Trigger warning: This series discuses rape and rape culture in kink communities.
This is the third post in a series on abuse in BDSM communities. While topically linked, each post does stand on its own. Perhaps especially this one. Please refer to our glossary for definitions of a number of key BDSM terms.
This post is all about FetLife.com, aka Facebook for kinky people, and how and why it stands against efforts to address safety and abuse in BDSM communities. The story of FetLife’s lack of respect of consent, privacy, and personal autonomy is an important one for all kinky people to know. But it also represents a fascinating case study for anyone interested in privacy, transparency, and rape culture on the Internet. However, while there are many articles talking about various parts of this problem, these discussions have been scattered and often assume a lot of prior knowledge. Moreover, the common threads of FetLife’s various problematic policies haven’t always been explicit. So in this post I’ve tried to weave these disperate threads together into one (obsessively hyperlinked) article. I will also level some new accusations at FetLife that, as far as I know, have not been voiced before.
We have a lot of ground to cover, so perhaps a Table of Contents is in order:
- Does Consent Count on FetLife?
- A Peer-to-Peer Reporting Solution
- When the ability to consent is never offered: User Privacy
- Allowing Users to Back Up Data: It’s Not Just Right Thing, It’s the Law
- The Profit Motive
- Take Action: Tools to break free of FetLife
Justice Brandeis wrote that “Sunlight is said to be the best of disinfectants,” which has become rightly famous as a metaphor for the value of transparency. Those who commit abuses are safest and most powerful in the shadows, in the realm of secrecy and doubt; they cannot stand the light of day. In previous posts, I talked about the prevalence of predators in positions of power in BDSM communities. If people are free to share information, both good and bad, it becomes much harder for predators to excersise their “social licence to operate. However, one of the most powerful entities in the BDSM scene has opposed both transparency and safety.
In the past few years, a single vortex has swept up the entire BDSM community. It’s called FetLife, and now has over 2 million user accounts (despite an official one-account-per-person policy, the actual number of users is probably a good bit smaller). FetLife’s creator, John Baku, set out to create “facebook for kinky people,” and he has largely succeeded. FetLife likes to insist that it is a social networking site and not a dating site. This, despite the fact that in the HTML meta tags that provide search engines with keywords, the term “dating site” is listed four times. (Screenshots!) And it’s a useful social networking tool. There is real value in having a one-stop-shop for one’s kink identity. But the site has a lot of problems.
Here’s your tl;dr: FetLife, I will argue, does not respect consent. It actively seeks to silence victims of abuse, and also does not give you the ability to consent to how your information is shared and used.On the privacy front, FetLife does not provide meaningful internal user controls to protect users–since the biggest danger isn’t people outside the site, but within it. In this, FetLife represents a particularly egregious example of pervasive problem of Internet culture and structure, which is an environment where we don’t recognize that we have a right to say no to sharing information, much like many women were socialized traditionally to not recognize that they could say no to sex. On top of that, it makes it difficult-to-impossible to get your data out of the site, which, I will argue, puts FetLife in possible violation of the European Union’s Data Protection Directive. Furthermore, I will argue, perhaps provocatively, that there is a strong relation between FetLife’s for-profit business model and all their actions. Nonetheless, I will outline what FetLife could and should do. Fortunately, there are now a number of nifty tools available to get around some of FetLife’s problems. (Indeed, these tools are now expanding to other sites, like OKCupid: see the Predator Alert Tool for OK Cupid, which we may revisit in another blog post at some point.)
So let’s let some sunlight in.
However, we also do not allow accusations of criminal conduct when a conviction has not happened. Unfortunately, many of the posts in this thread are doing just that. We’d like to give you the opportunity to continue this great service to the community in this way. We’ll delete all the comments that name names. If you can anonymize any accusations that come in from now on, we’ll allow the thread to stay open. If not, we’ll have to delete the thread completely. We hope it doesn’t come to that – we’d really hate to do that – and we hope that we can come up with a way to keep this going in a way that helps everyone.
The problem is: you can’t help everyone. You protect the victims (both past and future), or you protect the abusers and rapists. The imagined “no drama” middle ground does not exist.
This citation of the NCSF’s “Consent Counts” campaign is pretty egregious. Recently, Susan Wright from NCSF became the “community manager” for FetLife. (Remember her?) Maybe she can start her “education” campaign with her boss, John Baku? FetLife continues to assert that the right approach is to try to prosecute cases in the court of law, and that unless there’s a conviction, people are innocent. It may sound fair, but it’s an approach completely divorced from reality.
In mainstream rape cases arrests are only made 25% of the time, and most of the time the case does not result in a conviction. For a more detailed discussion of this, see Thomas Millar’s discussion of the reasons why prosecuting rape is so hard in both mainstream and BDSM contexts. To quote from the latter:
The difference between the cases of rape that get brought and those that don’t are “bad facts,” which means facts that will make the jury judge the victim instead of the perpetrator. And in almost all BDSM abuse cases, there are going to be “bad facts.” The first bad fact is that none of them are going to fit the profile of the stranger rape, the only scenario where juries can apparently be counted on to convict. In BDSM cases, the victim will almost always have gone to a club or a party, or met up with the perpetrator, with the express intention of playing. The victim probably will have said something to that effect by email or PM or text, or said it around witnesses. The defense lawyer can always point to that and say, “see? The so-called victim consented!” You and I know that consent isn’t a lightswitch, consent to being tied up isn’t consent to be fucked and all that. We know that, but do juries know that?…
Is reporting a sexual assault in a BDSM context [to the police] likely to work? No, absent serious injuries or hospitalization, or video evidence, it’s hard to conclude that it’s likely to work. It’s hard to conclude that it will work even for relatively privileged people within BDSM communities, let alone the sorts of folks who can’t count on the cops for other reasons. So if it’s not all that likely to actually produce a conviction, the notion that we should pressure victims in the the criminal justice system is busted. It’s a derail, a way of throwing up a hurdle and washing hands of the allegation.
Insisting on convictions is just another way of ducking responsibility and shielding abusers. Which makes sense when you consider that John Baku has himself been accused of sexual abuse, and may have a “foggy ass [sic] notion of consent and acceptable behavior himself.”
How do other sites handle this? Background interviews with friends at Facebook reveal that it too has a policy against what it calls “naming and shaming.” It’s a problem on the Internet generally. See, when a person names someone else as having violated their consent, from the perspective of the website, the person being named and shamed is the accused and aggrieved party. Despite the fact that the person doing the naming was violated. The concern they cite is libel. But it’s ridiculous. Libel is only libel if the statement being made it isn’t true. Moreover, libel is also a criminal offense that could be left to the courts to decide. Instead–concerned, no doubt about its own legal fees and liabilities–FetLife is essentially saying that if you were raped, the onus is on you to ensure a convicition, while if you are accused of rape, you can cry libel, and the website will be all over it to protect you and silence the accuser (more on this point). But unlike facebook, FetLife doesn’t even wait for users to complain; they proactively search out abuse accusations and, without advance notice, go in and edit or delete them. (At 50x the size of FetLife, Facebook couldn’t do that even if it wanted to.) Nor do they hide this–John Baku and Susan Wright actually argued that FetLife’s policy of autonomously searching out accusations to delete is a benefit to users in conversations at Dark Odyssey Summer Camp last fall.
FetLife isn’t facebook; it knows people use the site to find potential play partners and have a one-stop-shop for demonstrating their kink identity. And within the scene there are traditions of people seeking references before playing with new people. These ideas only work within established networks of friends, and don’t serve most people terribly well. Newbies in particular are left exactly where predators want them–ignorant, isolated, and vulnerable. There has to be a better way.
If it wants to demonstrate it cares about consent, FetLife should develop an internal tool for rating other users one has played with–like yelp, for kinky play partners! In lieu of that, others have stepped into the breach. Internet activist/hacktivist/muckraker Maymay has created a tool called the FetLife Alleged Abusers Database Engine (FAADE)–now rebranded as the Predator Alert Tool for FetLife (PAT-FetLife), a browser-side script that links up to a publicly accessible database and super-imposes information on consent violations on FetLife profiles. It’s pretty nifty, if a little visually obtrusive. But you can easily turn it on and off. Install it, and turn it on to check out any potential play partner. Report abuses with it, and encourage others to do so! The more people use it, the more useful it will be. You don’t even need an account to look at it–reader, you can download a list of alleged abusers and predators right now. In the spreadsheet, you can read all the accounts of rape and abuse, and a number are pretty disturbing indeed.
Of course, the naysayers argue that these tools will be overrun with false rape allegations. Overall, however, false accusations for rape are actually pretty rare—almost as rare as actual convictions for rape.
What there is in FAADE, unfortunately, is a fair bit of spam, created by enablers trying to destroy the whole system. Which is a clear sign that the other side is not operating in good faith. Moreover, say there are lots of accusations in FAADE. Say even that the majority of people have one consent violation. Guess what? The actual predators, they’ll have lots. And that will be a key tell. The other tell will be how a user responds to an accusation. Are they defensive and accusatory? Or do they approach it in good faith? We saw this play out in the FetLife thread I discussed earlier, where abusers were named. Many of the accused not only ran to FetLife to get their accusers silenced, they, denied the allegations and lashed out at the (anonymous) accusers. Those are the people you need to beware of. The “false accusations” objection is concern trolling of the worst sort. Other people who were named responded that if anyone thinks they violated consent, they want to be called out, or admitted there had been a problem and discussed how they had worked to prevent it from happening again. In short, they used it as an opening to conversation. These are the sort of self-aware, mature responses that breed trust. Miscommunications do happen, and I’ll talk more in a future post about how to handle such accidental consent violations. But we must not allow miscommunications to be used as an excuse to cover up intentionally predatory behavior, because doing so—as FetLife does today—only gives predators’ license to continue their behavior.
FetLife wants you to believe that it’s a private, secure site that is a safe space. Yet that is obviously not true on its face. First off, anyone can create an account in a few seconds. Moreover, the site itself is not very secure, and its various privacy flaws have been well documented (click for link to awesome, technical-yet-accessible discussion of some of the major problems). FetLife is focused on the appearance of security–making you believe you can’t download images because you can’t right-click on them, for example. Yet because its being shown on your screen it is already on your computer and you can get the hotlink from the HTML code. Nor does FetLife respect the autonomy of your account. FetLife administrators can and do go in and change content. They have gone so far as to change users‘passwords without their consent!
Just like FetLife doesn’t respect the consent (or lack thereof) of abuse victims, they don’t respect the consent of average users when it comes to sharing of information. You should have the option to consent to who views what information about you on social media and other websites. Of course; loads of websites count on users being careless about privacy. The culture of the internet has evolved to rely on users not thinking about whether they have or should have the ability to consent to share information. The history of Facebook is a classic case of consistently pushing the boundaries on privacy. But Facebook also have provided complex privacy controls. Granted, many people don’t use them right. But they exist. You can limit things to be viewed only by some friends and not others; you can control whether other people see pictures that have you in them. You can make it so people who aren’t your friends can see almost nothing about you; indeed, I think that’s now the default.
FetLife has very little in the way of direct controls on who can see what you post, and is counting on its users not being experienced with the Internet. All FetLife users can see your username, your fetishes, your age, your location, your gender, your sexuality, who your friends are…I could go on. You can set photos and journal/blog writings to friends-only–but not to any subset of your friends. All groups, group membership rolls, and all group discussion content is visible to everyone in the site, and anyone can join and post to any group. Nor is it possible to create an invite-only event–events are visible to everyone and anyone can RSVP for any event. All of this means that users are not protected from stalkers and predators. Even paying users are not protected much; anyone can hotlink to a video the same way they can to a photo, and then share it with non-paying members or even people outside FetLife, as maymay’s video sharing tool demonstrates. All while FetLife tries to assure people to share their sex lives online.
FetLife is aware of these issues. Suggestions for fixing these things are among the oldest and most-requested suggestions for improving FetLife. But FetLife has not implemented them. Part of it may be laziness, or sloppy coding. But it’s been too long for that to be the only explanation.
FetLife wants you to believe their walled garden is safe, but not only can anyone create an account in seconds, the walls themselves are full of holes. The security problems with FetLife were put on display when last summer, a simple proxy connection service was set up to allow access to the site without an account. FetLife responded by trying to block the server and assure everyone that the bad person had been stopped, without actually fixing the security holes. This preference for spin over reality is commonplace at FetLife and its allies. For example, I tried to talk to Alan, Esq., one of the leaders of the NCSF, at CatalystCon in March about the FAADE tool. Instead, he went off on a rant about this supposed hack and how fishy a person Maymay was, and loudly declared he had no idea why Maymay did what he did. Really, I said? Because Maymay has been very transparent about it on his blog. It quickly became apparent that Alan had no idea what I was talking about, no any desire to educate himself. Let’s be real. Maymay did this with the express purpose of showing that FetLife was insecure, all the while live-tweeting the event. This is how people who work to expose security flaws so they can be fixed operate, not how hackers opperate. But don’t take my word for it:
“Nobody ‘hacked’ FetLife,” says Yonatan Zunger, chief architect of Google’s social network Google Plus, when we explain the situation. “No locks were picked; someone simply noticed that FetLife never locked the door in the first place.”
FetLife also doesn’t allow people to easily export or download their user data. This makes sense–the FetLife model has been to take info such as calendars, personal profiles, and discussion boards that used to be spread across a hundred websites and calendars and email lists, along with lots of free amateur pornography, and consolidate it into one site, without the ability to share the info out again, thus creating a dependency on FetLife as a central clearing house for the content. Yet any time we depend on a singe resource, we are setting up a single point of failure. And with FetLife having so much FAIL going on, that is a vulnerability that BDSM communities cannot afford
Yet users do want this ability to export and back-up their own content for their own personal records. People want to possess their own content and conversations, and not depend on a social networking site to get it. This was shown in the controversy this spring that ensued after FetLife started cleansing illegal content earlier this year. FetLife only limited or banned illegal content such as pedophilia and bestiality in order to retain the ability to process credit card transactions. John Baku is on the record [login req’d] explaining that they only (and with regret) put in place rules banning pedophilia and bestiality for this reason. And yet they were so lax at enforcing that rule—again, Baku is on record that this lax enforcement was on purpose—that this past January they (temporarily) lost their ability to process credit cards again anyway. In order to regain the ability to process credit cards, John Baku announced a wholesale, once-and-for-all purge of this illegal content. In response, lots of users wanted a backup of their content, regardless of whether it was actually in any danger. And since FetLife doesn’t provide any such tool, they turned to Maymay’s FetLife exporter. Which then crashed his servers, and because of configuration errors by users of the tool among other factors, caused some of the content to be indexed by Google. FetLife’s ham-fisted response was to block the server, which only made deleting improperly exported content more difficult. You can read more about the controversy that ensued here. We’ll return to this tool in a moment.
The need for users to be able to back up a copy of their own content is recognized by European Union (EU) Law, namely, the Data Protection Directive of 1996. For more on this law, see the official EU site, or Wikipedia. (Full disclosure: I am not a lawyer.) In shot, this law requires that all companies provide ways for EU users to access and export data about them. It is in to comply with this law and avoid large fines from the EU that Facebook and Google provide their data export tools. (Sure, they could have complied by providing the tools for only EU members, but that would be an administrative and legal mess.) It is time FetLife did the same. FetLife’s failure to provide any form of data export/backup tool likely puts the in violation of the EU Data Protection Directive. Even though FetLife is a Canadian company, the law applies to them because they have European users. Now, they are smaller, so they have thus far escaped the notice of EU regulators–and FetLife is likely unaware of this legal requirement themselves. I haven’t seen this written about anywhere yet. Indeed, I only became aware of this issue after talking to a friend who works for Facebook. So, I’m issuing a call to enterprising lawyers/law students: look into this, and then write to FetLife and/or the EU about it?
Why does FetLife block people from sharing stories of consent violations? Why does FetLife provide so little security to users? Because doing otherwise would work against their direct financial interest.
FetLife is a private For-Profit Canadian company. Among other sources, it receives funding from members who opt to pay a fee for added features–what is known in the tech world as a “freemium” model. What sort of features do these “supporters” get? Along with a number of pretty useless things, they get community status in the form of a badge on their profile, the ability to view over 5,000 of each day’s most popular pictures, videos, and writings, and the ability to upload and watch videos. There are over 80,000 such videos–mostly amateur porn–currently on the site. In other words, the benefit of paying is the ability to perv endlessly on other users’ amateur porn. And FetLife’s ability to provide the maximum amount of porn to paying members depends on other users not giving much thought to the security or privacy of what they’re uploading and sharing. And a rich database of amateur porn attracts more paying members. In other words, it is in FetLife’s direct financial interest not to provide security and privacy features.
Similarly, it is in FetLife’s intertest to limit the ability of people to take information out of the site and share it freely, because their ability to get members and sell ads relies on them have near-monopoly control over information in BDSM communities–indeed, many local groups have come to rely on FetLife to advertise events and even contact their own members!
What about silencing victims? The most-discussed reason for FetLife to silence victims is to sweep evidence of community problems under the rug. But could there be a profit motive here too? While disturbing, it makes sense. We know that predators (especially repeat abusers) are often community leaders, often older, and often male. Such people, I would hypothesize may be more likely than the average FetLife user to be a paying supporter of FetLife, either as a signifier of community status, or because they are better off financially (having had more time to rise in their careers and accumulate resources). We don’t have the list of all the abuse accusations that FetLife has deleted. We do, however, have the database of the FetLife Alleged Abusers Database Engine (FAADE), aka the the Predator Alert Tool for FetLife (PAT-FetLife). So I asked Maymay to help me look into this. You can view and run the simple PHP script he designed here, and view the results (as of 5/4/2013) in spreadsheet form here.
In summary, we found that 15.3% of all users reported in FAADE as having violated consent are currently paying supporters. (The percentage could be substantially higher, however, as FetLife may have lost many paying supporters when its credit card processing capability went down, and 30 users reported in FAADE no longer have active accounts.) How does this compare to the overall FetLife user base? Unfortunately, we can’t know for sure, since when I asked, FetLife told me that the total number of paying members is not publicly available. But I think it highly improbable that it is anywhere near 310,000 people (15.3% of all user accounts). Most sites that adopt “freemium” models see only 2% and 4% of their user base “convert” to paid subscribers, and over 10% is rare indeed. In short, paying supporters are likely over-represented in the set of users who have allegations against them in FAADE. Therefore, were FetLife to adopt a policy of removing members who were accused of consent violations, they would be targeting a group that disproportionately supports the site financially.
Am I saying that the reason FetLife silences victims of abuse, or limits privacy controls is because they want to increase their revenue? Not as such; there’s no direct evidence to suggest that. What I am saying is that for-profit companies are rarely “evil;” rather, they respond rationally to financial incentives. And in this case, those incentives mean that FetLife derives material benefit (or, at least, avoids potential material harm) by not respecting users’ consent.
What can I do? It’s the question we always ask here at Disrupting Dinner Parties. First, contact FetLife and ask them to change their policies. By all means, vote for the suggestions I linked to above if you are a member. But, as in politics, voting is literally the least you can do.
Write a Letter to FetLife
E-mail John Baku and Susan Wright and ask them to change their policies. Look, I’ve even created an email template for you! Click to load a ready-made email message to FetLife in your default email client, or click to download a word document for copying-and-pasting into your email client of choice. Feel free, of course, to edit it and make it personal. Indeed, please do! But still, that’s only the start.
Make your FetLife account more private (to the extent you can)
If you use FetLife–and there are many good reasons to do so–please educate yourself about privacy and how to protect yourself on the site. I recommend the following security measures. But at the end of the day, if you cannot afford to be “outed,” you probably can’t afford to use FetLife.
- Only have users you trust on your list of FetLife friends. That person you met at a happy hour once whose name you can’t recall? Give ‘em the boot.
- Make your avatar picture, which will always be viewable by all site users, not personally identifiable in any way, and make sure it’s not a picture you use on any other website.
- Set all other pictures and videos to friends-only, and set them so they can’t “trend” in the “Kinky & Popular” feed. Do the same with any writings or photos.
- Change your username so it doesn’t match other sites. (Unless you have a compelling reason to do otherwise.)
- Scrub your profile text and fetish list of any very personally identifiable information.
- Change your location so it’s not your real location, or at least not exactly. And please don’t use Antarctica–that’s just silly.
- To be extra safe, don’t join local groups in FetLife and don’t RSVP to events on FetLife. Encourage your groups and event organizers to use other means to record RSVPs and communicate with members.
The more reports in this tool, the more useful it will be! Remember that, to prevent blackmail and manipulation, there is no delete functionality–everything put in PAT-FetLife is there forever.
[Note: A tool with a similar purpose, though very different mechanism, has now been developed for OK Cupid (Predator Alert Tool for OK Cupid (PAT-OKC)).]
And then, consider ways to remove yourself from FetLife, in part if not entirely. Personally, I try to not rely on FetLife for anything, but it has its place and so I’m not quitting it–though I may yet. This is especially important for community groups! Fortunately, there are a number of tools that can help you do just that, mostly designed by Maymay. Maymay provides an overview of all the tools, but I want to highlight a few:
What ties one to FetLife? Most of all, it’s probably the ability to track events. Wouldn’t it be nice if you could view the FetLife events in your area in any calendar application you wanted? Well, you can! The FetLife iCalendar Export tool lets you subscribe in ical/google calendar/outlook/etc to the events feed for your area in FetLife without ever logging in. You don’t even need a FetLife account! (If FetLife offered the ability to make private, invite only events–which it does not–then this tool would not show those events.) It’s really impressive, and I highly recommend you check it out. Instructions and more info here. Subscribe here. What if your city not listed? You don’t have to rely on maymay’s server! You can take the open-source code and put it on your own server, and pull the list for any city or cities you want, just like Agevitam did!
Some users have tens, even hundreds of blog posts within FetLife’s walled garden. Which means no one else can see them, and they can’t get them out. So free your own creative work! Anyone can export all their own writings to a new wordpress.com site (just like DDP runs on) using the WordPress Exporter tool, or install the plugin on your own WordPress.org site. And WordPress sites provide the sort of meaningful and granular privacy controls FetLife does not. The tool does not access any writings by other users.
FetLife Export Tool
Not to be confused with the WordPress tool! We talked about this tool a little already–it’s a tool that logs in and pulls all your content from FetLife. You can find a copy that works–and is ignored by well-behaved search engines–on Agevitam’s site (or download and install on your own server).
Know of other users developing tools like this? Let me know! I’d happily link to their work too if I knew of it! Wherever possible I linked to mirrors and forks of these tools, and I encourage others to make their own forks.
Okay, so that’s a lot of discussion about FetLife, all in one place. The “Got Consent?” series isn’t done yet. But going forward, I’m going to be pivoting to solutions–it’ll be all “what can I do?” First, I’ll discussing how to negotiate and address accidental consent violations, and how to play more safely in private and public.
 Interview with Yandy, April 20, 2013
 [EDIT: I know people have problems with some of Maymay's behavior, particularly regarding online harassment and making people feel threatened. I think that is seriously not okay, and DDP does not support or condone any such behavior. It would be inconsistent with everything we believe about the importance of transparency to not acknowledge these concerns. That all said, at the end of the day I still think this does not reduce the serious problems with FetLife or the incredible usefulness of Maymay's technological tools. And THAT is the focus of this post.]
 Conversation between author and Alan, Esq., March 17, 2013