This is a Good read from http://www.adultperformeradvocate.org/2011/08/28/aphss-the-evolving-replacement-for-aim/
APHSS- The Evolving Replacement for AIM
**Please feel free to repost**
The FSC recently announced their program Adult Health & Safety Services, aka APHSS which is meant to be a replacement for the now defunct AIM.
Great:-) Monthly testing is the adult industry’s self imposed regulations that enable the risk of STI’s and HIV being dramatically reduced.
Ela Darling recently gave the following quote defending the industry’s protocol, as a rebuttal to Cal Osha’s attempts to force the use of condoms on set:
“As an adult performer in the porn industry, the proposed changes to Cal/OSHA frighten and infuriate me…. As an individual and as a performer, I would rather have unprotected sex with someone whom I know for sure has been tested for HIV, Gonorrhea and Chlamydia in the past thirty days, than have barrier-protected sex with someone whose STD status is either unknown or positive.” via AVN.com
The majority of the industry favors the option of choice in the use of condoms in conjunction with regular testing. So APHSS is a awesome, right?
Not the way it currently is set up.
The FSC claims that there is no linkage of performer names and legal names in the APHSS database, and that no “health data” is stored there, only the performer’s legal name and work availability.
OK. Except…
PornWikiLeaks hasn’t even been down for a month yet, but somehow memories seem to be fading of exactly what information was used against us to perpetuate that organized harassment and terror. For the majority of us, it wasn’t “health data” that fueled the fire of that hell, it was the mere linkage of our legal names with our performer names, which just happened to be obtained by a medical database breach.
Maggie Mayhem realized this just last week when she became aware of painfully lingering online harassment efforts of a member of PWL that occurred months ago.
PWL used the linkage of her performer name and her legal name to spam the FaceBook profile page of her elementary school class, stating she (legal name) was a whore who went by Maggie Mayhem (performer name). The post had been made 5 months ago and was only discovered last week.
The following is from her twitter stream the day the revelation took place..
(Read from bottom to top)
Although adult performer’s legal names were gleaned from a medical database breach, the majority of the damage we sustained was due to legal name linkage, not the actual health data from the breach.
For some, that harassment didn’t stop at a mere one hateful paragraph template based wiki on the PornWikiLeaks site, it delved further into their lives, taking google earth images of their homes, digging up & posting private phone numbers, targeting the children of some adult performers, via the children’s facebook pages, or even worse, posting images of adult performer’s children on PornWikiLeaks itself.
Clearly, the issue isn’t just about “health data”. It’s also about your privacy, and the need to maintain anonymity, even if it’s a struggle.
The Free Speech Coalition posted via their twitter account, a link to the following article, entitled Do You Use Your Real Name Online? It’s an interesting article for them to post, perhaps it’s to condition adult performers for future potential personal privacy violation issues that APHSS may have a part in.
The initial “pre-registration” phase of APHSS asked for a performer’s legal name, performer name, and Driver’s License number, among other things.
Hmm.. wasn’t that the exact same info that was leaked during the AIM data breach, and subsequently provided the building blocks of PornWikiLeaks?
The signup process at the time I actually wrote this only asked for your email and legal name, which is a far cry better than the pre registration incarnation. However it now asks for your email, legal name, and phone number.
But there’s still the potential for real name linkage to your performer name, should anyone ever gain access to the log files that hold the registration information.
Hmmm… I didn’t see a warning on the signup page encouraging performers to use an email address that has no reference to their performer name, did you?
No.
So APHSS must be safeguarding our personal information with air tight security, right?
It doesn’t appear that way to me.
On the FSC’s blog site, the following was stated as part of their announcement of APHSS, “Furthermore, we are very grateful to Dave Astels, who generously donated his time and database expertise“.
Ok, so who is Dave Astels?
Dave Astels until recently worked for EngineYard.com, has a Wikipedia.org page, and his own tech blog. His expertise is in database architecture, and he’s quite skilled at programming in Ruby from what I gather.
However, Dave Astels is not a security programmer or consultant, as is evident by his easily accessible blog file library.
Upon a recent statement and consequent query via twitter to the FSC stating that I hope they had a security programmer involved in the design of APHSS, I was first ignored by the FSC itself, and then attacked by a boyfriend of an FSC member, in a clear attempt to shame me into not raising concerns. It was pointed out to me a bit later that it’s kind of odd that the FSC lets him speak on behalf of the FSC, and yet, he claims to have no direct affiliation with them. Even more odd is the intensity of his rantings.
I realized there were a few I missed in the initial screencaps, so I utilized Topsy.com
So I took a superficial look at APHSS myself..
Please note that I am NOT a computer security expert, though I do know a few, and have gained an active interest ever since Porn Wikileaks.
When programming in Ruby, the output is usually PHP..
Upon easy query, it showed that APHSS runs on a very outdated version of php, version 5.2.1.
By going to php.net, I found that the most current version of php is 5.3.6
Here are a list of the vulnerabilities that have been updated since 5.2.1 was released.
Wow. ”Over 100 bug fixes”. That’s a whole lot of ways for someone who’s dedicated to get at the potential real names of adult performers. And that was actually a pretty easy breadcrumb trail to track, since my only qualifications are supposedly “crushing men’s privates for $”.
So when the FSC Membership Director Joanne Cachapero makes the following statement, “Our number one priority is the privacy and well-being of performers, as well as continuing health and safety standards for the protection of adult productions” as part of the announcement of the official launch of APHSS, what do you think of that statement?
APHSS has done one thing right so far by creating an advisory board that includes well known and articulate representatives from the adult performer community. ”The performer representatives are Jessica Drake, Bobbi Starr, Danny Wylde and Steve Cruz.… Performer Nina Hartley will serve as Educational Advisor.”
Maybe they finally grasped the idea of “with us, not for us” as it pertains to creating policy that effects a specific group of people.
Hopefully, the advisory board can impress upon them the importance of keeping adult performer’s legal names from being linked to their performer names, and take the “extraordinary measures” Mr Whiteacre scoffed at publicly to ensure that happens.
16 Responses
Wow could think way make hard on porn stars working out in California untill read this. I have seen bad times come porn how get this?? I think statement made Joanne Cachapero is bad joke plague health well being porn stars. How define insanity. Doing the same thing over and over and expecting a different result. What got here doing same thing over geting same bad result. Bad joke creating an advisory board that got Nina Hartley serve a Educationl Advisor when question buy cal osha at one there meeting this year she had no clue that against law work in porn in California if guy was not wearing condom when ask when asked if she knew that she replye she did know that. Than add salt to wound remind Nina Hartley that she been site buy them for not use condoms on many her porn shoots remind her was law. Good luck with that advisor board looks like cluess half ass attemp buy some in porn provide action make porn industry look like doing some about health issues but word alone little action this provide that cluess are gone sink good ship porn in California down drain before any one there know what happen. Brazzer should take note not safe from this down San Deigo gone catch up them sooner or later not gone be to happy about it.
Just.. wow.
Hi Mike:
A few minor technical points. When programming a web app using Ruby-on-Rails (RoR), the output is usually HTML which is the HyperText Markup Language sent to your browser for rendering into a web page. Ruby is the language used by the Ruby-on-Rails web framework. A programmer would write the web app in Ruby using RoR to handle the common tasks that almost all web apps need (accessing a database, writing HTML back to the user, parsing a web address, etc). RoR is well regarded and trusted by many app developers. The Phusion Passenger module simplifies deployment of the app on Apache (a popular web server).
As for the recency of the PHP versions, the PHP 5.2 and the PHP 5.3 languages are considered separate product lines since some older PHP code cannot run on 5.3. The latest version of PHP in the 5.2 line is the version that they are running (5.2.17) which was released on Jan 6, 2011 and only included one fix since the code is quite old and stable in the 5.2 line. From a security standpoint, old and stable is usually preferred to the new code (take salt grain now) because new code invariably contains undiscovered bugs (depends on many factors though – not always).
I’d be remiss if I didn’t point out that security is a process and not a product (a famous security quote). You don’t get security by just loading the newest code. Many hacks started by people scamming valid credentials from support staff (so-called social engineering). Big topic. Anyway, best-regards.
*crickets*
Expected this one to be a long drawn out comment exchange, but the silence actually says more.
This issue being toss under rug buy the male porn star who may or may not have hiv.
Morning. Since this isn’t my blog, and I’ve been a bit busy with a sick friend, I only now checked in to see comments, after reading Mike’s latest posts.
@Abutnik I just reread what I’d written based on your comment. Clearly, I need to get better at proof reading 🙂 “is” was meant to be “isn’t”, and actually on rereading, a better way to have said what I was trying to get across would have been “.. the output of the filenames usually isn’t php”.
As I’m still just learning to program using Ruby this year, I’m not going to debate with you on php versions, as you probably do know more about that than I do. However in discussions with various programmers, I have heard that using the most recent version of software that is no longer in Beta testing is preferred, as there is less online documentation about ways to exploit that version.
I agree that security is a process, not a product. But I subscribe to the notion that Security Through Obscurity is an obsolete model. So it seriously disturbs me that there isn’t a security advisor on the APHSS advisory board. Nor has there been mention of implementing periodic independent security audits.
But the biggest issue in my eyes, is the flippant disregard that has been given to protecting performer’s legal names.
I understand that the issue of anonymity online is a hot topic right now. Rather than just giving up people’s privacy rights as a lost battle, I think it is important to stand up for what has been defined as a human right by the UN, in addition to defending the First Amendment of the US Constitution, which was also later declared a human right.
Saying that Maggie Mayhem (I think she is the original author) isn’t qualified to comment on APHSS because she is kinky (and was a sex educator at one point BTW) is like saying Peter Acworth isn’t qualified to speak on economic issues for the same reason (Peter has a masters in economics and completed part of a doctoral program in the same field). Everyone has the right to comment but please keep it civil. In my experience kinky people are generally more educated and cultured than the general population, many if not most in the kinky end of the biz have a bachelor’s degree or higher, so saying someone can’t make a educated comment because she “crushing mens privates for $” is a bit moronic to say.
I never said Maggie was not qualified to comment because she’s kinky. Anyone is qualified to have an opinion — that’s not what this was about.
In any case, my comment was addressed to Ms. Seraph, not Ms. Mayhem.
Speaking of civility, Ms. Seraph has the unique quirk of being very friendly and civil AT FIRST — right up until you give her an answer she doesn’t like, and then she goes apeshit. Perhaps you’ve encountered people like that. It’s called a personality disorder. I have never considered her a bad person — in fact I think she is a decent, good hearted person. But, like me at times, she flies off the handle — only I don’t come across as solicitous and sweet-as-pie at first only to then turn into a “mercurial count” (her self description) on a dime. That’s HER gift.
I’m tired of talking about her, really. She attacked both Joanne and me personally before I went after her. She had first contacted me asking for assistance with PWL, and I assisted her in any way I could. I had nothing against her (I’d never even heard of her) but, frankly, even if I’d hated her guts at that point I still would have helped her against PWL. It was only later that she went apeshit. I wish it hadn’t gone the way it did, but what’s done is done. I’ve learned from the experience, and I hope she has too. In all sincerity, I wish her the best of luck.
Apologies, then Michael. Those Twitter screencaps are notoriously difficult to read, especially for one who does not use Twitter. Having Bipolar I disorder (controlled by medication) myself, I know all too well about mental illness. Assuming you are correct (I do not know her personally), January would be a very “interesting” talent member to hire (possibly losing her temper in a severe manner responding to a normal request) — personality disorders such as Oppositional Defiant Disorder or Conduct Disorder (I have never experienced either one personally, fortunately) are not something to fuck with, people have actually been killed due to others with these disorders being untreated. I hope this observation is not a foreboding of something tragic in the future happening.
I hope so too, but I do not mean to imply that she’s some kind of ticking time-bomb. I lack the full factual record and the professional accreditation to make a medical / psychiatric diagnosis, and I’m no psychic — I can only report that she has a really lousy personality at times, even amongst people who are trying to help and/or have helped her, and that people would be well-served to be aware of this before engaging with her.
Let me clarify one thing: when she contacted me for guidance in the PWL matter, I already knew her feelings about FSC, I had already read statements of hers which to me indicated support for the .xxx extortion scheme, AND I knew she had already attacked Joanne personally, in multiple forums. But I corresponded with her anyway, hoping that these issues would not become a problem, and that she would not flip out on me too eventually; I did not assume it to be inevitable. There’s a great line in the movie Dead Again: “If fate works at all, it’s because people think that THIS time it isn’t going to happen.”
@mharris127 What you’re seeing here is a clash of beliefs about what direction the adult industry, specifically testing should be going. Unfortunately, rather than respond to my queries, answer questions, or discuss ideas with me, some people have just decided to resort to character assassination and defamation, citing unknown sources and invisible armies. And then there’s the usual anonymous trolls that have been sent my way online to annoy.
I will acknowledge that I was incredibly upset when I discovered the FSC really wasn’t interested in actively pursuing the defense or protection of adult performers while PWL was still up, and instead said they represent the adult industry’s interests, and referred me to sex worker outreach groups. I had been told and believed that the FSC represented the adult industry at large, not with the exception of adult performers. However, the nature of my remarks and responses since that first week have been about real issues, and ideas, not personal attacks, or defamatory and libelous statements about other people’s mental health or just statements which are catty, and directed in a very malicious way at a person. If I chose to engage in a war of baseless personal insults, I’d be as bad as those whose antics I’m fairly disgusted by right now, and it would devalue the ideas I’m trying to get across.
I have never had a problem with a director that has hired me, a tv network I’ve done segments for, nor have I had problems on set with anyone I’ve shot for my current site or previous network of sites.
I do stand up for myself. I do have opinions, some of which aren’t always popular with the “in” crowd. I’ve never been able to accept other groups’ propaganda at face value, so I research issues, and give them serious consideration before forming my own opinion. I don’t follow the herd, and if I think someone is wrong, I’ll tell them. Those qualities tend to be rather polarizing. People tend to either love me or hate me. Ultimately it doesn’t matter, because I like who I am, so I don’t really care what other people think. I do care if their baseless attempts to defame me potentially damage my career or professional reputation.
Clearly, the very topic of my particular niche in the adult world can seem very controversial and even threatening to some. And, some are quick to assert that an online persona which I created specifically for FemDom adult videos is all there is to me, without ever having met me. I guess I can see how that might be confusing, from afar. My life and interactions with people are very neutral for the most part, unless it’s someone who’s signed up to play D/s games with me, at which point it’s structured adult role play. That’s it.
I’m currently frustrated that my comment I made in the late morning of Aug 31st on this thread hasn’t been approved, yet this discussion is able to continue without my having an opportunity to respond. But that’s life. If I truly had a personality disorder, or was a danger, wouldn’t all hell have broken loose by now?
Best Regards,
January
Sept 2nd
Hello Michael,
Since you seem to have calmed down a bit and are being more reasonable at the moment, I’m open to discussing my views on the various topics you bring up. However, since the issue of .xxx is an entirely separate subject from APHSS, I’ll take the time to be thorough on writing my thoughts on each, and will post them as separate blogs.
APHSS is now directly related to one of the core metrics that the non profit I’m founding is based on, so I’ll post on that subject on http://AdultPerformerAdvocate.org . I’ll make sure to include our correspondence history as well, both in email and twitter.
Regarding Sony being hacked, they had repeatedly been warned that their security system was incredibly flawed. When a teenager hacked his PS3 for greater usability, Sony decided to sue him, and then Anonymous retaliated by exploiting the same security weaknesses that Sony was suing a minor over. I’m not saying it’s right, but Sony also sort of set themselves up to be the bad guy in that scenario, and repeatedly was warned of vulnerabilities, but did nothing to fix them. http://bit.ly/gfxNmb Apple recently tried a different approach with the kid who hacked the Iphones with JailBreakMe 2 and Jailbreak 3 which seems to be a more reasonable response http://onforb.es/qlPG0f
And then of course, it is important to note that the CIA wasn’t actually “hacked” in that none of their private records were accessed and exploited, however they were the victim of a DOS (Denial of Service) attacks which lasted several hours.
The new tld .XXX is an unrelated topic to APHSS, and has nothing to do with the purpose of APA, so I’ll post my thoughts on that on my own personal blog, as it’s solely my own opinion, and has no relation to the APHSS privacy issues I’m concerned about as a function of APA.
Regarding your girlfriend and the FSC, I think it’s sweet that you stick up for her the way that you do. Although, I’d personally be embarrassed if I needed my significant other to fix any disputes with other people for me. I’m happy to expand upon my correspondence with or statements about both Joanne and the FSC. But to reiterate, that’s a personal issue that is unrelated to APHSS and the privacy issues around it. So again, I’ll be posting that on my personal blog, so as not to get my personal feelings confused with the agenda Adult Performer Advocate, which is poised to quickly become a useful resource for adult performers.
As a side note about APA, there are other founding members who might make better senior members of the board than I, as I am aware that I can be quite polarizing to some groups and individuals. So I may just be a voting board member, and let someone else run the show, if we decide it would ensure a better response from the under represented community of adult performers that we’re looking to provide support to. I’m not on some mission for glory, I just think it’s something that needs to be done, no one else has stepped in to create something useful yet, so I feel compelled to start the process of growing a support network that will address the needs of performers from before they set foot on the first shoot, providing them better tools and resources to reduce harm and preserve their chances at leaving the adult industry unscathed, and providing resources and options on how to transition out one day, should they choose to do so.
I’ve got other priorities today and tomorrow, but you can check my respective websites for those specific blog posts by Monday evening.
Best Regards,
January
January refuses to acknowledge my kind words for her, except to write (in typical condescending style): “Since you seem to have calmed down a bit and are being more reasonable at the moment” — as if my criticisms had no validity and were UNreasonable simply because I was outraged at her. You’re an amateur, Ms. Seraph, and you have failed Rhetoric 101.
But this cow’s condescension continues: “I think it’s sweet that you stick up for her the way that you do. Although, I’d personally be embarrassed if I needed my significant other to fix any disputes with other people for me.” Who the fuck ever said that anyone NEEDED me to do anything? Ridiculing you is a pleasure for me. And YOU contacted ME, babe. Unlike other men you know, January, I don’t take marching orders from any women in my life. I’m not one of your fanboys (fanboi’s?) who wants to get pegged.
I love the part where you write that your own little website, Adult Performer Advocate, “is poised to quickly become a useful resource for adult performers.” Maybe Mike’ll even put you in his sidebar — then you’ll have “made it” for sure! You also note, “there are other founding members who might make better senior members of the board than I, as I am aware that I can be quite polarizing to some groups and individuals.” People would have to actually REGARD you and consider you relevant to be polarized over you. Few people in the adult industry could pick you out of a line-up. You’re not polarizing, you’re self-aggrandizing and ridiculous; it’s a distinction worth noting.
And you have still not answered my query: you’ve claimed repeatedly that private health data is included in the APHSS database. WHAT HEALTH DATA, January? Are you capable of answering a simple question? What medical data is in that database? You cannot answer because, as we all know, you pulled that claim out of your ass. There is NO medical data in the database.
And once again, I’m not surprised that you refuse to discuss .xxx sTLD here on Mike’s site. That’s just the kind of brave person you are.
Sigh. My responding to you at all was my acknowledgement Michael. Because after you hijacked Hollie’s interview on TheRealPornWikiLeaks.com (http://therealpornwikileaks.com/2011/08/hollie-stevens-refuses-to-grow-bush-starts-tree-on-fire/ ) I’d decided not having any direct communication with you would be the best choice. I was just reminded of that when I read your latest screaming response to me. So this is truly the last time I’ll say anything to you Mr Whiteacre.
1. Had I known that you had any affiliation with the FSC or Joanne when Cyndi Loftus sent me your way, I never would have spoken to you from the beginning. There has never been any begging on my end, nor has there been any abuse directed at you, only some questions, and civil correspondence.
2. I resent the anti-sex worker language you fling about at the drop of a hat, and the derogatory way that you characterize people, specifically men, that I play with. They are all extraordinary, strong people who deserve more respect than that.
3. Perhaps because you are too involved with creating more character assassination efforts aimed at me, you’ve neglected to read my concerns entirely.
“PornWikiLeaks hasn’t even been down for a month yet, but somehow memories seem to be fading of exactly what information was used against us to perpetuate that organized harassment and terror. For the majority of us, it wasn’t “health data” that fueled the fire of that hell, it was the mere linkage of our legal names with our performer names, which just happened to be obtained by a medical database breach.”
I’ve never said that APHSS has “health data” that puts as at risk. I’ve criticized the signup process, and the fact that there is an online repository with only adult performer’s legal names. Just having that online makes it a target.
Here are three suggestions, in the “spirit of detente”;
a) Place a warning disclaimer on the APHSS signup page advising performer’s to signup with an email address that doesn’t contain their performer name. Don’t ask them for their phone number on the signup page, or suggest they create a new google voice number if you feel that you need that.
b) Anonymizing legal names by turning them into a series of letters or numbers which is then posted online, would be a smart thing to do. Keep the database that contains the linkage of legal names and the assigned anonymized numbers or characters offline, so it’s not hackable.
As far as the blog posts I said I’d make- I retract the offer, given your latest round of hostility. Please direct your tirades elsewhere.
Oops. Just woke up. I meant “two suggestions”, not three. Yes, I can count 🙂
Ms. Seraph writes: ‘I’ve never said that APHSS has ‘health data’ that puts as at risk.” Read her tweets (if she hasn’t already deleted them). Even reading the Twitter screenshots above (with only my replies) demonstrates that I was responding to that very statement by her. She couldn’t answer me then and she can’t answer me now, so she tries to deny that she ever made that ridiculous claim. Yes, she did raise the issue of performer names, but it was mentioned IN ADDITION to a (false) claim about health data.
Perhaps that’s why, after I suggested she include the COMPLETE record, she changed her mind about making those posts…
This is like a three year-old closing her eyes and think she can’t be seen. You can’t tut-tut your actions, statements and positions into oblivion, Ms. Seraph.
I’m not hostile to sex workers, Ms. Seraph, I’m hostile to hypocrites, charlatans and the outrageously deranged. I vociferously support and promote the rights of sex workers. It’s YOU I have a problem with, not sex workers. As for the men you, ahh hemmm, “play with” — maybe we should let that one be . . . .
And I have news for you, Ms. Seraph: as someone who puts her image and likeness (even the image of her entire body), as well as her thoughts on issues of public concern, out before the public, and who offers personal services to members of the public, you have a diminished expectation of privacy. As soon as someone is recognizable in public, their expectation of privacy goes down. Period. You’re going to get recognized at the supermarket by someone — there’s no two ways about it. This doesn’t mean you have NO expectation of privacy, it means you have LESS of an expectation of privacy than private citizens who have not placed their likeness, philosophy and persona into the stream of commerce.
Your face and body are recognizable. You’ve appeared in magazines, fetish videos and porn videos (working with women as well as with what Mike and others here would consider dreaded male “crossover” performers). You create and contribute to advocacy websites and hold yourself out as a resource to others. You meet with members of the public, one or more of whom might conceivably follow you home or to another location. You are a recognizable (if marginal) figure. And your legal name, like it or not, constitutes truthful information.
That said, should you be harassed, attacked, threatened or extorted by virtue of these facts? ABSOLUTELY NOT. That’s why I opposed the evil of PWL. But you are not a purely private citizen, minding her own business, working at a book store in some small town. You have placed your image, your likeness, your writings, and a “persona” out before the public and into the stream of commerce.
As for the blog posts on the subject of .xxx I’d hoped you’d be brave enough to thoughtfully compose — don’t worry, I’ll collect your statements on .xxx FOR YOU, dear, and make them available to those who are interested in what you’re really all about. Who’s afraid of the truth, right?
Cordially,
MW