at least consider that simply trusting the big cloud-based file sharing providers is not a particularly smart play for your most sensitive data. Heck, at this point – having read my own argument – I’m having second thoughts about using it for mundane stuff like my bank records.
Well, you do not have to take any of this lying down.
Use File/Device Encryption
Firstly, I would encourage anyone to make sure you enable device encryption on your computers and phones. This is a logical first step, even though it will not permanently stop a determined party from eventually getting your data. It’s just the minimum viable option to ensure that you can prevent an average smartphone thief from also becoming someone who tries to stalk – or maybe even blackmail – you.
Enabling local encryption has literally nothing to do with the shortcomings of cloud file sharing apps, but it will help protect all those locally synced copies of your cloud data.
When you do enable encryption, just be sure you make backups of your BitLocker keys (or equivalent), in case they are knocked off the TPM module by mistake or some random hardware change like needing a new CPU or motherboard. Always keep these on a different drive (or multiple drives or USB sticks) that you keep in a physically secure location.
Really, you should be doing the same with all those downloaded recovery codes for your online accounts too, but I digress.
Use Encrypted Archives or Virtual Disks
If you’re going to transfer some naughty files into the cloud, there are a few things you can do to protect them while they’re up there.
For example, simply putting them into a ZIP file and locking with a password will provide you with some level of additional protection. This is because the password and resulting encryption key are a secret you can share with trusted collaborators that the cloud providers, their employees, and the government do not know.
Back in the day, we used to use a product called TrueCrypt to create a encrypted virtual drive, but development stopped over a decade ago and it is no longer considered secure. (I guess it’s finally time for me to break that old TrueCrypt drive that I lost the keys to out of my backup collection and go looking for some exploits. I had some really cute pictures in that thing I’d like to get back someday.)
Anyway, worry not. You can do something similar that’s better supported using VHDx virtual disk files in Windows. Other operating systems support this sort of thing too. Here’s a walkthrough.
Once you have all the files you want copied into your encrypted virtual disk, you simply upload or sync it to the cloud, confident that the cloud provider doesn’t have the keys, same as the ZIP file example above.
Keep in mind that if you intend to share the drive with others, you’ will ‘ll likely need to find a secure way to get them both the BitLocker key and the password used to mount the drive. Fortunately, you don’t have to hand off a USB stick at a dead drop, like some kind of cold war spy. Tools like WhatsApp, Telegram, or Signal are excellent for this purpose, but you could probably also send a DM in Discord and just delete it shortly afterwards.
Find a Cloud Provider Who Uses a Two Key Encryption System
Some cloud file sharing tools operate on a two key system, where they will use one key to store the data in the cloud, and you provide the other one when you access it – effectively double-encrypting the data. Both keys are needed to unlock the data and read the file, so the cloud provider can’t know its contents when you are not present with the second key.
I will leave it to my fans to DuckDuckGo for the vendors who provide such services, as there are quite a few of them and I have no personal preferences.
Of course, this can also be a bit problematic in the sense that there is still a trust issue with respect to assuming the cloud provider has a well implemented and secure solution – and that they’ll always follow their spoken rules. Buyer beware.
It’s What Vivian Do
OK. So, having covered all of those things above, let me tell you why I think they are bullshit, and what I do instead.
I think the above answers are all crap, because I think that given a potentially unlimited amount of time and access to my encrypted files in the cloud, an attacker could eventually break open any locked file that would be small enough so as to have any practical purpose when being uploaded. Further, this strategy is a lot of work, and I do not want to do all that work every time I need to share a camera roll so that my team can pick the good shots or touch up photos. Plus, the scalability problem only gets worse if you’re doing video.
So, this is what Vivian does, starting with the very important caveat that my solution requires a lot more work, and there are prerequisites that might put it out of reach for others.
Such are the advantages of owning and operating a studio, rather than being just a solo cam artist – not to mention being a totally cybered-up badass netrunner girlcock.
For starters, we have our own servers here at our studio headquarters, you know, like they used to do back in the 00s? Albeit, there are not as many of them now as there were back in the day.
To do this you will need:
- A firewall with moderately sophisticated functionality, such as port forwarding, IDS (e.g. Snort), and maybe a DMZ
- Your own DNS domain, like viviankastali.com that you can add domain names to at will.
- A static IP address, otherwise a reliable Dynamic DNS service.
- A file server, capable of doing network shared folders (typically referred to as a NAS, or network attached storage, with SMB file sharing)
- Either a 2nd server you can run as a web server, or else your NAS is capable of installing and running plug-ins (or “jails”) – or maybe your file server is just a shitty Windows Server 2022 box (Please don’t do that last one, lol!)
So, the first step is to set up your NAS, which could be as simple as putting one hard drive into a Windows box (again, please, no). It could be say two disks together in a cute little QNAP or Buffalo enclosure that includes mirrored RAID0, the network adapter, and NAS operating system. Or, you might have a really sophisticated rig like a Synology NAS – or TrueNAS if you prefer the home-brew / open-source approach.
From here, you set the NAS up with whatever folder structure to support security on the files you intend to share. Nothing is yet accessible to the Internet. This just lets people working on the local network or Wi-Fi access the files without needing to copy them over to their local devices.
Ideally, your NAS will support some kind of plug-in architecture. You will use this to install an instance of NextCloud.
In Windows this would be like running a container in docker, though I suppose you can just as easily install such micro-services right there in the host OS, and its not much less secure considering it was already Windows in the first place. (I have opinions, lol.)
For a Linux based NAS, NextCloud will generally be available as either a plug-in that you can install through the NAS’ web GUI, or maybe a shell script you can download and copy-paste that will create a “jail”, which is a container that will run your NextCloud web server without allowing it to access the core OS of the NAS itself.
By the way, the NextCloud website will tell you which NAS have the plug-in readily available already, so you can plan ahead if you don’t already have a NAS in service.
For security and privacy, the exact server type and setup we use at VKP is closely guarded. So, I’m speaking in general terms only. A girl needs her secrets, after all!
OK. So, as part of the setup process for NextCloud, you’ll need to define the local networking configuration for the web server. This all depends on how you have your local network set up. Most likely it’ll be some kind of internal-only IP address like 192.168.* or 10.0.*; no judgement which one you prefer.
Before you install NextCloud, you’ll set up a domain name for your server, example “myfiles.mycompany.com” and point to your external IP address. If your public IP is not stable, meaning your ISP re-assigns it at random, you will use DDNS to do this part. While I love EasyDNS, I have heard that CloudFlare is very NextCloud friendly, at least for certain platform installs.
As a final step you configure your firewall to forward traffic for HTTP (port 80) and HTTPS (port 443) from the public IP to the internal IP you’ll use to run NextCloud locally. Once this is tested and you are sure it is set up correctly, you can go ahead and install NextCloud.
Hopefully, your install process is pretty straightforward, as mine was too. The most likely thing to vary from one particular NAS to another is whatever method may be used to configure TLS (SSL) certificate from LetsEncrypt – or not.
Once installation is done, one way or another that process will give you an admin login to connect to the NextCloud service. Just go to the server’s internal IP with a browser and login.
Of course, while you’re at it, you can also test connectivity outside your firewall just using your smartphone without the Wi-Fi turned on. Or, pro-cybergirl tip, use a virtual browser like this one.
Having gotten into the NextCloud Web GUI, there are some things you should be aware of.
Firstly, in most cases, the default configuration is going to put all the files into the hard drive that runs NextCloud. You can certainly do things this way. It’s not a bad option if you only have one machine to spare and it isn’t very beefy. (In which case, hopefully toss an SMB share on that folder at the end of the day.) However, we wanted not just to be able to share files in NextCloud itself, but also to give access to the network folders we already use locally on the NAS. So, I did things the other way around.
So, you’ll want to go to Admin Settings and find the plugin called External Storage Support. This NextCloud plug-in will provide you a variety of different ways to get other locally available files into the NextCloud web server, without having to sync or copy them.
While you’re in there, you may also find the Group Folders plug-in to be useful. Just keep in mind this is also NextCloud local file storage, and not on your NAS or other external drives.
External Storage supports a few different ways to get to your files. If you’re running NextCloud in a docker or jail, you can mount the host folders directly into the container’s OS, and then attach to them using the Local option. If your NAS is physically distinct from your NextCloud server, you can use SMB, SFTP, SSH, or one of a few other methods to connect to it, and let NextCloud manage each user’s credentials independently, or supply one global user and password for the whole lot, depending on your needs.
So that’s it. Just sacrifice a random weekend and you’ve got yourself a fully configured private cloud, with user and group level security. You also get public file sharing links that can expire too, just like the ones you can make for OneDrive – without needing to get Microsoft involved.
Does all that seem like a bit much to you?
Well, you can purchase a hosted Enterprise NextCloud from one of the many service providers listed on the developers’ website. Though, to be perfectly honest, one big cloud provider is pretty much as risky as another. This seems to me like trading the devil that you know for the devil that you don’t.
Or, assuming you haven’t purchased any NAS hardware yet, Vivian could likely set a server up to spec and cross-ship it to you, plug-and-play. Or, if you can figure out how to get your hardware set up on your own network and then let me connect remotely to your PC (or server) using TeamViewer, I could probably do the rest of the configuration for you.
A Final Thought
One thing to consider is this, effective security is done in layers. This approach does not solve all problems, not was it meant to.
For example, you will want to think about compartmentalizing your files. Does a new contractor doing some Photoshop work on a specific set of pics really need access to the last 10 years of raw porn filming reels? I mean, what could go wrong?
Or just as importantly, if some of your people move on, what will stop them from taking vital files with them? Once your staff have downloaded a collection of nudes, it’s sort of hard to be sure you can get them back. It’s only a start, and not a perfect answer, but maybe do some planned maintenance now and then to remove access where it’s no longer needed.
Enterprise solutions provide ways to deal with this, but these aren’t entirely practical in the world of small independent businesses. Sure, you could make everyone log into remote desktops to work, but that’s not gonna be fun while trying to use Sony Vegas. Likewise, slapping oppressive DRM on everyone’s computers and phones doesn’t really work when those devices belong to individual people.
You might want to think about just don’t let hired help access files over the web at all. You can make them come into the office and work on a computer that doesn’t allow external drives or access to Internet file sharing sites or services. That’s the only way to be 100% sure. Then again, it will limit the pool of talent willing to work with you, bet.
In the end, it’s probably best not to rely only on technology. Protect yourself with other methods, like strong contracts and digital watermarking to track when assets have been inappropriately leaked. At the end of the day, you also need to do some due diligence. Make sure you can trust the people working with you. Maybe run background checks.
One way or another, always remember to wear protection – and keep your truly sensitive data in-house whenever you can.
Leave a Reply