I've been away from the board for awhile and accumulated a number of PMs with questions about improving overall security.
Forgive me for resurfacing this post, but I thought I would answer a few questions in response.
Laptops
I actually think that using a laptop for your (provider) business is a good idea; it requires maintaining good contacts, checking references and establishing schedules. It's hard to keep all that in your memory and generating a paper trail is a seriously bad idea. You can do alot with your smartphone however, provided you use some precautions -- see the phones section. If using a laptop, its a good idea to take some precautions along the lines described in my original post.
Creating a secure "hidden" OS in your laptop: The idea is that a provider can use one password to log on to a "hidden" desktop to conduct provider business and another password to log on to a "guest" desktop for her non-hobby activity. Everything is encrypted, but having the "guest" desktop gives you plausible deniability when your SO, friend, etc. simply wants to use the internet -- being too protective of the laptop can be suspicious -- or is questioning you about your laptop, email, etc. usage. TrueCrypt is free, open-source software that allows this feature and can be found at
http:://truecrypt.org. This youtube video takes you through the steps to install it:
http://www.youtube.com/watch?v=uQREbqocnmo. Generally I like to use a previously unused laptop -- new or refurbished -- and expect this process not to be for the faint of heart and to take several hours. A good tip: use your "guest" desktop occasionally for non-hobby activities -- it will give that desktop a "lived in" feel and shed suspicion.
Using the Internet
When inside your "hidden" desktop, its a good idea to make sure folks cannot trace which website you are going to. When connected through your home internet service, your SO or someone with a little tech-savyness can tell which websites you are visiting by looking at your internet hardware (i.e. router, cable modem, etc.). To ensure you keep your visits to eccie away from prying eyes, you can configure anonymous web browsing using the TOR service which hides your web destinations by securely connecting through middlemen systems (i.e proxies), thus hiding the final destinations. The following youtube video takes you through setting up with the TOR service:
http://www.youtube.com/watch?v=XnJuS7XdY_o.
A good tip: use the TOR service every time you use the "hidden" desktop -- even when you are not worried about snooping. Because it is too easy to get sloppy and not use it when you definitely should and, more importantly, destination web sites can maintain information that allows your to be traced back to where you connected to the internet -- for an LE willing to go thru the trouble -- and the TOR service prevents some of that. Please note that it is possible for a highly motivated LE to get around the TOR service, so avoid running guns or other activities that gets LE too motivated.
Phones
Phones are the easiest item to trace in the world, but they are necessary. A Hobby/ Provider phone should not be tied to your name or your credit card if possible. So prepaid phones are great which you should pay for cash. A smartphone can definitely be had with prepaid plan, but they will cost more than usual. If you are a provider, i'd recommend a simple hobby phone that you can part with. However, if you just have to have a smartphone, expect to be able to ditch it at least twice a year.
Tips for hobby phone:
- If possible, do not keep it at home or in the car
- Remove texts and call history every evening; learn how
- Learn to erase the phone contents
Websites
The biggest challenge for a provider is remembering everywhere she has placed photos and ads. My recommendation is to track it closely; along with usernames and passwords. Typically, you abandon a site because you can't remember you used it or the credentials you used when you signed up. The ultimate goal is to be able to remove the traces of your provider life once you retire. Most provider services have provisions for removing your account, etc. upon request, but you are on your own when it comes to your own website, craigslist, etc. So track it all and regularly remove yourself from services you no longer use.
The other frequent question is whether to use gmail, hotmail, etc for your provider business. Yes, its ok to use the email and calendar services for your business, but consider using the anonymous browsing --like TOR--to connect to these services. However, using facebook, twitter, etc. seems rather ridiculous to me since as a customer i would not like to "friended" on facebook by my ATF, but that is up to you how much exposure you want.
Photos
A providers photos are critical to her business. However, i would recommend always blocking -- or blurring -- the face in all photos made public. Its a relatively easy procedure to learn -- instructions for windows at
http://www.zenker.se/En/blur.htm or a web service that makes it easy at
http://www.photohide.com/index.php. Tracking your photos is really critical, i know of more women having to explain nude photos on her smartphone, so take the photos, store them in your encrypted "hidden" desktop as soon as possible, and delete them from the phone or camera quickly. Never upload photos from your phone to a website; they can be tagged with way too much information when that happens (i.e. location, phone number, etc).
Other photo tips;
1) watch out for what is in the background of a photo; avoid releasing anything that tells too much about you and where you are,
2) your tattoos can be used to identify you; blur them if you can, but it may not alway be possible.
3) a tattoo of your real name should always be blurred
Of course, the protections -- and advice -- you take is dependent on your own goals. A provider who is also an amatuer pornstar may not need to blur her photos. That said, you need to decide the level of protection you want for yourself and your customers.
Hope this helps those that had questions...
Enjoy!
-T