This is a Good read from http://www.adultperformeradvocate.org/2011/08/28/aphss-the-evolving-replacement-for-aim/
APHSS- The Evolving Replacement for AIM
**Please feel free to repost**
The FSC recently announced their program Adult Health & Safety Services, aka APHSS which is meant to be a replacement for the now defunct AIM.
Great:-) Monthly testing is the adult industry’s self imposed regulations that enable the risk of STI’s and HIV being dramatically reduced.
Ela Darling recently gave the following quote defending the industry’s protocol, as a rebuttal to Cal Osha’s attempts to force the use of condoms on set:
“As an adult performer in the porn industry, the proposed changes to Cal/OSHA frighten and infuriate me…. As an individual and as a performer, I would rather have unprotected sex with someone whom I know for sure has been tested for HIV, Gonorrhea and Chlamydia in the past thirty days, than have barrier-protected sex with someone whose STD status is either unknown or positive.” via AVN.com
The majority of the industry favors the option of choice in the use of condoms in conjunction with regular testing. So APHSS is a awesome, right?
Not the way it currently is set up.
The FSC claims that there is no linkage of performer names and legal names in the APHSS database, and that no “health data” is stored there, only the performer’s legal name and work availability.
PornWikiLeaks hasn’t even been down for a month yet, but somehow memories seem to be fading of exactly what information was used against us to perpetuate that organized harassment and terror. For the majority of us, it wasn’t “health data” that fueled the fire of that hell, it was the mere linkage of our legal names with our performer names, which just happened to be obtained by a medical database breach.
Maggie Mayhem realized this just last week when she became aware of painfully lingering online harassment efforts of a member of PWL that occurred months ago.
PWL used the linkage of her performer name and her legal name to spam the FaceBook profile page of her elementary school class, stating she (legal name) was a whore who went by Maggie Mayhem (performer name). The post had been made 5 months ago and was only discovered last week.
The following is from her twitter stream the day the revelation took place..
(Read from bottom to top)
Although adult performer’s legal names were gleaned from a medical database breach, the majority of the damage we sustained was due to legal name linkage, not the actual health data from the breach.
For some, that harassment didn’t stop at a mere one hateful paragraph template based wiki on the PornWikiLeaks site, it delved further into their lives, taking google earth images of their homes, digging up & posting private phone numbers, targeting the children of some adult performers, via the children’s facebook pages, or even worse, posting images of adult performer’s children on PornWikiLeaks itself.
Clearly, the issue isn’t just about “health data”. It’s also about your privacy, and the need to maintain anonymity, even if it’s a struggle.
The Free Speech Coalition posted via their twitter account, a link to the following article, entitled Do You Use Your Real Name Online? It’s an interesting article for them to post, perhaps it’s to condition adult performers for future potential personal privacy violation issues that APHSS may have a part in.
The initial “pre-registration” phase of APHSS asked for a performer’s legal name, performer name, and Driver’s License number, among other things.
Hmm.. wasn’t that the exact same info that was leaked during the AIM data breach, and subsequently provided the building blocks of PornWikiLeaks?
The signup process at the time I actually wrote this only asked for your email and legal name, which is a far cry better than the pre registration incarnation. However it now asks for your email, legal name, and phone number.
But there’s still the potential for real name linkage to your performer name, should anyone ever gain access to the log files that hold the registration information.
Hmmm… I didn’t see a warning on the signup page encouraging performers to use an email address that has no reference to their performer name, did you?
So APHSS must be safeguarding our personal information with air tight security, right?
It doesn’t appear that way to me.
On the FSC’s blog site, the following was stated as part of their announcement of APHSS, “Furthermore, we are very grateful to Dave Astels, who generously donated his time and database expertise“.
Ok, so who is Dave Astels?
Dave Astels until recently worked for EngineYard.com, has a Wikipedia.org page, and his own tech blog. His expertise is in database architecture, and he’s quite skilled at programming in Ruby from what I gather.
However, Dave Astels is not a security programmer or consultant, as is evident by his easily accessible blog file library.
Upon a recent statement and consequent query via twitter to the FSC stating that I hope they had a security programmer involved in the design of APHSS, I was first ignored by the FSC itself, and then attacked by a boyfriend of an FSC member, in a clear attempt to shame me into not raising concerns. It was pointed out to me a bit later that it’s kind of odd that the FSC lets him speak on behalf of the FSC, and yet, he claims to have no direct affiliation with them. Even more odd is the intensity of his rantings.
I realized there were a few I missed in the initial screencaps, so I utilized Topsy.com
So I took a superficial look at APHSS myself..
Please note that I am NOT a computer security expert, though I do know a few, and have gained an active interest ever since Porn Wikileaks.
When programming in Ruby, the output is usually PHP..
Upon easy query, it showed that APHSS runs on a very outdated version of php, version 5.2.1.
By going to php.net, I found that the most current version of php is 5.3.6
Here are a list of the vulnerabilities that have been updated since 5.2.1 was released.
Wow. ”Over 100 bug fixes”. That’s a whole lot of ways for someone who’s dedicated to get at the potential real names of adult performers. And that was actually a pretty easy breadcrumb trail to track, since my only qualifications are supposedly “crushing men’s privates for $”.
So when the FSC Membership Director Joanne Cachapero makes the following statement, “Our number one priority is the privacy and well-being of performers, as well as continuing health and safety standards for the protection of adult productions” as part of the announcement of the official launch of APHSS, what do you think of that statement?
APHSS has done one thing right so far by creating an advisory board that includes well known and articulate representatives from the adult performer community. ”The performer representatives are Jessica Drake, Bobbi Starr, Danny Wylde and Steve Cruz.… Performer Nina Hartley will serve as Educational Advisor.”
Maybe they finally grasped the idea of “with us, not for us” as it pertains to creating policy that effects a specific group of people.
Hopefully, the advisory board can impress upon them the importance of keeping adult performer’s legal names from being linked to their performer names, and take the “extraordinary measures” Mr Whiteacre scoffed at publicly to ensure that happens.