Oh dear God. I saw a tweet from Mistress Matisse, wondered what the heck she was talking about, and made the mistake of clicking on the tag, and now I’ve discovered a whole new world of idiocy in something called #ThotAudit.

First of all, I had to learn a new word: “thot.” Apparently, it means something like “slut” or “whore,” but it’s a relatively new word that showed up around 2011. Because, you know, American vernacular English didn’t yet have enough derogatory terms for sexually active women.

(When I was in high school, I literally didn’t understand why guys used the word “slut” to demean girls. “Wait a minute…you’re insulting girls…for wanting to have sex with us…? Why would you do that?”)

Anyway, #ThotAudit is some kind of weird campaign to report sex workers to the IRS for tax evasion, and it’s organized by exactly the kind of people you’d think would organize such a thing:

Online sex workers have slammed a viral campaign by right-wing “incels” and men’s rights activists to mass report them to tax authorities for allegedly failing to declare income.

The hashtag #ThotAudit, which appears to have been started by a Facebook user calling themselves “David Wu”, began to trend on Sunday after being promoted by controversial pick-up artist and “legal rape” advocate Daryush ‘Roosh’ Valizadeh.

“Online thots are finding out that all income generated from their breasts and vagina is taxable,” Mr Valizadeh tweeted.

“Men are aggressively organising to report all thots. I don’t blame them: these girls are getting a free ride via beta bux and a broken sexual marketplace that is rigged in the favour of females.”

Man, that whole “income generated from their breasts and vagina” line is creepy as fuck. Can you imagine having to spend every day of your life being that guy? Who worries about stuff like that? I guess the same kind of guy who whines about a “broken sexual marketplace.” #ThotAudit is so aggressively stupid that I don’t know where to start.

I guess I might as well start by anticipating that someone will accuse me of “white knighting.” That’s a term that pickup artists, MRAs, and other assholes use when some other guy steps in to defend a woman they’re bothering. It’s meant to taunt the other guy for using the appearance of chivalry in a weak attempt to get laid, because they can’t imagine any other reason for talking to — or about — women.

The thing is, I’m not white knighting, because I’m not defending these women. They don’t need my help defending against something this dumb.

First of all, it’s not like any of these #ThotAudit assholes have actual knowledge of tax evasion. They don’t have any information that they could give in a statement in a legal setting that would help establish any of the elements of tax evasion.

All the #ThotAudit assholes have is a suspicion that these women must be evading taxes because they are sex workers. And that’s on the basis of Twitter feeds and escort web sites, which IRS agents can easily find by themselves without help from the #ThotAudit twits. Heck, the #ThotAudit twits don’t even have the real names of the women they claim they are reporting to the IRS.

But let’s suppose, just for the sake of argument, that some #ThotAudit twit is actually able to get IRS investigators to take interest in a sex worker that he brought to their attention. If the investigators are able to bring the legal powers of the federal government to bear on the problem (I have no idea what level of proof is needed for this) they could probably trace a Twitter account or website to an actual person. And if they did that, what would they find?

Probably, a taxpayer.

In the case of purely online sex workers, like cam girls or phone sex performers, they have to be able to accept electronic payments, which will create records in the banking system that will make the income visible to the IRS, pretty much guarantying they will have pay taxes on the income. Things get a little more complicated with sex workers who accept cash payments in person, such as strippers or escorts. If the #ThotAudit jerks get IRS investigators to look into the finances of someone like that, what will they find?

Probably something familiar: A cash-oriented business.

The IRS is of course deeply suspicious of cash-oriented businesses because it’s hard for the IRS to know how much money they really receive when there are no electronic bank records of the payments. Everyone suspects that a lot of cash-based businesses cheat on their taxes, so the IRS would be right to be skeptical about the tax returns of sex workers.  But, well…the point of unreported cash income that no one knows it exists. The IRS isn’t going to be able to do much without proof of income.

And it’s not as if most sex workers don’t pay income taxes. Sure, if a customer pays them $300 cash, and they go to Target and use the money to buy groceries or clothing or a television, they won’t leave a paper trail, so they can cheat by not paying those taxes. But if they lead anything like a normal middle-class life, they probably have a ton of expenses that leave a trail. If they have a $2000/month mortgage, a $600/month car payment, and $300/month in utilities, plus $500/month for health insurance and another $1000 per month in miscellaneous credit card payments, they need to be able to show almost $6000/month in income to cover those expenses.

That means reporting somewhere around $18,000 in income every quarter and making estimated tax payments. It will be more if they want to put some money in the bank or pay into an IRA. So if the IRS takes a look at them because of #ThotAudit, they’ll find a woman reporting over $70,000 in annual income. They may suspect that she’s bringing in even more as unreported cash income, but it will be hard to turn those suspicions into evidence.

Given that the #ThotAudit douchebags aren’t reporting people in other cash-oriented business — bartenders, food truck operators, bodega owners, dry cleaners, farmstand owners, landscapers, housekeepers, dance teachers, handymen…or for that matter, male sex workers — it’s pretty clear this is just another excuse to harass women.

But it’s not even effective as harassment. I had to think for a while to convince myself that the threat to tattle to the IRS was toothless. But to actual sex workers, who know far more about the tax implications of their business than I do, this has got to be incredibly obvious. Sex workers on Twitter are certainly not frightened. They’ve been mocking #ThotAudit without mercy.

Look, sex workers deal with more than their fair share of assholes online. They are used to fending off time wasters and religious nuts and every would-be edgelord who thinks it’s epic to ask them if they suck dick for a living. They are used to harassment, and they have strategies for dealing with it. They are not impressed by someone threatening to mail a piece of paper to the government.

I’m a big fan of Reason writer Elizabeth Nolan Brown, but I think I disagree with her take on this development:

Some people were upset that Brown was apparently applauding an attempt to shut down advertising by sex workers, through the now-familiar subterfuge of claiming to be fighting “sex trafficking.” But she’s been reporting on that trick for years, and she’s been anticipating that the sex trafficking panic will eventually hit a non-fringe website like Facebook.

That would be a good thing for sex workers, she believes, because with $40 billion in annual revenue — much of which would be at-risk if Facebook is labeled a “sex trafficking website” — they have both the means and motivation to fight this tooth and nail. Their legal team could end up setting some good precedents in the courts that will help other sites that carry sex work content, and their lobbying efforts could get some important changes to the law that would prevent these attacks on sex work in the future.

I’m not so sure.

Back in 2006, there was a bit of a panic when it was discovered that a bunch of children’s toys manufactured in China had high levels of lead in some of their components. The toy company Mattel was by far the most affected: Six of the seven toy recalls were for Mattel products, and the company ultimately recalled 19 million toys. Naturally, Congress leaped into action.

The resulting law, the Consumer Product Safety Improvement Act (CPSIA), did a number of things, the most far reaching of which was that it added a lot of new testing requirements:

The law bans lead and phthalates in toys, books, clothes, and any other object intended for children under 12. To enforce these rules, the law requires every toymaker, distributor, or retailer who sells products in the U.S. to certify each of its models through third-party testing, labeling every item with an individual date and batch number.

Broadly speaking, manufacturers used to ensure their products didn’t contain dangerous substances like lead by making that a requirement for materials purchased from suppliers. E.g. A company making painted metal toy trucks would make sure to order only lead-free paints and lead-free metal alloys from their suppliers. Under CPSIA, however, toy makers were required to independently test a sample of their assembled toys for lead content.

The law left a lot of decisions up to the Consumer Product Safety Commission (CPSC), such as how items should be marked:

On July 20, only three-and-a-half weeks before the rules were to take effect, the CPSC announced some lenient if vague interpretive guidelines. The agency said it didn’t think individual marking was required for very small objects and items in sets, such as wooden blocks, and agreed that harm to a product’s functionality or aesthetics might be a possible reason to reject marking as impracticable.

More craziness: Regulators banned lead outright in children’s items, apparently without accounting for bio-availability, so even lead locked up in tight chemical bonds could keep a product off the market:

Jewelry is subject to particularly strict requirements, since most true crystals and rhinestones contain lead—although it poses minimal danger to kids, since the metal remains locked inside the crystal structure of the stones.

The effects of this requirement are harder on smaller manufacturers who lack economies of scale. A giant toy maker could spread the costs of testing over hundreds of thousands of units of each toy, but a company that sold only 3000 units of a toy would have to cover the testing with much larger increases to the cost of each of a much smaller number toys.

One small business owner, with fewer than 10 employees, told me of needing to add an employee to do nothing but administer and document his testing and regulatory compliance program. Another told me that since children’s garments were not a major part of his business, he has decided just to get out of that aspect of the business altogether rather than have to hassle with all the rules.

This was especially brutal for craft toy makers: A woodworker making hobby horses in his garage would be required to pay for outside testing of his toys — about $4,000 per batch (whatever a “batch” is for handcrafted toys) even though the wood and paint he used were lead-free. That could wipe out his entire profit from selling the toys, and possibly his entire revenue.

Eventually, a bunch of exceptions were carved out, and some small toymakers were able to stay in business, but it was a mess for a long time. At least for some people… Remember Mattel? The giant toy company responsible for most of the contaminated products that kicked off this whole mess in the first place? Yeah, well, funny story…

Turns out, when Mattel got lemons, it decided to make lead-tainted lemonade (leadonade?). As luck would have it, Mattel already operates several of its own toy testing labs, including those in Mexico, China, Malaysia, Indonesia and California.

So while most small toymakers had no idea this law was coming down the pike until it was too late, Mattel spent $1 million lobbying for a little provision to be included in the CPSIA permitting companies to test their own toys in “firewalled” labs that have won Consumer Product Safety Commission approval.

The million bucks was well spent, as Mattel gained approval late last week to test its own toys in the sites listed above—just as the window for delayed enforcement closed.

Instead of winding up hurting, Mattel now has a cost advantage on mandatory testing, and a handy new government-sponsored barrier to entry for its competitors.

That particular episode in legislative history is why I’m not as optimistic as Elizabeth Nolan Brown about Facebook coming under attack in the sex trafficking panic. I agree with her that Facebook is going to throw money, lawyers, and lobbyists at the problem, and they’ll come out of this just fine. But I’m not convinced that Facebook’s victory will be a victory for sex workers.

That’s because I expect Facebook to work toward a Mattel-like outcome. Their lobbyists and lawyers will offer their expertise at social media to work with Congress to help craft the most effective legislation for “protecting vulnerable people.” I’m probably not devious enough to figure out exactly what they’ll do, but I would expect the 2019 Stopping Internet Facilitated Child Sex Trafficking Act (or whatever they call it) to include provisions like:

• This rule applies to all entities that operate websites that sell ad space to people offering services including but not limited to escorting, massage, exotic dancing, modeling, cuddling, or any other service that must be performed in person in a non-public location.
• Web site operators must “know their customer” and obtain suitable identification from ad buyers.
• Web site operators must, within one year of passage of this law or prior to accept their first ad, which ever comes later, submit to the Department of Homeland Security their comprehensive pland for preventing child sex trafficking through their site. The plan must include,
  • Appointment of a Sex Trafficking Prevention Officer.
  • Description of how the site proposes to identify potential child sex trafficking related advertising materials.
  • Description of how the site proposes to handle reports from law enforcement agencies indicating that one or more ads are child sex trafficking related.
  • Description of how the site proposes to handle reports from third parties that one or more ads are child sex trafficking related.
  • Establishment of a liaison relationship with the state agency responsible for child sex trafficking crimes in every state in which the website does business.
  • Establishment of a liaison relationship with the city police unit responsible for child sex trafficking crimes in every city with a population of 250,000 or more in which the website does business.
• Upon receipt of a request from a law enforcement agency to take down an ad suspected of being related to child sex trafficking, the website operator must remove the ad within 24 hours.
• Website operators must furnish to the Department of Homeland Security a quarterly report detailing the number of suspected child sex trafficking ads reported, the source of the report, and the final disposition of the ad.

And so on.

There’s be adjustments. Some church groups would notice that the law technically applies to their programs to match teenage members of the congregation with elderly members who need help around the house, and Congress would quickly amend the law to exclude faith-based social services providers. Amazon’s Home Services sales group would arrange for their own carve-outs. Maybe language would be added to require that the services be of “a sexual or intimate nature” and leave it to DHS and the courts to figure out all the details. Eventually, as with FOSTA/SESTA, something would get signed.

Facebook, with $40 billion a year or so in revenue, could easily afford to create a department and hire 10 or 20 people to comply with a law like that, as could many of the other social media giants. But a lot of smaller businesses would be casualties, not all of them escort advertising sites. I wouldn’t be surprised to discover that sites like Model Mayhem and One Model Place would fall under such a rule.

Then again, I wouldn’t be surprised if escort advertising sites survived just fine. I think Slixa and Eros are already run from offshore, and I wouldn’t be surprised to see some more foreign websites start selling to Americans. On the other hand, I can also see how small sites where a few escorts pooled their money to advertise might get shut down.

Ultimately, I just don’t think Facebook is going to end up defending sex workers.

A while back, I stumbled across a series of posts by New Orleans sex worker Annie Calhoun on the subject of screening clients who contact her through the internet. I was especially struck by the degree of sophistication she shows in her thinking about security.

I realize that sounds condescending, but I don’t mean it that way. Corporate IT security managers would be thrilled if company employees understood security as well as Annie does.

I’m not a security expert, but as a software developer, I am somewhat familiar with the basic ideas behind information security, such as establishing a subject’s identity and controlling access to resources. What was especially fascinating to me about Annie’s posts is that — in part because she does business over the internet — many of her practices bear a striking resemblance to network security protocols.

Start with her section for newbies that explains why screening is necessary.

Just in case you don’t get where I’m going with this: This man was asking me to meet with him alone, in private, when he was completely unwilling to provide ANY information about himself whatsoever.

[…]

I know literally NOTHING about this man.

The man she’s talking about had sent her an email expressing his wish to meet her but did not want to provide screening information such as his name, employer, and phone number. This is a problem for Annie, because there are certain things she wants to establish about a potential client before she is willing to meet him alone in a private place:

For most of us, the client must:

• be someone we’re willing to spend time alone with,
• agree to provide the requested honorarium in the amount we’ve specified beforehand (on our websites, listings, etc.)
• be someone we feel is not a danger to our personal safety.  We each have our own standards regarding what makes us feel safe.

(“Honorarium” is Annie’s way of saying she wants to be paid. Due to the legal climate, sex workers in America tend toward euphemism.)

In the world of information security, we might call the items in that list claims. They are assertions of fact about the client that Annie needs to establish before she will let him meet her. In a sense, Annie is specifying her access control requirements.

Speaking of which, I’m pretty sure that Annie’s access controls imply an additional implicit claim that she wants to establish about a client before she will meet him: Don’t be a cop. She doesn’t say this explicitly anywhere that I can see, but it seems like an obvious concern. (I’m guessing Annie doesn’t mention her no cops requirement because expressing a desire to hide from the police could be taken as evidence she’s doing something illegal.)

When discussing security, we often talk about establishing one’s identity, but in practice the details of an identity are linked to what the identity is used for.

For example, you can leave comments on this blog by signing in with your Twitter account. That doesn’t really tell me who you are, it just tells me you have the password to a Twitter account. So if @JohnSmith signs in, it doesn’t really prove that John Smith has left the comment. It literally only proves that the comment was left by someone with the password to the @JohnSmith Twitter account. That’s good enough for Twitter, and since I only want to offer people the ability to establish a secure history of comments, that’s good enough for me.

Annie’s got more at stake than I do, so she has more stringent requirements. Before getting further into those, however, let’s look at a screening method that doesn’t satisfy her requirements. She offers this fictionalized example:

To: [email protected]
From: [email protected]
Subject: Appointment with you tonight

Hey Annie,

My name is Bob Ross. You may have heard of me. I’m a painter, and I used to have my own TV show. Remember “happy little trees?” Yeah, I started that whole thing. Anyway, I want to meet with you tonight. I know it’s short notice, but I’m sure you can accommodate a slick guy like me.

Talk to you soon,

Bob Ross the TV Painter

That’s not going to work. It’s the equivalent of letting people comment with their Twitter handle without having to login to Twitter. It doesn’t prove the claim that they are the owner of the Twitter account, it only proves they know the Twitter account exists. The only authority for the claim that they own the account is their own assertion that they do. In matters of security, such self-certifications are worth nothing as an authority for a claim. Similarly, Bob’s letter only proves he knows Bob Ross the TV Painter exists, and his self-certified assertion that he really is Bob Ross the TV Painter doesn’t actually prove that he is.

Going into a little more detail, when you sign in with Twitter, my server receives a message from the Twitter server telling me you correctly logged in to your Twitter account. I trust Twitter because their business model depends on them being a reliable authority for identity claims. I believe that the message came from Twitter because it is signed with a certificate that belongs to Twitter. I trust that the certificate belongs to Twitter because it is authenticated with a chain of certificates that ultimately ends with a top-level public certificate that came installed on my server. Once my blogging software has enough information to link all these things together, I know I can trust your comment to have come from your Twitter identity. I have established a chain of trust.

Annie’s problem with Bob’s insistence that she just Google him is that so far there’s no chain of trust. There’s actually only one trustworthy claim she has about him: That he controls the [email protected] email account. The chain of trust for that claim runs through her email provider, which allows her to exchange email with Bob at that address.

Google does tell her a lot of things about Bob Ross the TV Painter, with all the authority of whatever public news stories and websites it finds for her, but it does not close the chain of trust: It doesn’t prove that Bob Ross the TV Painter is the same person as the owner of the [email protected] mailbox.

This problem can be hard to understand when you;re on the other side of it. After all, you know who you are, right? It’s hard to figure out where the gaps are from the other person’s point of view. I’ve run into this a few times when I missed paying a bill and somebody called to ask for their money. I have to explain to them that while I apologize for my error, and I promise to pay as quickly as possible, there is absolutely no way I’m giving my credit card number to a stranger who called me. If I had called them at their public customer service number, that would establish a chain of trust I could believe in, but when they call me, I have no proof that they are who they say they are.

Annie understands these things, and she goes through some trouble to explain several possible chains of trust to Bob:

What I need is an email address that is associated with you publicly and professionally. For instance, if you work for PBS, and the PBS website lists Bob Ross’s email address as [email protected], that will work perfectly. You can either shoot me a quick email from that account, or I can contact you through that address and you can reply that you’ve received that message. Then, I’ll know that you are really Bob Ross, the TV Painter.

The chain of trust is pretty clear. Annie trusts her email provider, so she trusts the claim that email from [email protected] is from whoever controls the [email protected] email address. As for the claim that the owner of [email protected] is Bob Ross the TV Painter, Annie trusts that Bob’s employer wouldn’t put fake contact information its public website, so if they say that Bob Ross the TV Painter has the email address [email protected], that’s enough to authenticate the claim for her. She now trusts that she’s talking with Bob Ross the TV Painter.

But perhaps Bob Ross is afraid to use his work email address for his dalliances with harlots. That’s why Annie offers a second option: She’ll send him something through his public address, and then he can respond to it through the [email protected] address, thus extending the chain of trust  to that address. In other words, Annie has reinvented the computer science concept of a bearer token.

When you login to your bank’s website, you provide your credentials — your username and password — in order to access the first page of the site. In return, the server generates a cryptographically secure token — basically some random data that would be hard for someone else to guess — and sends it back to your browser. After that, as you navigate around the website, whenever you click to bring up a new page, the browser sends the token along with the page request. (In browser terminology, the token is a cookie.) Since the server knows it gave out that token to a user who provided valid credentials for your account, possession of the token proves you are the owner of the account without your having to send along the username and password with every request.

Annie’s plan works the same way. She can send a message like this to Bob’s public account, referring to a randomly made-up order amount and using a made-up name (this is my example, not hers):

To: [email protected]
From: [email protected]
Subject: Thank you for your order!

Robert,

Thank you for your order. Your credit card will be billed $21.57.

Margaret P. Granholm
Sales Associate

Bob can then respond from the private account that he used to contact Annie earlier:

To: [email protected]
From: [email protected]
Subject: Got your message.

Hey Annie,

Got your message. Here’s the information you asked for: The amount is $21.57 and the sales associate’s name was Margaret P. Granholm.

Talk to you soon,

Bob Ross the TV Painter

The public websites establish the chain of trust to assure her that [email protected] is controlled by Bob Ross the TV Painter. And since she sent that address a token composed of the made-up name and amount, she knows that anyone who has that information must be Bob Ross the TV Painter, so when she gets that token back via the [email protected] address, she can close the loop and verify that [email protected] really is Bob Ross the TV Painter.

She further explains a similar technique over the phone:

Alternatively, you can supply a phone number that is traceable to you. Let’s use the PBS example. PBS lists Bob Ross’s office contact number as (504) 555-5555. I can call that number and ask to speak to Bob Ross, and all you have to say is “Yes Annie, it’s me,” and I’ll know I’ve been emailing back and forth with the right guy.

She also explains how the chain of trust can be broken:

However, if you only supply me with a phone number for a prepaid phone, or a number that, when Googled, is not attached to your name or business, that doesn’t really help me.

Backing away from the details a bit, the purpose of all this is to establish that [email protected] is a client that Annie can do business with rather than somebody who will hurt or arrest her. It’s possible to do this more directly:

And if neither of those methods works for you, you can also provide references (names and contact info or websites) from two established professional companions/providers/escorts you’ve met with in the past. I’ll contact them to make sure you’re safe and a gentleman. When they respond positively, I’ll get back to you and we can set up an appointment.

Elsewhere she clarifies the information she needs about the other escorts:

Generally, when we ask for references, we’re looking for a name, email address, and a link to a website. For example:

• Annie Calhoun
• NOLAcourtesan.com (or the url, whatever)
• [email protected]

This way, the provider can look at my website and see that I’m legit (or even search for my name on various ad, screening, and networking sites) before contacting me).

Notice again, the careful chain of trust: From the public website to the email address to the escort’s emailed verification that the client is safe.

One thing we might wonder is why does Annie put so much trust in public websites. How much does a website really prove? Couldn’t a cop or a serial killer set up fake escort sites? The short answer is that although public websites aren’t hard to set up, they do require an order of magnitude more work than getting a gmail address. That additional work will tend to screen out some bad actors.

Again, this is a common technique in information security. For example, it’s used in encrypted password systems to prevent password guessing. Passwords are stored in a hashed format that is computationally expensive to test, so even if a hacker obtains an encrypted password, it will be time-consuming to test password guesses.

Annie’s basic goal here is to pick verification techniques that are difficult for someone to spoof. A malicious person would have to plan ahead by setting up two fake escort websites with email addresses. And while setting up a website isn’t very hard, it’s considerably harder to setup a convincing website, especially for someone like Annie, who’s actually in the business. She could easily research the other escorts to determine their legitimacy.

To show how this works, let’s use Annie’s own website as an example, and look for signs that she’s legitimate. We can see that her WHOIS entry shows that her domain was registered in March of 2012 and the Wayback Machine starts picking up content from it in May of that year. Furthermore, Annie has purchase an advertising page on the Eros guide for New Orleans and at Preferred 411, and before they shut down U.S. access, she had reviews on The Erotic Review from 2012. Annie is also active on Twitter, and her website and Twitter bio link to each other to close the trust loop.

All of this is evidence of an internet presence going back for years, which is a strong indicator of legitimacy. If the Annie Calhoun identity was only created so that someone could give out fake escort references, the perpetrator must have gone through a lot of trouble to set all this up, and they’ve somehow maintained the fiction for six years without anyone blowing the whistle on them. It seems far more likely that Annie Calhoun is a legitimate escort who began working six years ago, which means that a reference from her is most likely legitimate.

It’s worth noting that Annie doesn’t have to do all the work herself. The online escort industry is large enough that it has spawned a services industry to support it, and escorts like Annie have been able to use screening services to do some of the work. The feds have been shutting things down lately (in their effort to stop sex work by making it more dangerous), but in the past, Date-Check performed screening, The Erotic Review had some kind of whitelist for clients that allowed escorts to vouch for them, and Preferred 411 did both screenings and escort endorsements. 

In computer security terms, these sites act as trusted third parties that verify claims. Some of the sites issue ID codes that escorts can check and others use email addresses, but all of them eventually provide a chain of trust between the potential client and some information that can be used to judge whether he’ll make a good client.

It turns out that a lot of potential clients don’t want to cooperate with the screening process because they don’t like revealing their identity to a stranger. That makes things difficult, but note that Annie’s screening goals — “someone we’re willing to spend time alone with…agree to provide the [correct payment]…be someone we feel is not a danger to our personal safety” — do not include knowing the client’s true name.

Getting the person’s true name is usually a practical requirement for screening, but we could imagine other ways of establishing trust. For example, if several other legitimate sex workers say that the person at the [email protected] email address, and he was a great client, that might be good enough. His control over the email address proves he’s the person the other sex workers met, and their references establish his safety. Annie might consider that sufficiently strong evidence that he meets her standards even if she does not know his name. (Or not. I can’t speak for Annie) The referring sex workers might not establish that the owner of the [email protected] address is Bob Ross the TV Painter, but they do help establish the other claims Annie is interested in, such as agreeable personality, ability to pay, and safety.

Again, Annie doesn’t have to do all of this for herself. If she works for an agency or a brothel, they may provide the screening services. The computer security equivalent would be a trusted third party that enforces compliance to certain standards, such as workflow orchestration services like IFTTT and Zapier, or business coordination services like athenahealth medical billing or Quickbooks payment processing.

I find it fascinating that American sex workers face some of the same security problems as software engineers, and that they solve them in analogous ways. Annie’s thoughts on issues of identity are particularly clear, and they parallel a lot of modern thinking about identity on the internet. If more people learned to think about these issues the way Annie does, a lot fewer people would fall for phishing schemes and other con games.

I normally like to post something light on Fridays, but today I have to address a serious issue. In these post-Backpage days of heightened awareness about online prostitution rings, many concerned parents are asking themselves, “How can I know if my daughter is experimenting with online sex work?”

I’ve been following online sex workers for several years now, and based on my observations, I believe I can offer some helpful signs to look out for:

Five Signs Your Daughter May Be an Online Sex Worker!

1. She can recite the legislative history of the FOSTA-SESTA Act and describe its effects on Section 230 of the Communications Decency Act.
2. She rolls her eyes whenever a news story mentions “sex trafficking.”
3. She is extremely knowledgeable about internet privacy technology and can name an offshore web hosting service off the top of her head.
4. She can explain Operation Choke Point banking regulations.
5. She has a surprisingly vehement dislike for Ashton Kutcher, Demi Moore, Mira Sorvino, Julie Bindel, Swanee Hunt, Cook County Sheriff Tom Dart, and U.S. Senator Kamala Harris.

Special bonus 6th Sign: Her favorite journalist is Elizabeth Nolan Brown.

I hope this helps.

Maggie McNeill has a standing request that allies and supporters of sex workers do something to express that support whenever Friday the 13th rolls around. I had intended write something two weeks ago about my personal experience learning about sex worker rights, but I ran into technical difficulties before I could finish. This post is adapted from that piece.

It’s common to speak of “being an ally” to sex workers. There’s a lot of advice online about how to do that, including a guest post by Stacey Swimme at Honest Courtesan. But to be honest, I don’t think of myself as an ally to sex workers, because a lot of being an “ally” is amplifying sex workers’ voices, and this blog is not about amplifying other people’s voices — it’s a about me having a place to write in my own voice about ideas that I find interesting, and right now I don’t want to write about how much sex workers earn or the politics of review sites or clients who fight the screening process. What I am interested in writing about is the rights and freedoms of people doing something that shouldn’t be a crime.

I’ve spent a lot of time, as a blogger and before, arguing against the War On Drugs. Not only is the War On Drugs wasting resources, destroying lives, and eroding civil liberties, but it’s also a fundamentally evil idea: It’s using violent law enforcement to stamp out a consensual crime — a supposed crime in which all parties are voluntarily participating of their own free will. The War On Drugs hurts a lot of people, but it helps no one, except the people carrying it out, who get paychecks and the enjoyment of feeling smug and self-righteous as they hurt people. I hate everything about it.

I’ve also begun to hate the War on Prostitution. I’ve long been opposed to all consensual crimes — recreational drugs, gambling, pornography, public drunkenness, vagrancy, homosexuality, food trucks, gun ownership, kink, migration, raw milk, incest, risky sports, transgenderism, loitering, status offenses, braiding hair without a license, whatever — because as long as everybody involved has consented freely and competently, I don’t give a shit, and I don’t think it should be a crime. So I’ve always opposed prostitution laws in theory.

My opposition became somewhat less theoretical a few years ago when I bumped into Maggie McNeill in the comments section over at Radley Balko’s old Agitator blog, before it moved to the Huffington Post. At the time, Maggie was an ostensibly retired New Orleans call girl who had recently launched her own blog, The Honest Courtesan. I eventually asked Maggie to contribute to a group blog I had started with some friends, and she provided a bit of content for us.

That blog is dead, but I became a steady reader of Maggie’s blog, and I began to learn more about the legal issues that concern sex workers in this country. The obvious problem is that prostitution is illegal, but the details are important: What are the specific actions that are outlawed? In what manner are those laws enforced? And what effect does that have on the lives of sex workers and others?

I’ve learned that laws against pimping are used to prosecute babysitters who got paid with money earned from prostitution, and that carrying condoms can be used as evidence of prostitution, which makes it harder for sex workers to follow safe sex practices. I’ve learned that cops treat transwomen sex workers as if they were men exploiting women sex workers. I’ve learned that it’s a myth that waves of sex workers come to cities for major events like the Superbowl.

I’ve also been learning some of the terminology. The most disorienting thing for someone coming from the War on Drugs is that the meanings of legalization and decriminalization are reversed for prostitution — if you want it to be all-the-way legal, you want to legalize drugs, but you want to decriminalize prostitution.

The terminology for sex workers is a little frustrating. Words like “whore” and “hooker” can be insulting — although the latter sounds friendly to my ear, and many sex workers claim the former proudly. “Sex worker” is always safe, but it refers to a broad spectrum from escorts to dominatrices, streetwalkers, massage parlor girls, strippers, cam girls, and Hooters waitresses.

“Prostitute” can be problematic because it’s used by law enforcement to oppress sex workers, but I tend to use it a lot because most of my writing is concerned with that part of sex work which is illegal.

(And everybody hates “prostituted women,” which strikes sex workers as an attempt to deny that they have agency in choosing sex work.)

One good thing about the War on Prostitution is that it isn’t as intense as the War on Drugs. Anti-drug law enforcement is vicious and heartless: They can send you to jail for decades for selling drugs, and drug dealers have learned to keep their heads down. There are apparently a few online digital drug markets, but there’s nothing like the thousands of sex worker ads you’ll find on the web. There’s no recreational drug dealing equivalent of a big advertising site like Eros or ratings sites like Erotic Monkey or Rubmaps. Drug dealers just don’t have a big online community. (Or maybe I just doesn’t know how to find it.)

Sex work has benefited from something like benign neglect at times, and this has allowed a lot of sex workers like Maggie to be out in the open. There are blogs like Tits & Sass that have been around for years, and there are advocacy organizations such as the Sex Workers Outreach Project and the Desiree Alliance which work out in the open to advance sex worker causes. Sex workers also have a vibrant presence on Twitter, and I follow a whole bunch of them.

Unfortunately, the situation for sex workers seems to be deteriorating, in ways that are sadly familiar to those of us who know the War on Drugs.

It begins with finding people to demonize. Drug warriors will tell you that cops don’t go after casual users. They claim to only go after drug dealers — the “pushers” and “high-level traffickers” — who seem to practically force young school kids to do drugs. What they don’t tell you is that the laws define drug dealing so broadly that making a purchase with a friend, or even just passing a joint, can be enough to get you charged as a drug dealer.

When it comes to prostitution, cops seem to realize that their pearl-clutching over call girls is a dumb waste of police resources, so they’ve tried to recast what they do as fighting a genuine evil. They’ve hit on the idea of calling everything “sex trafficking,” or even worse, “child sex trafficking.” They talk constantly about the relatively small number of actual child sex trafficking incidents, and they pretend that that’s all there is to sex work. This allows them to justify arresting vast numbers of people on prostitution charges, and it allows them to cast supporters of sex workers as soft on child sex trafficking.

We’re also starting to see other unpleasant features of the War on Drugs, such as federal funding and inter-agency task forces. Federal funding tends to encourage police excesses because the funds are often tied to enforcement intensity: The more arrests, the more money. Because task forces do not operate under any one police agency, they remove control of policing from local governments. (Almost every really outrageous raid turns out to involve a task force.) Throw in additional funding through civil forfeiture of the supposedly ill-gotten gains of sex trafficking, and the result is police forces operating as self-sustaining predators who answer to no one.

One thing that is unique to sex work prohibition is the involvement of a dizzying array of interlocking “rescue” organizations that purport to be fighting sex trafficking and saving women victims. To be sure, the War on Drugs now includes a massive rehab industry that wouldn’t exist if the courts weren’t forcing thousands of people into mandatory drug treatment, but the War on Drugs started with law enforcement.

When it comes to sex work, the rescue industry is in some sense leading the way. They have created the environment and the sex trafficking mythology that makes high-intensity law enforcement seem like a reasonable approach. They participate in law enforcement activities, and they rely on law enforcement to send them women to “rescue.” They even provide funding for prosecutors (which has to be one of the worst charitable programs ever). It’s kind of a rescue industrial complex.

Since 2010, the anti-sex-work prohibitionists have been attacking web sites that support sex workers. One of the first was the Craigslist adult services section. This was soon followed by San Francisco-based MyRedBook.com, the gay-oriented Rentboy.com, and review site TheReviewBoard.net.

Late last month, in the name of fighting sex trafficking, Congress passed the FOSTA/SESTA law, which for the first time breaks Section 230 protections to make websites liable when their users post content that promotes prostitution. Even before the law went into effect, Craigslist shut down their personal ads, Reddit deleted a number of sex work related subreddits, and The Erotic Review stopped serving pages to U.S. visitors. And then the big news hit: The feds shut down Backpage.com.

It’s been a bad month for sex workers. Shutting down these sites — especially Backpage — takes away some of the safest channels for selling their services. For many sex workers, Backpage was part of the path that got them off the streets. Now thanks to a bunch of overbearing law enforcement groups and their self-righteous enablers in the “anti-trafficking” movement, many of them will be forced to return to the dangers of street work.

This is the sort of thing I’ve been seeing in Twitter. I only sample a tiny fraction of the sex work community, but I’m seeing a lot of concern over the consequence for sex workers, and it’s all pretty ugly. Here, for example, is my favorite anarchist sex worker explaining the value of online advertising:

Here’s another sex worker, explaining some the the cause-and-effect that’s going to hit the community:

I used to get angry whenever I heard of some new atrocity in the War On Drugs, but I was usually able to keep some emotional distance from the worst of it because I didn’t actually know any drug dealers. It wasn’t personal for me. I knew there was suffering, but I didn’t have to feel it.

But when it comes to sex workers, I follow far too many of them on Twitter. I know it’s just social media, but I feel like I know these people. And the last few weeks have been pretty bad. This bullshit is hurting people I know, and they are bitter, hurt, and angry.

Me, I’m just angry.