Posted on by Miss Brook$

Tryst 2FA Updates: Quit being stupid

Tryst has had to update their security protocols for advertisers. Seems that phishers are too successful at gaining access to accounts. Tryst is doing away with the emergency recovery code on a piece of paper—not because it’s not secure, but because it’s only as secure as the human holding the piece of paper. That human has to be smart enough not to fall for a phishing scam, which is the problem.

Seems that whoever is falling for the scams are falling hard, and Tryst is as insecure as it was before implementing 2FA and the recovery code due to this problem.

Who is falling for the phishers? Is it the OF girlies taking over the site? Other escorts? All the “male escorts” who are clearly so stupid as to think they have an actual market? I’d really like to know.

While I don’t expect Tryst to ever release the demographic info of who is being taken in by schemes and ruining it for the rest of us, Tryst certainly knows, and I wonder if they’re considering no longer offering advertising options for that group.

Or, if the culprits are spread amongst the population evenly enough that nobody is any more safe than anyone else and none of the advertising options change. I wonder if there are repeat victims and if Tryst can just kick them off the platform because they clearly aren’t able to figure out what’s a phishing attempt vs an actual contact.

What Tryst is doing

Screenshot of message on my advertiser dashboard.

As of today: canceling everyone’s emergency code (you can toss that piece of paper!).

If you get locked out of your account, the recovery process now involves calling and talking to Customer Support to get access again. This way, they can verify that you are the account-holder and you can verify that you’re not giving a scammer access to your account.

Tryst Customer Support, long renowned for being slow and unresponsive, is going to get even slower due to the onslaught of stupidity requiring them to reauthenticate accounts all the time, since the phishing of Tryst advertisers is very successful, apparently.

Tryst still requires the 2FA login, with the same options as it always has had. However you currently log in now is still going to work, and that process will not change. The only part that changes is that if you’re locked out, you now have to contact their Customer Service.

(Wasn’t the original reason they implemented 2FA was to cut down on the volume of phishing victims losing their accounts, calling Customer Service for help and clogging it up? Wasn’t that piece of paper supposed to make account recovery more self-service? And now they’re having to revert back to Customer Service calls because some advertisers remain morons?)

Suggested security options: Passkeys and physical security tokens

Tryst strongly suggests you use a passkey to secure your account, if you aren’t already.

Creating passkeys on Apple devices often utilize your biometrics. In the US, biometric data is accessible by police across all 50 states. It’s also a very hot commodity that every corporation, like Apple, wants to get their hands on. (We all know that corporations are secure from hacking and extremely ethical in what they do with your personal information.)

Biometric passkeys are probably not a good option for sex workers anywhere. It’s not a good option for anyone, IMO. Giving someone access to your biometrics, for free, to log into a website, is nuts.

If you can get away with creating a passkey that involves something other than your biometrics (e.g. a long password), then it’s as solid an option as any other 2FA option offered. If the creation of the passkey involves your biometrics, give it some thought before creating it.

Another suggested option is a physical security token. These work like authenticator apps, but in physical form (i.e. a fancy USB stick). They were suggested as one of the original 2FA options when Tryst made that change. A physical token is an actual devices that costs money and can be lost, your biometrics are free to you and usually don’t change.

At this time, anything that requires a password to unlock/use cannot be compelled by police. Your biometrics are collected by police as a normal part of their work (i.e. mugshots, fingerprints) and are not legally protected.

My security suggestions

Right now, Tryst is not requiring that everyone switches to using passkeys and/or physical security tokens, which is good. Both have risks of being lost and/or compromised by others; this is the risk of any type of redundancy. You can only have so many systems in place to pick up the slack of another system breaking before it gets ridiculous. Not only is nothing online ever 100% secure (because that’s the nature of being connected to other computers), everything is fallible to human error because humans are fallible.

Apparently, the humans advertising on Tryst are extremely fallible.

If you’re still confused after reading this post and reviewing all the information Tryst has published (which I’ve linked to), I’m not sure what to do. I can’t offer much help beyond what I’ve said here and in my original Tryst 2FA post (where I review their 2FA options from the perspective of a US-based sex worker). I don’t like any of this, but I also need to keep advertising.

Honestly though, if this information is too confusing for you, you may be susceptible to phishing and probably should advertise another way, instead of endangering the rest of us. My tolerance for stupidity is at low ebb and only likely to get lower. Get up to technological speed first before moving your business online.

One easy way to defeat phishers/scammers

What I suggested in my other post still stands: use a separate email address, with auto-response, for your Tryst ad and direct potential clients to your website. This means you never have to check that email and you won’t see phishing scams that may tempt you into doing something you regret.

Serious clients will go to your site, anyway. You won’t lose money. (You can put as many links, photos, videos and touring/incall/outcall information into your auto-response that you want, which may offer options you don’t have with your Tryst ad.)

Turn off your Tryst Contact/Message option. Force clients to contact you through your proper channels: your real work email, your form, or even a phone number you only list on your website. Phishers and time-wasters won’t bother because they like low-hanging fruit. Being a little bit annoying at the start of the process stops them and won’t stop someone who actually wants to book you.

There may be a way to set up auto-response texting on your phone. I don’t know because I don’t use my phone this way, and haven’t looked into it. I know that scammers will text phone numbers on MegaPersonals, I assume they do the same with Tryst ads. Utilizing an email/auto-response system is the best way to avoid scammers who use Tryst if there’s no way to do the same with phone numbers.

Create a 100% free Linktree account, and post it to your ad. (At this time, Linktree is the only link-in-bio site that Tryst allows to be posted on your ad.) You can post any link, add photos, videos, plain text and phone numbers to your Linktree page and remain within your free limits.

If you don’t have a website, try using Linktree as a pseudo-site to give clients information, including the contact information you want them to use.

Essentially, any sort of roadblock you can utilize that will stop scammers but not be a problem to actual clients is the method you should use. This is the same concept as finding certain items in an image: to verify you’re human and not a bot. It’s the same idea. You need to be able to screen out non-clients at the very first contact so you don’t fall for phishes/scams (with the bonus of helping to weed out time-wasters and pimps, too).

Avoiding phishers/scammers means you avoid jeopardizing your account, and the entire Tryst platform. I’ve sometimes looked at my auto-response email account and it’s 80-90% scam emails, which I never see because it’s not my actual work email for clients to use.

There is a small percentage of clients who never contact me, usually because they’re trying to book last-minute in the middle of the night, so I’m still not losing any money by using this method. I fall in the mid-range right now, there is nothing extraordinary about how my work is structured. It minimizes my risks to everything as much as possible, while still being accessible to those who want to book me.

While there are things I should be doing to be more competitive in the market, none of those things revolve around lowering my risk levels. Being accessible to phishers/scammers isn’t even about boundaries, it’s about life on the Internet and being smart about minimizing risk.

There’s no grand concluding statement, other than: you hoes need to stop being stupid.

Posted on by Miss Brook$

face or no face?

Vanessa D’Alessio wrote a great piece over at TitsandSass around the issue of showing your face in conjunction with your online escort work. My response got eaten by the Intertubes, I think. Instead of reposting, I decided to expand on it a little here.

This article has been at the back of my mind since I read it last week. My arc has been slightly different than hers. When I started stripping, I was fairly out and allowed myself to be photographed, topless, for one of my club’s websites (back when the Internet was indeed tubes that connected computers using gerbils and string). They never removed the picture despite repeated requests, even after I left stripping and began escorting. (It was later removed only because they redid their site.)

Read more

Posted on by Miss Brook$

reactions v

getting paid on time

One thing sex workers have going for us is that we get paid on time. Smart ones get paid upfront (this is standard for most, but not all, of the world). While I’ve often compared mentally freelance writing work with sex work, they’re only now catching up to the pay-upon-completion model. Not the same as pay-upfront, more like pay-as-you-go but for a legal occupation, it’s a huge step forward.

make an authentic logo

Too funny! Hipster logos!

speaking of authentic

Yes, that guy I mentioned in the first section did indeed make another one of his damned “authentic” posts. I cursed at the monitor for subjecting me to it, then unsubscribed. I’ve added a couple new non-sex-work blog subscriptions and am much happier. Thank you, non-authentic bloggers, for writing more of what I like reading.

Read more

Posted on by Miss Brook$

reactions ii

anti-porn parenting tips

A porn actress found Jesus and now finds Jesus for others. She provides helpful hints for parents as to why their little girls might become a porn actress. She and I agree that bad parenting (especially abuse), contributes to problems. She almost gets it in #4, except she decides to define prostitution vs pornography (in order to let everyone know she’s not a prostitute), instead of focusing on the fact that juvenile prostitution is nearly always caused by abusive parents or parents who have kicked their children out of their home. I’ve said it for years: underage prostitution could be eradicated almost entirely by focusing the law on abusive parents and having more readily available resources for abused or homeless children. (This would also remove underage trafficking and lots of people would be out of well-paying jobs and grant money.)

Read more

Posted on by Miss Brook$

national geographic: sex for sale

Some of you are aware that I appeared on a National Geographic documentary that first aired in February. Now the rest of you are aware. Once again, my brush with mainstream media is generally negative. Eventually I’ll learn.

natgeo 2009

NatGeo spoke to me in April 2009 about appearing on their Taboo series. One of their episodes was going to cover sex work. Though I spoke for 90 minutes on the phone with Kate Witchard and emailed with her, they decided not to use me. This was right before I was beginning my travels and I pitched the idea to her, but she told me National Geographic wasn’t interested in following a working escort around the world.

Utter waste of time. I don’t take kindly to having my brain picked for free. (Shortly after, someone whom I suspect was producing the Belle de Jour series wanted to do that too so I quoted a price and never heard back.)

natgeo 2012

Last summer I was approached by NatGeo again. I was not interested. Daniele Anastasion, the producer, assured me this was a stand-alone documentary focusing on the US and the legal issues surrounding prostitution. After back and forth emails, I agreed to a 5 minute phone call that turned into 45. It seemed okay and I agreed to it. Of course they weren’t going to pay me a dime. (It’s a documentary! They wouldn’t do something so icky as pay for interviews!) No makeup provided either. But it seemed like it would be intelligent. It’s National Geographic, after all.

We settled on a shooting date. They weren’t thrilled about having to come to Dallas but since they weren’t paying me to show up anywhere else, Dallas was it. They wanted to shoot an interview — which was the point. They also wanted to shoot “B-roll,” which is silent footage that shows up in the background with interviewed voiceovers. This is where it started getting to be a bit much.

Read more