Posted on by Miss Brook$

Tryst 2FA Updates: Quit being stupid

Tryst has had to update their security protocols for advertisers. Seems that phishers are too successful at gaining access to accounts. Tryst is doing away with the emergency recovery code on a piece of paper—not because it’s not secure, but because it’s only as secure as the human holding the piece of paper. That human has to be smart enough not to fall for a phishing scam, which is the problem.

Seems that whoever is falling for the scams are falling hard, and Tryst is as insecure as it was before implementing 2FA and the recovery code due to this problem.

Who is falling for the phishers? Is it the OF girlies taking over the site? Other escorts? All the “male escorts” who are clearly so stupid as to think they have an actual market? I’d really like to know.

While I don’t expect Tryst to ever release the demographic info of who is being taken in by schemes and ruining it for the rest of us, Tryst certainly knows, and I wonder if they’re considering no longer offering advertising options for that group.

Or, if the culprits are spread amongst the population evenly enough that nobody is any more safe than anyone else and none of the advertising options change. I wonder if there are repeat victims and if Tryst can just kick them off the platform because they clearly aren’t able to figure out what’s a phishing attempt vs an actual contact.

What Tryst is doing

Screenshot of message on my advertiser dashboard.

As of today: canceling everyone’s emergency code (you can toss that piece of paper!).

If you get locked out of your account, the recovery process now involves calling and talking to Customer Support to get access again. This way, they can verify that you are the account-holder and you can verify that you’re not giving a scammer access to your account.

Tryst Customer Support, long renowned for being slow and unresponsive, is going to get even slower due to the onslaught of stupidity requiring them to reauthenticate accounts all the time, since the phishing of Tryst advertisers is very successful, apparently.

Tryst still requires the 2FA login, with the same options as it always has had. However you currently log in now is still going to work, and that process will not change. The only part that changes is that if you’re locked out, you now have to contact their Customer Service.

(Wasn’t the original reason they implemented 2FA was to cut down on the volume of phishing victims losing their accounts, calling Customer Service for help and clogging it up? Wasn’t that piece of paper supposed to make account recovery more self-service? And now they’re having to revert back to Customer Service calls because some advertisers remain morons?)

Suggested security options: Passkeys and physical security tokens

Tryst strongly suggests you use a passkey to secure your account, if you aren’t already.

Creating passkeys on Apple devices often utilize your biometrics. In the US, biometric data is accessible by police across all 50 states. It’s also a very hot commodity that every corporation, like Apple, wants to get their hands on. (We all know that corporations are secure from hacking and extremely ethical in what they do with your personal information.)

Biometric passkeys are probably not a good option for sex workers anywhere. It’s not a good option for anyone, IMO. Giving someone access to your biometrics, for free, to log into a website, is nuts.

If you can get away with creating a passkey that involves something other than your biometrics (e.g. a long password), then it’s as solid an option as any other 2FA option offered. If the creation of the passkey involves your biometrics, give it some thought before creating it.

Another suggested option is a physical security token. These work like authenticator apps, but in physical form (i.e. a fancy USB stick). They were suggested as one of the original 2FA options when Tryst made that change. A physical token is an actual devices that costs money and can be lost, your biometrics are free to you and usually don’t change.

At this time, anything that requires a password to unlock/use cannot be compelled by police. Your biometrics are collected by police as a normal part of their work (i.e. mugshots, fingerprints) and are not legally protected.

My security suggestions

Right now, Tryst is not requiring that everyone switches to using passkeys and/or physical security tokens, which is good. Both have risks of being lost and/or compromised by others; this is the risk of any type of redundancy. You can only have so many systems in place to pick up the slack of another system breaking before it gets ridiculous. Not only is nothing online ever 100% secure (because that’s the nature of being connected to other computers), everything is fallible to human error because humans are fallible.

Apparently, the humans advertising on Tryst are extremely fallible.

If you’re still confused after reading this post and reviewing all the information Tryst has published (which I’ve linked to), I’m not sure what to do. I can’t offer much help beyond what I’ve said here and in my original Tryst 2FA post (where I review their 2FA options from the perspective of a US-based sex worker). I don’t like any of this, but I also need to keep advertising.

Honestly though, if this information is too confusing for you, you may be susceptible to phishing and probably should advertise another way, instead of endangering the rest of us. My tolerance for stupidity is at low ebb and only likely to get lower. Get up to technological speed first before moving your business online.

One easy way to defeat phishers/scammers

What I suggested in my other post still stands: use a separate email address, with auto-response, for your Tryst ad and direct potential clients to your website. This means you never have to check that email and you won’t see phishing scams that may tempt you into doing something you regret.

Serious clients will go to your site, anyway. You won’t lose money. (You can put as many links, photos, videos and touring/incall/outcall information into your auto-response that you want, which may offer options you don’t have with your Tryst ad.)

Turn off your Tryst Contact/Message option. Force clients to contact you through your proper channels: your real work email, your form, or even a phone number you only list on your website. Phishers and time-wasters won’t bother because they like low-hanging fruit. Being a little bit annoying at the start of the process stops them and won’t stop someone who actually wants to book you.

There may be a way to set up auto-response texting on your phone. I don’t know because I don’t use my phone this way, and haven’t looked into it. I know that scammers will text phone numbers on MegaPersonals, I assume they do the same with Tryst ads. Utilizing an email/auto-response system is the best way to avoid scammers who use Tryst if there’s no way to do the same with phone numbers.

Create a 100% free Linktree account, and post it to your ad. (At this time, Linktree is the only link-in-bio site that Tryst allows to be posted on your ad.) You can post any link, add photos, videos, plain text and phone numbers to your Linktree page and remain within your free limits.

If you don’t have a website, try using Linktree as a pseudo-site to give clients information, including the contact information you want them to use.

Essentially, any sort of roadblock you can utilize that will stop scammers but not be a problem to actual clients is the method you should use. This is the same concept as finding certain items in an image: to verify you’re human and not a bot. It’s the same idea. You need to be able to screen out non-clients at the very first contact so you don’t fall for phishes/scams (with the bonus of helping to weed out time-wasters and pimps, too).

Avoiding phishers/scammers means you avoid jeopardizing your account, and the entire Tryst platform. I’ve sometimes looked at my auto-response email account and it’s 80-90% scam emails, which I never see because it’s not my actual work email for clients to use.

There is a small percentage of clients who never contact me, usually because they’re trying to book last-minute in the middle of the night, so I’m still not losing any money by using this method. I fall in the mid-range right now, there is nothing extraordinary about how my work is structured. It minimizes my risks to everything as much as possible, while still being accessible to those who want to book me.

While there are things I should be doing to be more competitive in the market, none of those things revolve around lowering my risk levels. Being accessible to phishers/scammers isn’t even about boundaries, it’s about life on the Internet and being smart about minimizing risk.

There’s no grand concluding statement, other than: you hoes need to stop being stupid.

Posted on by Miss Brook$

moving past the backpage shutdown

Welp, that was inevitable.

When I was touring a few months ago, and Carl Ferrer, the CEO of Backpage, was arrested, I had about $800 of credit in my account. I started spending and not replenishing because I knew BP wouldn’t last much longer. As of today, I have less than $200 in my account. I have no way of getting that money back, that I know of, but at least it’s still there and it’s not very much, really.

Read more
Posted on by Miss Brook$

verified vs reviewed

The Suzy Hamilton scandal begs tons of comment, mostly about the civilians who can’t wait to wag their tongues on something they know nothing about. If I’ve read the articles and comments correctly, it appears Suzy is insane and not only invented the concept of prostitution, she is the first prostitute in America, the first escort who is a mother and wife, the first American female athlete to be involved in scandal and certainly the first Olympic athlete to make money by using her body…oh wait, nevermind all that.

One thing that did cross my mind was the matter of her reviews. I’m tossing out an idea in the hopes that someone will run with it. Over the years, I’ve been contacted by people wanting to start review/discussion boards or advertising malls. I’ve never been completely enthused with any proposed idea because it’s all been done before. Please, for once, steal this!! (Instead of just posting somewhat-altered excerpts of my books on your site for content.)

verified escorts

This is a very simple concept that requires very little start-up capital, relatively little in the way of operating expenses and will turn a profit because the concept will be embraced. Instead of reviews — which get reprinted in a scandal or used as evidence for arrest — an escort gets verified as legitimate. All that means is the “verifier” (not “reviewer”) checks a few Yes or No questions. The questions would revolve around the concept of paying for time, not sex. Selling time is perfectly legal. Selling sex is not. The only thing being verified is that the escort sold her time as promised. Verification without incrimination.

The concept would attract almost all escorts. Everyone wants to be seen as legit. The problem with reviews is that it cuts out a lot of escorts who are averse to having intimate moments splashed all over the public domain. It’s a very sane concern. Being verified as legitimate without public embarrassment is an idea whose time has come. I haven’t seen anything like this yet, but would certainly like to.

There isn’t any real point to review sites, other than providing circle-jerk fodder for the hobbyists who live and die by what another man says. A lot of escorts don’t enjoy being part of that, even if they allow reviews. They go along with reviews because it supposedly legitimizes their business, while giving up a lot of autonomy to the individual reviewers and the review site itself. The solution is obvious: a site that legitimizes their business without degradation or incrimination. Of course, such a site would get a ton of backlash from hardcore hobbyists because it removes a lot of their power. I imagine a lot of escorts would like the site for that very reason.

But I can also see the site attracting clients who aren’t hobbyists and aren’t enchanted by the review culture either. If they can discreetly verify an escort without having to write a porn-script about their time together, I think they would. Good clients have nothing against helping out the business of an escort they like, they just don’t want to leave an incriminating, embarrassing trail of their own. It’s a very sane concern. There are a lot of those men out there. I know, I’ve met them. So have other escorts.

the site

The site would keep it simple. No forums, no private messaging. Everyone has a public profile, there are no hidden portions of their profiles or anything else on the site (except, of course, personal control panels). The whole point of the site would be simplicity and as much transparency as possible.

A bare bones site would keep administrative costs down. No memberships would be sold; money would be made by selling ad-space (banner or badge ads) to escorts. No ads for sex sites, porn sites, cam sites or sugardaddy sites because these things not only trash the appeal of the verification site but escorts are tired of competing with these other sites for attention on escort-centric sites. (I could see this branching into the sugardaddy territory because that industry needs something like this, desperately. Would be best as a separate site since some of the concerns are different.) Do nothing that requires ID, nothing that requires any sort of 2257 statement, nothing that requires monitoring and censoring text. Make the escort directory extensive but extremely affordable. Make receiving payments simple and as diverse as possible: money orders, Moneypaks, wire transfers, prepaid credit cards, Paypal.

The yearly costs of operating such a site would be low compared to the typical huge review/discussion site, so a profit could probably be turned in the first year. Though the site probably won’t make the money a huge review site does, neither would it get as legally complicated for everyone either. As with anything in life, the more complex something is, the more people involved, the more problems will arise. Keeping it simple cuts a lot of that risk.

Everyone’s public profile would have an automatic running tally of positive vs failed verifications (a No to any question is a fail). The idea of making the profiles public creates transparency and removes finance from the equation. The site makes money from its advertising space, not by skewing the verification game or treading the lines of public incrimination.

Granted, this site would run into the problem of false verifications. But so what? Offering a free membership in exchange for reviews leads to rampant fake reviews. Review boards aren’t perfect and so far, they’ve caused more problems than they seem to solve — usually due to the interactive nature of the boards and the explicit, public nature of the reviews. Take away those issues and what’s left should be a much smoother experience for everyone.

The beauty of simplicity is that the same Yes or No questions could apply to all sorts of adult entertainment providers: social-only escorts, BDSM, massage, private dancers, etc. Every provider’s public profile would link to their main ad or their website, which takes all the guesswork out of how they entertain. It means the site isn’t responsible for deciding who does what based on a set of possibly-incriminating criteria.

The site, by its low-key nature, would probably attract a slightly more discreet crowd than the average review site, but that’s okay. There’s a market for it, one whose needs are absolutely not being met.

the verifiers

Verifiers could choose the names they have on review boards, if they wished. They would be allowed a public profile page where they could list other boards they’re members of, if any. They would answer a few key Yes or No questions about the provider:

  • Was she as described?
  • Is she who she says she is?
  • Did she screen you?
  • Did she arrive on time?
  • Did you feel safe with her?
  • Was her rate the same as on her website? (i.e. No mandatory tipping, no upselling)
  • Is she legit?
  • Would you recommend her to others?

Once positively verified (by a Yes to all the questions), the provider would get a badge she could put anywhere on her site.

To me, the screening question is important. Responsible providers screen (the word itself is open to broad interpretation). A responsible provider is likelier to not only be legit but overall safer and more secure for her clientele. Most clients agree some level of security and risk-minimization is important to them.

If the site wanted to be really simple, it would just ask the “legit” question and leave it at that.

the escorts/providers

Escorts would be allowed to create their own public profile and even enter themselves on a list of those who wish to be verified. Men often get a lot of an escort’s details wrong, so it’s just easier to allow escorts to enter their own info. Naturally, they get to verify the verifiers. Their questions would be similar in nature:

  • Was he as described?
  • Is he who he says he is?
  • Was he on time?
  • Did you feel safe with him?
  • Did he pay as agreed?
  • Would you see him again?
  • Would you recommend him to other escorts?

Once positively verified by an escort (by a Yes to all the questions), he gets a positive verification on his public profile.

The site wouldn’t be a substitute for proper screening, not if the site is kept simple. It helps verify a particular man, that’s all. There would be no way to enter any particular man as a bad client because it doesn’t function as a blacklist either.

can’t wait for someone to run with this idea

No, I’m not interested in doing it myself, I have more than enough on my plate right now. I’ve no doubt there are issues I haven’t thought of yet, though I feel the basic concept and outline I’ve provided here is sound. It’s at least as sound as what’s currently going on, and certainly not any worse!

I like the “less is more” approach because it usually yields the best solutions for an issue. I like the Gordian Knot solution to many problems. This is kind of both. It cuts right to the heart of the matter: legitimacy, without all the extraneous complications that can make everyone’s life miserable. I’m not claiming this site would somehow magically lift Internet escorting to a whole new level, only that it would solve an obvious problem that has existed for a long time and shows no signs of improving.

Posted on by Miss Brook$

making escorts do…[whatever]

I need to get back to writing again, so I’m doing a couple posts about online escorts issues.

getting what you really want at a lower rate

I received advertising spam from a combination info-blog/advertising mall except they don’t seem to actually have any escorts signed up with them (they also seem geared toward agencies, not indies). I’m not sure why I got spammed, but the site was entertaining nonetheless. Their stated purpose is to teach clients “learn how to negotiate with escorts the right way to get what you really want. Don’t risk getting ripped off or going to jail.”

Escorts have an adverse reaction to the word negotiate. It’s a business. You pay what the businessperson is charging or seek to engage another businessperson. If you can’t afford Escort A, then there is probably the very-affordable Escort B advertising in Escort A’s city — all you have to do is reach out and email. Don’t haggle with Escort A because that won’t get you anywhere except possibly a complaint on a ladies’ board; just email Escort B and arrange a booking with the escort you can afford.

As for teaching male clients how to “get what they really want” I would highly suggest finding an escort whose personality turns you on, go in without heavy expectations and let the experienced professional do her job without getting in her way (she’s going to try to make you very happy). See her again and again and pretty soon you have exactly the experience you want — quite possibly surpassing your original expectations. (I touch on this subject a bit more here.)

Or…you could send an escort a detailed letter of every little thing you expect from her and every little thing you want her to do — and never see her. She may post this letter on a national ladies’ board for the laughs (or you could live in infamy online as a time-waster), which could mean you don’t see any escort in her city. Or you send copies of this letter to every escort in a single city, effectively screwing yourself out of seeing any escort in that city.

That’s how “getting what you really want” really works in really real life.

Read more

Posted on by Miss Brook$

what are you really paying for? 2

Another online advertiser that’s been around for years has never changed one highly offensive paragraph on their site. They offered me a free ad a long time ago but when I read through their site, I decided they weren’t for me. They’re still in business, so they must be doing something right. I’ve just wanted to write about this one for a few years.

Though they give some basic common-sense advice to potential advertisers, they offer to re-write your ad to appeal to “upscale clientele”. Fair enough. But do “upscale” clients visit this site? I question this because…they immediately follow the mini-advertising lesson with making sure a girl understands to price herself “reasonably” because clients aren’t going to pay good money to take her out on (movie, yachting, dinner, etc.) dates if she expects to be well-compensated for every hour even if she doesn’t “have to take her clothes off.” They think an escort should only charge a lot per hour if she’s entertaining a bachelor party of 30+ guys (and I guess a smaller bachelor party doesn’t count). Which every escort I know does every weekend (rolling my eyes).

Read more