Posted on by Miss Brook$

Tryst 2FA Updates: Quit being stupid

Tryst has had to update their security protocols for advertisers. Seems that phishers are too successful at gaining access to accounts. Tryst is doing away with the emergency recovery code on a piece of paper—not because it’s not secure, but because it’s only as secure as the human holding the piece of paper. That human has to be smart enough not to fall for a phishing scam, which is the problem.

Seems that whoever is falling for the scams are falling hard, and Tryst is as insecure as it was before implementing 2FA and the recovery code due to this problem.

Who is falling for the phishers? Is it the OF girlies taking over the site? Other escorts? All the “male escorts” who are clearly so stupid as to think they have an actual market? I’d really like to know.

While I don’t expect Tryst to ever release the demographic info of who is being taken in by schemes and ruining it for the rest of us, Tryst certainly knows, and I wonder if they’re considering no longer offering advertising options for that group.

Or, if the culprits are spread amongst the population evenly enough that nobody is any more safe than anyone else and none of the advertising options change. I wonder if there are repeat victims and if Tryst can just kick them off the platform because they clearly aren’t able to figure out what’s a phishing attempt vs an actual contact.

What Tryst is doing

Screenshot of message on my advertiser dashboard.

As of today: canceling everyone’s emergency code (you can toss that piece of paper!).

If you get locked out of your account, the recovery process now involves calling and talking to Customer Support to get access again. This way, they can verify that you are the account-holder and you can verify that you’re not giving a scammer access to your account.

Tryst Customer Support, long renowned for being slow and unresponsive, is going to get even slower due to the onslaught of stupidity requiring them to reauthenticate accounts all the time, since the phishing of Tryst advertisers is very successful, apparently.

Tryst still requires the 2FA login, with the same options as it always has had. However you currently log in now is still going to work, and that process will not change. The only part that changes is that if you’re locked out, you now have to contact their Customer Service.

(Wasn’t the original reason they implemented 2FA was to cut down on the volume of phishing victims losing their accounts, calling Customer Service for help and clogging it up? Wasn’t that piece of paper supposed to make account recovery more self-service? And now they’re having to revert back to Customer Service calls because some advertisers remain morons?)

Suggested security options: Passkeys and physical security tokens

Tryst strongly suggests you use a passkey to secure your account, if you aren’t already.

Creating passkeys on Apple devices often utilize your biometrics. In the US, biometric data is accessible by police across all 50 states. It’s also a very hot commodity that every corporation, like Apple, wants to get their hands on. (We all know that corporations are secure from hacking and extremely ethical in what they do with your personal information.)

Biometric passkeys are probably not a good option for sex workers anywhere. It’s not a good option for anyone, IMO. Giving someone access to your biometrics, for free, to log into a website, is nuts.

If you can get away with creating a passkey that involves something other than your biometrics (e.g. a long password), then it’s as solid an option as any other 2FA option offered. If the creation of the passkey involves your biometrics, give it some thought before creating it.

Another suggested option is a physical security token. These work like authenticator apps, but in physical form (i.e. a fancy USB stick). They were suggested as one of the original 2FA options when Tryst made that change. A physical token is an actual devices that costs money and can be lost, your biometrics are free to you and usually don’t change.

At this time, anything that requires a password to unlock/use cannot be compelled by police. Your biometrics are collected by police as a normal part of their work (i.e. mugshots, fingerprints) and are not legally protected.

My security suggestions

Right now, Tryst is not requiring that everyone switches to using passkeys and/or physical security tokens, which is good. Both have risks of being lost and/or compromised by others; this is the risk of any type of redundancy. You can only have so many systems in place to pick up the slack of another system breaking before it gets ridiculous. Not only is nothing online ever 100% secure (because that’s the nature of being connected to other computers), everything is fallible to human error because humans are fallible.

Apparently, the humans advertising on Tryst are extremely fallible.

If you’re still confused after reading this post and reviewing all the information Tryst has published (which I’ve linked to), I’m not sure what to do. I can’t offer much help beyond what I’ve said here and in my original Tryst 2FA post (where I review their 2FA options from the perspective of a US-based sex worker). I don’t like any of this, but I also need to keep advertising.

Honestly though, if this information is too confusing for you, you may be susceptible to phishing and probably should advertise another way, instead of endangering the rest of us. My tolerance for stupidity is at low ebb and only likely to get lower. Get up to technological speed first before moving your business online.

One easy way to defeat phishers/scammers

What I suggested in my other post still stands: use a separate email address, with auto-response, for your Tryst ad and direct potential clients to your website. This means you never have to check that email and you won’t see phishing scams that may tempt you into doing something you regret.

Serious clients will go to your site, anyway. You won’t lose money. (You can put as many links, photos, videos and touring/incall/outcall information into your auto-response that you want, which may offer options you don’t have with your Tryst ad.)

Turn off your Tryst Contact/Message option. Force clients to contact you through your proper channels: your real work email, your form, or even a phone number you only list on your website. Phishers and time-wasters won’t bother because they like low-hanging fruit. Being a little bit annoying at the start of the process stops them and won’t stop someone who actually wants to book you.

There may be a way to set up auto-response texting on your phone. I don’t know because I don’t use my phone this way, and haven’t looked into it. I know that scammers will text phone numbers on MegaPersonals, I assume they do the same with Tryst ads. Utilizing an email/auto-response system is the best way to avoid scammers who use Tryst if there’s no way to do the same with phone numbers.

Create a 100% free Linktree account, and post it to your ad. (At this time, Linktree is the only link-in-bio site that Tryst allows to be posted on your ad.) You can post any link, add photos, videos, plain text and phone numbers to your Linktree page and remain within your free limits.

If you don’t have a website, try using Linktree as a pseudo-site to give clients information, including the contact information you want them to use.

Essentially, any sort of roadblock you can utilize that will stop scammers but not be a problem to actual clients is the method you should use. This is the same concept as finding certain items in an image: to verify you’re human and not a bot. It’s the same idea. You need to be able to screen out non-clients at the very first contact so you don’t fall for phishes/scams (with the bonus of helping to weed out time-wasters and pimps, too).

Avoiding phishers/scammers means you avoid jeopardizing your account, and the entire Tryst platform. I’ve sometimes looked at my auto-response email account and it’s 80-90% scam emails, which I never see because it’s not my actual work email for clients to use.

There is a small percentage of clients who never contact me, usually because they’re trying to book last-minute in the middle of the night, so I’m still not losing any money by using this method. I fall in the mid-range right now, there is nothing extraordinary about how my work is structured. It minimizes my risks to everything as much as possible, while still being accessible to those who want to book me.

While there are things I should be doing to be more competitive in the market, none of those things revolve around lowering my risk levels. Being accessible to phishers/scammers isn’t even about boundaries, it’s about life on the Internet and being smart about minimizing risk.

There’s no grand concluding statement, other than: you hoes need to stop being stupid.

Posted on by Miss Brook$

After “after hours”

I’ve been wanting to change up this blog for years. Getting more personal online is uncomfortable. Having more privacy yet retaining the audience I’ve built is the goal. Getting paid is ideal.

I’ve looked at Patreon and discarded it so many times in the last few years. There’s Substack, which almost persuaded me. But, in the end, it’s still a digital blog, same form and format, just with a little money thrown in. There’s nothing substantially different between it and my free Tweeting, or my free-to-read posts here. I am stuck with my working-class mindset: value must be given to the paying customer. It’s an honest mindset, even if somewhat limiting.

Then a side project I was developing took shape and I realized it would suit Amanda perfectly, instead. What am I if not a writer? Do I not claim I’m an artist, too? I should write, and create with writing.

In the spirit of contrariness, which has inspired most life choices, I have gone headlong the opposite direction from current, popular wisdom.

When people throw everyone online for “transparency,” that is the time to go private. When all communication is moved online, it’s time to move off.

Instead of a TinyLetter, an Actual Letter.

This comes from my stated desire to make money from my blogging, the rediscovered need to be creative without staring at a screen all day, and the pleasure of intimacy within certain boundaries, familiar to many sex workers. I earn a steady income from my blogging, which my creditors also enjoy — with more-inspired, regular writing to a smaller, appreciative audience.

Yes, someone whose normal handwriting really does look like shorthand has taken up the dip pen, found some nibs that work, and is developing something legible (and I aspire to real beauty, with enough practice). It’s creative. It’s what I’ve been dying for for years.

This is art, and approaching it as art is the way my handwriting becomes something more. As does my writing. I compose very differently when the ink literally flows from my pen than when typing on a keyboard. Key clicks are cheaper than dirt. Ink and 100% cotton paper? Very expensive and exquisitely thoughtful. There is no waste, I make few mistakes. Strange how not having a Delete key does that. (Pay no mind to my blotchy practice sheets, you know, those times when the ink really did flow from my pen.)

There won’t be 20K-word letters, my hands can’t take it. Expect a medium-length letter, 500-1K words, maybe all the way up to 2K if I really have the spare time.

The essays I’ve planned are all things I’ve wanted to discuss for a long time, but hesitate to make them public and Googleable. Pen to paper is not that.

I plan on producing some handwritten and updated editions of existing blog posts, perhaps quotes from my books or Tweets, things that aren’t personalized, serialized or brand-new. These pieces will be more affordable than the letters, and not in such limited quantities. My hope is some of these pieces are framed, perhaps put in a scrapbook, or something of that nature. Sex workers do love their physical, personal libraries.

The blog here will be much more surface, and less personal than it has been. If you want to read what I have to say, the real thought-pieces, the substantial and personal things I sometimes share, you must purchase a letter. If you want to be my pen-pal, for real, now you can.

Not going to do the letters indefinitely. A year, perhaps two. And then I’ll probably have said everything I want to say as Amanda. The letters are as close to a memoir as I’ll ever get. I really don’t have the ego required for a full-blown autobiography.

Private pen-pals will last as long as they last. Mostly I’ll let those relationships fizzle out on their own, likely after I’ve thoroughly offended all my pals.

Letters will never be repeated, or reposted on the blog or anywhere else. They’re real-world communication. Made once, consumed only in one manner by the person who receives them, not accurately reproducible by any means. My imperfect hand means nothing will be the same twice. Low effort wabi sabi.

Letters are folded properly, sealed with wax and a custom stamp, created for my personal theme of 2021. The letter will be inside the mailing envelope. So basically, you get a plain, addressed envelope, open it to reveal another plain, protective envelope, and inside there is your letter.

I have gold and purple wax, and various colors of satin ribbon. You can even choose your basic paper types: opaque or transparent. You get to choose wax color, ribbon color, and paper-type because I’m feeling generous and want you to enjoy the way your letter is presented.

Quantities are limited; both the current topical issue and number of pen-pals I’ll allow. I expect to produce a new issue every 4-6 weeks and I’m already behind in rolling this out, the February issue will go on sale starting the 9th.

Actual purchasing information and email notification of issues for sale is on my other website1. You pay via Square, my payment processor. The options are all explained on my sales page. I suggest reading it thoroughly. All questions should be answered, and there are helpful photos, as well.

All in all, I think this is pretty simple to understand. I write letters, you buy them.

Click here to go to Sales Page

I’m curious how quickly some idiot manages to screw this all up.

To recap: continuing to read the thought-pieces many enjoy means buying the topical letter. Being my pen-pal means purchasing private correspondence.

I love writing with a dip pen; and making $money$. I’m a brain-damaged hooker with artsy-fartsy flair. An entertainer for 20 years, I’m offering a new form of entertainment for you. Nothing bigger than that.

By next week I expect to see hundreds of escorts offering calligraphy and handwritten letters. I know of only one who currently offers handwritten correspondence. As usual, the unoriginal herd should pay me royalties because money is flattery. Imitation is neither flattering nor money!

1This blog theme, while lovely for blogging, is limited in being able to create unique pages, and I do not wish to waste my time right now redesigning this entire thing, that’s coming later this spring. I’m working on other deadlines at the moment.

Posted on by Miss Brook$

face or no face?

Vanessa D’Alessio wrote a great piece over at TitsandSass around the issue of showing your face in conjunction with your online escort work. My response got eaten by the Intertubes, I think. Instead of reposting, I decided to expand on it a little here.

This article has been at the back of my mind since I read it last week. My arc has been slightly different than hers. When I started stripping, I was fairly out and allowed myself to be photographed, topless, for one of my club’s websites (back when the Internet was indeed tubes that connected computers using gerbils and string). They never removed the picture despite repeated requests, even after I left stripping and began escorting. (It was later removed only because they redid their site.)

Read more

Posted on by Miss Brook$

fosta/sesta for online escorts

The news of last week sent me reeling. I should have been better prepared but other than assuming the bill would pass, I did nothing. So…I’ve done what many have done as far as my online work persona goes; and thought about things.

personal privacy

As someone who has touted the value of personal privacy for years, you should take steps on that front. Abine’s Delete Me service is not that expensive and very well worth it. If you can’t afford the fee, they show you how to do it on your own (it’s time-consuming). I bought their service a couple years ago and am extremely happy with it.

For years, I’ve recommended How to Stay Invisible and it’s still worthwhile when it comes to offline privacy. The Lifeboat Strategy is very expensive and informative, and best for those with a lot of money to protect. The website does have free information available. I’ve found the best online privacy resource yet to be Hiding From the Internet, written by a former FBI agent. And then there’s the very excellent A Smart Girl’s Guide to Privacy, written by Violet Blue, who is very sex worker friendly.

Read more