Blog

Sneak peak inside FBSM Reviews

If you are just finding us for the first time, FBSM Reviews is where adults go to have fun and be safe from the games and the drama that people play.

At FBSM Reviews, each and every post/review is verified before it is published.

What does that mean for you?  It means that every photo is current and accurate. Every post is a real person. And at FBSM Reviews we take it another step. At FBSM Reviews we only post providers who have a record of being honest and reputable.

Let that sink in for a minute. At FBSM Reviews, you will only find the best providers in the business. Our providers offer a wide range of services from escorting to travel companions, see each post for details.

But what does FBSM Reviews do when we verify a provider is not reputable or honest? FBSM Reviews post that provider with a “SCAM ALERT” attached to their post.

Recently added:

Brielle Devonshire Albuquerque, NM. (Tours: Santa Fe, NM.)

Jade Nikole Norcross, GA.

Carissa Kartel Atlanta, GA.

Lady Malibu Cleveland, OH.

TS Kristi LaCroix Austin, TX.

Nadia Austin, TX.

Leah Luxe San Francisco, CA.

Misa Denver, CO.

Charizma Naples, Fort Lauderdale, Miami, FL. (Tours: Zurich, Switzerland, L.A.., San Diego, CA.)

Madison Montgomery San Diego, CA. (Tours: New York NY., Denver, CO., Austin, TX., L.A., CA.)

Kamilla Loreto Los Angeles, CA. (Tours: San Francisco, San Jose, CA., Seattle, WA., Honolulu, HI.)

Want more?

Recently added 12/21 (NSFW)

Recently added 12/15 (NSFW)

Recently added 12/13 (NSFW)

Recently added 12/21 (NSFW)

Happy holidays from FBSM Reviews

If you are just finding us for the first time, FBSM Reviews is where adults go to have fun and be safe from the games and the drama that people play.

At FBSM Reviews, each and every post/review is verified before it is published.

What does that mean for you?  It means that every photo is current and accurate. Every post is a real person. And at FBSM Reviews we take it another step. At FBSM Reviews we only post providers who have a record of being honest and reputable.

Let that sink in for a minute. At FBSM Reviews, you will only find the best providers in the business. Our providers offer a wide range of services from escorting to travel companions, see each post for details.

But what does FBSM Reviews do when we verify a provider is not reputable or honest? FBSM Reviews post that provider with a “SCAM ALERT” attached to their post.

Recently added:

Mandy Montana Butte, MO. (Tours: Missoula, Bozeman, Great Falls, Helena, Kalispell, MO)

Danielle Reid Bentonville, Fayetteville, Little Rock, AR.

Vanessa Lovee Santa Barbara, Santa Maria, Los Alamos, CA. (Tours: OC., CA.)

Holly Davis Las Vegas, NV.

Chloe Belle Nashville, TN. (On tour: Little Rock, AR., Fort Worth, Dallas TX., Memphis, TN.)

Porn star Janey New York, NY. (I’m based in Brooklyn but I travel to Manhattan and Queens.)

Alexis Portland, OR. (Beaverton/Hillsboro)

Nicole Chambers Cleveland, OH.

Want more?

Recently added 12/15 (NSFW)

Congress Ramps Up War on Sex Workers and Their Customers With Secret Votes on Four New ‘Protection’ Laws

By Elizabeth Nolan Brown, Reason

While seemingly preoccupied this week with criminal justice reform and avoiding a government shutdown, Congress also authorized a national strategy for arresting sex buyers and approved the use of secret wiretaps in misdemeanor prostitution cases.

The national plan to “end demand” for prostitution was part of the massive “Frederick Douglass Trafficking Victims Prevention and Protection Reauthorization Act,” which cleared the Senate Monday through a secret vote of the sort civil libertarians have long opposed.

Congress is now “strengthening federal efforts” to be tough on sex buyers, based on the false idea that customers of consenting adult sex workers drive demand for minors. All state and local cops, prosecutors, and judges are to be trained on “best practices for prosecuting buyers” of sex and how to use asset forfeiture in these cases. A federal working group on the study of sex-buyer arrests will also be created, and grants related to human trafficking must include language encouraging those working on demand-reduction efforts to apply.

In addition, Congress “clarif[ies] that commercial sexual exploitation is a form of gender-based violence,” whatever that means.

“Any comprehensive approach to eliminating sex and labor trafficking must include a demand reduction component,” states the bill, which passed the Senate Tuesday after clearing the House in July 2017.

The House also passed the bill via “voice vote,” a process under which there’s neither a record of how members voted, whether they were present for a vote, nor how many total members actually voted. Voice votes—also known as unanimous consent agreements—can be contested by a member demanding a regular vote. This week, Rep. Thomas Massie (R-Ky.) has been demanding recorded votes on a slew of measures in the House.

Meanwhile, in the Senate, Majority Leader Mitch McConnell (R–Ky.) was using the process to usher through four bills at the intersection of law enforcement, human rights, bureaucracy building, and foreign diplomacy. In addition to the Frederick Douglass Act (H.R. 2200, with no separate Senate version), the following bills also passed the Senate by unanimous consent on Monday:

The chambers are now resolving differences on all three before sending them to President Donald Trump for signing. The total package includes a mixed bag of policies and funding priorities.

FINE PRINT

Tucked in some tiny sections are significant changes, some that go way beyond human trafficking. For instance, a section of S. 1311 would allow state law enforcement to use secret wiretaps on sex workers and their customers.

A part of S.1312 “amends the federal criminal code to broaden the authority of the U.S. Secret Service to provide forensic and investigative assistance to state and local law enforcement agencies by allowing assistance in support of any investigation—not just an investigation involving missing or exploited children.” [Emphasis mine]

Another “amends the federal criminal code to authorize the Department of Justice (DOJ) to bring a civil action to stop or prevent criminal offenses related to suspected forced labor, sex trafficking, or sexual abuse.” This would give the DOJ more leeway to preemptively shut down businesses while building a criminal case.

One provision essentially creates a new federal crime initiative by directing resources and money to fight “sextortion.” Among other (expanded) missions, the National Center for Missing and Exploited Children will now teach school kids, cops, and staff about the dangers of “sexting and sextortion,” too.

The measures include grant money for new programs aimed at school resource officers, teachers, and students that purportedly teach the signs of sex trafficking.

And they set aside more money for Customs and Border Protection “to expand outreach and live on-site anti-trafficking training for airport and airline personnel”—efforts that have thus far yielded a host of high-profile stories about profiling interracial families and not a single confirmed story involving actual sex traffickers.

On average, however, there’s actually less sex-trafficking panic in these bills than similar measures we’ve been seeing this century, with way fewer references to inflated and debunked statistics. The End Demand element notwithstanding, there’s also less conflation of sex work that adults freely engage in and forced prostitution of adults or minors.

Congress instructs the Justice Department to develop better training with regard to “limiting arrests or prosecutions of trafficking victims for crimes they commit as a direct result” of being victimized, and to award grants to groups that prioritize this approach.

Senators also rejected the part of a House-approved measure that required traveling federal employees to stay at hotels “with certain policies relating to child sexual exploitation.”

In addition, a host of transparency-related provisions are potentially good.

For nearly two decades, the feds have been leading and supporting anti-human-trafficking efforts with little accounting for the money and time spent or the results. Now, Congress is instructing DOJ to report on the methodology it uses “to assess the prevalence of human trafficking.” In addition, federal crime reports are instructed to start measuring instances of child-labor violations, assisting or promoting prostitution arrests, and solicitation for commercial sex arrests.

Congress tells the FBI to “publish a status report on the Innocence Lost National Initiative,” a nationwide effort, coordinated with local police, that has operated largely in secret for more than a decade. It’s the initiative behind the FBI’s annual Operation Cross Country, which I have written about in detail. The data Congress requested is information my former colleague Lauren Krisai and I have sought to get from the FBI, with no luck.

Congress also tells the government-funded-but-FOIA-exempt National Center for Missing and Exploited Children “to make publicly available the annual report on missing children and the incidence of attempted child abductions.”

And it asks for more accountability from Homeland Security Investigations (HSI) about trafficking-related investigations. HSI is involved in all sorts of prostitution stings around America, especially ones involving Asian massage parlors.

A large part of the legislation is concerned with the State Department’s annual Trafficking in Persons report, which places countries into one of three tiers based on how well we think they’re doing to counter sex and labor trafficking. Bad rankings on this list can affect a country’s business dealings, reputation, and eligibility for various U.S. programs. Historically, the TIP report has been used as a political tool and is ripe for abuse. In the new legislation, Congress offers more guidelines for placing countries in which tier, how they’re moved between them, and what counts as “credible information” for purposes of determining their rank.

Overall, there’s a lot of overlapping instruction and redundancy in the four bills approved in the Senate Monday. Perhaps they could have benefited from full attention by the legislature instead of McConnell rushing them through under secret votes right before a holiday break.

But the fact that he was able to do that underscores something interesting. For at least a decade, lawmakers have made a big deal about introducing, supporting, and passing bills related to sex trafficking. Interestingly, there was little fanfare from folks in Congress about the passage of these measures. It seems that when these efforts aren’t full of sex panic and high-profile targets like Backpage, there’s little glory in claiming credit for them.

Recently added 12/15 (NSFW)

Happy holidays from FBSM Reviews

If you are just finding us for the first time, FBSM Reviews is where adults go to have fun and be safe from the games and the drama that people play.

At FBSM Reviews, each and every post/review is verified before it is published.

What does that mean for you?  It means that every photo is current and accurate. Every post is a real person. And at FBSM Reviews we take it another step. At FBSM Reviews we only post providers who have a record of being honest and reputable.

Let that sink in for a minute. At FBSM Reviews, you will only find the best providers in the business. Our providers offer a wide range of services from escorting to travel companions, see each post for details.

But what does FBSM Reviews do when we verify a provider is not reputable or honest? FBSM Reviews post that provider with a “SCAM ALERT” attached to their post.

Recently added:

Jessica Peruvian New York, NY. (Tours: Midtown, Elmhurst, Manhattan, NY.)

Sexi Lexi Billings, MO.

Ms Terri Slidell/New Orleans, LA. (Tours: Hattiesburg, Jackson, MI.)

Sunny Hattiesburg, MS.

Katherine Washington, DC. (Tours: Fairfax, VA.)

Classy Carolina San Jose, CA.

Lauren New York, NY. (Tours: Manhattan, NY.)

Aquarius Dallas, TX. (Richardson, Plano)

Want more? Recently added 12/13 (NSFW)

Free tour (NSFW)

If you are just finding us for the first time, FBSM Reviews is where adults go to have fun and be safe from the games and the drama that people play.

At FBSM Reviews, each and every post/review is verified before it is published.

What does that mean for you?  It means that every photo is current and accurate. Every post is a real person. And at FBSM Reviews we take it another step. At FBSM Reviews we only post providers who have a record of being honest and reputable.

Let that sink in for a minute. At FBSM Reviews, you will only find the best providers in the business. Our providers offer a wide range of services from escorting to travel companions, see each post for details.

But what does FBSM Reviews do when we verify a provider is not reputable or honest? FBSM Reviews post that provider with a “SCAM ALERT” attached to their post.

Recently added:

Athena Marie Redding, CA. (Tours: Sacramento, Santa Cruz, Monterey, CA.)

Katy Fremont, CA. (Tours: Santa Rosa, Sacramento, Anaheim, Pomona, Orange, CA.)

Jasmine Flowers Honolulu, HI. (Tours: Oahu, Waikiki, Maui, HI., Oakland, OC, San Francisco, CA., Houston, TX., Atlanta, GA.)

London Rose Las Vegas, NV. (On tour: Oklahoma City, Tulsa, OK. Wichita, KS., Phoenix, AZ., Salt Lake City, UT., Albuquerque, NM., Colorado Springs, CO.)

Doll face the queen Albuquerque, NM. (Tours: Sacramento, Santa Cruz, San Jose, Stockton, Daly City, CA., Wichita, KS., Denver, CO.)

Miss Mandi Mason Albuquerque, NM. (Tours: Denver, CO.)

Catherine Forrest New York, NY. (Tours: Manhattan, NY.)

Winter Kay Oklahoma City, OK. (Tours: Denver, CO., Dallas, Austin, San Antonio, TX., Kansas City, St. Louis, MO., Chicago, IL., Nashville, TN.)

SCAM ALERT: Ashley Banks San Francisco, CA. (Tours: San Jose, East Bay, Fairfield, Pleasant Hill, CA.)

Koi Erotica Seattle, WA. (On tour: Portland, OR.)

Katy Fremont, CA. (Tours: Santa Rosa, Sacramento, Anaheim, Pomona, Orange, CA.)

Kitty Kouture Baton Rogue, LA. (Tours: Lafayette, Nola, New Orleans)

Lisa Charms Las Vegas, NV. (Tours: Chicago, IL.)

Bailey Boston, MA. (Tours: Seattle, WA. San Francisco, CA. Manhattan, NY.)

Josie Viper Walnut Creek, CA. (Tours: San Francisco, Tahoe, San Rafael, CA.)

Zada Tampa, FL. (On tour: Miami, FL., Orlando, FL., LA, CA., Naples)

Scarlett Syn Renton, WA. (Seattle)

The rise of fake Amazon reviews — and how to spot them

By David Pogue

Customer reviews were supposed to be one of the internet’s greatest breakthroughs. They let you know if a product was any good before you spent money on it. Sites like Amazon, Yelp, TripAdvisor, Uber, Lyft, and Airbnb built their successes on the trust created by those review systems.

But these days, that trust is getting shaky.

How bad is the problem?

Here’s the thing: The review system is essential to trust — and to Amazon’s business model. After all, if you’re an online-only store, your customers can’t touch and examine your wares. All they have to go on are reviews from other customers.

But here’s the other thing: If you’re a desperate, obscure company, those reviews are your only hope of generating sales. Highly rated products appear first in Amazon’s search results, so getting your product listed at the top means big money. Gaming the system becomes very appealing.

“Anyone with a brain can see that there are a lot of problems,” says Saoud Khalifah founder of FakeSpot.com. (FakeSpot is a site whose algorithms help you weed out fake reviews from Amazon — or Yelp, or TripAdvisor, or the Apple app store; more on this below.)

“I would estimate right now, across all categories, around 30% are fake reviews,” Khalifah says. “Of the Chinese no-name companies, I’d say 95% of them are fake reviews.”

For its part, Amazon says that figure is overblown. “Inauthentic reviews made up less than 1% of all reviews on Amazon last month,” a spokesperson told me by email.

But as Tommy Noonan, creator of another fake-review-spotting site called ReviewMeta, points out, that there are millions of reviews on Amazon. So if 1% of 200 million reviews are fake, he noted, “there are still 2 million fake reviews on Amazon.”

Besides, Noonan says, “How do they know there are 1% fake reviews? I mean, if they know a review is fake, they’re gonna delete it, right? It’s basically impossible for anybody to say what percentage are fake.”

Where fake reviews come from

Just how sneaky are those sellers? Here are some of their tactics:

  • The 100%-off coupon. In Facebook groups, the sellers offer you a juicy deal: Buy their product and leave it a five-star review. In exchange, you’ll get a coupon good for the entire purchase price, or even more. This way, your review will still say “Verified Purchase” (Amazon’s badge that indicates you genuinely bought the product from Amazon). “It’s almost impossible for Amazon to track — and they’re giving these reviews the Verified Purchase badge,” says Noonan. “It’s not some guy in Bangladesh sitting at a computer writing thousands of reviews a day, but it’s still misleading to the consumer.”
  • The bot armies. Sleazy sellers can buy blocks of fake Amazon customer accounts by the thousand. Then they use people or software bots to write fake five-star reviews for their own products. (They’re careful to make subtle changes to each review — varying the number of exclamation points, for example — so that Amazon’s algorithms won’t spot the duplicates.)
  • The bait-and-switch. Once a seller has earned a high rating for a product, he can swap in a different photo and description, and voila: Instant high ratings for a completely unrelated product. Check out the page for this flash drive, for example, where (at this writing, anyway), the various reviews refer to a paper calendar, a blanket, a tooth-pain medicine, and binoculars. This seller has switched its product on this page, in other words, multiple times.
  • The praise-your-enemies trick. Sometimes, sellers leave crude, obviously phony five-star reviews for competitors’ products. These reviews are engineered to trigger Amazon’s own algorithms, so that their competitors get suspended. (Alternatively, they click the “Helpful” button on negative reviews for rival products, so that those reviews rise to the top.)
  • Amazon, in an effort to foster growth, has been inviting more Chinese companies (and U.S. sellers selling Chinese goods) to list their wares on the company’s site. (Only about half of the items listed on Amazon are actually sold by Amazon. All the rest are shipped directly to you from “third-party sellers,” who may use Amazon packaging to make it feel more Amazon-ish.) As you can guess, that trend makes the fake-reviews problem even worse.

All right. Now you know what you’re up against. But you have some tactics at your disposal, too. Here are a few ways to tell fake reviews from good ones:

  • Check the reviewer’s profile. When you click a reviewer’s name (which appears above every review), you get to see her profile page, which is often extremely enlightening. It shows all of this person’s reviews, for all products, all clumped together. If it looks like they’re all on the same day (or couple of days), or if they’re all variations of the same comments, you should smell a rat.
  • Look at the three- and four-star reviews. One aspect of a fake review you can count on: It’ll be a five-star review. (Or, when a seller is trying to attack a competitor, a one-star review.) A two-, three-, or four-star rating doesn’t accomplish much in moving a review’s search-results position. Therefore, the in-between ratings are more likely to be authentic — and therefore worth reading.
  • Watch out for one-worders. The name of the game is the star rating; the higher the average rating, the higher the product appears in Amazon’s search results. Therefore, fake reviews are often very short and non-specific (“Great!!”), because the actual prose of the review doesn’t affect its attractiveness to Amazon’s search algorithms.
  • Watch out for compensated reviews. Until October 2016, you were allowed to post a review you’d written in exchange for free stuff, as long as you revealed that you’d gotten a gift. It quickly became clear, though, that those reviewers were far more likely to leave positive reviews (shocker!) — and in October 2016, Amazon barred the practice. Those older reviews are still hanging around, though.
  • Beware the Vine. Incredibly, Amazon itself encourages a similar sort of compensated review to this day, in the form of Amazon Vine. That’s a program that sends you free products in exchange for reviews. You have to be invited to become a Vine reviewer (based on your history of leaving well-regarded reviews), and sellers have no direct contact with you. Still, it seems rife with bias. Sellers pay Amazon for the reviews (from $2,000 to $7,500, according to Khalifah), and send the free products for Amazon to pass along to the Vine reviewers. As noted above, it’s human nature to give a higher rating to something you got for free. At least Vine reviews are clearly marked.
  • Check the wish list. “You don’t even need to look at the reviews,” says FakeSpot’s Khalifah. “Look at the wish list! Nobody ever looks at the wish list.” At the left side of a seller’s profile page, you can click one of his Wish Lists. If you see the same items over and over again, even though you’re inspecting different reviewers’ profiles, you’ve found a cheat.

Trust older reviews. The widespread gaming of Amazon reviews is a relatively recent phenomenon. “Any review before 2013, you could put a lot of trust in,” says Khalifah. (The exception, of course, is if you spot an old review that describes a completely different product. In that case, the seller has swapped in a different product.)

Obviously, that list of traits that characterize good and bad reviews entails a lot of work on your part, especially if a product has hundreds of reviews. You’d be wise, therefore, to paste the page’s link into FakeSpot or ReviewMeta. These sites check out all of the reviews for the product at once.

“There are so many angles, so many variables,” says FakeSpot’s Khalifah. “We take a look at all the reviews for the product. Then we look at the all the reviewers themselves, all their historic reviews, all their wish lists, and try to find any patterns.”

FakeSpot shows you how many of the reviews it suspects are bogus, and clearly explains its reasoning. ReviewMeta actually recalculates the Amazon star rating for you, based only on the reviews it suspects to be valid.

Each site offers a web-browser extension (plug-in), so that you don’t even have to do the copy-and-paste thing. (FakeSpot’s extension is currently $2 a month, but Khalifah says that it will be free soon.)

What’s Amazon doing?

The fake-review problem is getting worse; Amazon says that it’s up for the challenge. “We know the value of reviews for customers, and even one inauthentic review is unacceptable,” the spokesperson told me. “Customers can report suspicious reviews 24 hours a day, 7 days a week, and we investigate each claim. We take forceful action against both reviewers and sellers by suppressing reviews that violate our guidelines, and [we] suspend, ban, or pursue legal action against these bad actors.”

The company bans sellers and fake-review accounts by the thousands; each time, it uses machine learning to improve and anticipate the sellers’ ever-evolving tactics. Amazon also works with Facebook to shut down those “free stuff for five-star review” groups, and has filed over a thousand lawsuits against sellers and fake reviewers.

Both Khalifah and Noonan say that they can see Amazon’s efforts at work. “My data does show that Amazon is deleting tons of reviews — literally millions of reviews,” says ReviewMeta’s Tommy Noonan.

But it’s an arms race, a cat-and-mouse game, and it’s not clear that the good guys are winning. Amazon and other review-based companies are increasingly fighting the same kinds of trust battles that are hobbling every aspect of the internet these days. It’s no longer enough to be a good judge of value and quality when you shop; now, you’re expected to be a good judge of the reviews that are supposed to guide you.

Want more?

First Timers: What to Expect From Your Encounter With an Escort

Tips, tricks, and common sense to make hiring an escort a breeze

How to SCREEN New Clients for Dummies

FOSTA sex trafficking law becomes center of debate about tech responsibility

By Anna R. Schecter and Dennis Romero, NBC

A law meant to stop sex trafficking — lauded by Ivanka Trump, signed into law by her father in April, and championed by members of Congress who have been working for years to crack down on bad actors like Backpage.com — is now being challenged by tech company advocates and internet rights groups who say it violates the First Amendment.

The tech industry-funded nonprofit Electronic Frontier Foundation (EFF) will urge a federal judge Thursday to stall enforcement of the law, known as FOSTA-SESTA, which holds websites accountable if they knowingly facilitate criminal activity like human trafficking that happens on their platforms. (FOSTA is short for the Fight Online Sex Trafficking Act, and SESTA is the Stop Enabling Sex Traffickers Act.)

While FOSTA-SESTA was hailed as a victory by many advocates for survivors of sex trafficking, some in the tech community have pushed back on the law over concerns that the government is moving to require tech companies to censor the internet.

Prior to passage of FOSTA-SESTA, tech companies had widely been protected against being held liable for any illegal content or business conducted on their platforms.

“FOSTA attacks online speakers who speak favorably about sex work by imposing harsh penalties for any website that might be seen as ‘facilitating’ prostitution or ‘contribute to sex trafficking,’” EFF said in a press release.

EFF’s lawyer arguing the case, Robert Corn-Revere, has previously represented Backpage.com, a website that was shut down by the Federal Bureau of Investigation, and its CEO Carl Ferrer, who pleaded guilty in three state courts to money laundering and conspiracy to facilitate prostitution.

Sen. Rob Portman, R-Ohio, one of the architects of the law, said this is not a free speech issue but instead about protecting victims of sex trafficking.

“Victims of this abhorrent crime can finally have their day in court and the websites that knowingly facilitate sex trafficking are being shut down and being held liable for their actions,” he said. Portman led a 20 month U.S. Senate investigation that found Backpage complicit in trafficking. He says the shuttering of Backpage.com, which he called the “industry leader in sex trafficking,” is a victory.

Prior to passage of FOSTA-SESTA, Backpage’s defense in response to charges that it proliferated prostitution and trafficking was that it’s not responsible for ads posted on the site. That argument is based on Section 230 of the 1996 Communications Decency Act, which says online service providers cannot be held liable for content provided by third parties.

After the law passed, Craiglist shut down its “personals” section.

FOSTA-SESTA is a definitive turning point for the internet and holds platforms accountable in an unprecedented way. EFF’s constitutional challenge is championed by those who complain FOSTA-SESTA could create an advantage for bigger companies with the technology and money to make sure that their platforms comply with the law.

“Every effort to turn platforms into content police favors the well-established, well-capitalized platforms,” said Mike Godwin, senior fellow at the nonprofit research firm R Street Institute and the former general counsel for Wikimedia Foundation. “If you are a startup, you now have to hire a thousand lawyers and contract workers to screen content.”

But longtime advocate for survivors of child sex trafficking, Mary Mazzio, said EFF’s constitutional challenge is disingenuous.

“The child sex trafficking survivors, along with the community of adult survivors, nonprofits, and NGOs who fought for the passage of FOSTA-SESTA, are dismayed to find that EFF, which began a disinformation campaign prior to the bill’s passage, has continued its relentless assault on any attempt to hold websites accountable that engage in criminal conduct,” Mazzio said.

Want more?

Congress Attacked Sex Workers. Now We Need You to Stand with Us

As a Trafficking Survivor, Lobbying for Sex Worker Rights Gave Me Hope

Oakland police scandal: How often are cops having sex with prostitutes?

British Sex Workers Protest Proposal That Would Shut Down Their Websites

What Yahoo’s NSA Surveillance Means for Email Privacy

By

Dear ProtonMail Community,

Two weeks ago, we published a security advisory regarding the mass hacking of Yahoo. Unfortunately, due to recent events, we are issuing a second advisory regarding all US email providers.

What happened?

This week, it was revealed that as a result of a secret US government directive, Yahoo was forced to implement special surveillance software to scan all Yahoo Mail accounts at the request of the NSA and FBI. Sometime in early 2015, Yahoo secretly modified their spam and malware filters to scan all incoming email messages for the phrases in the court order and then siphoned those messages off to US intelligence. This is significant for several reasons:

  • This is the first known incident where a US intelligence directive has indiscriminately targeted all accounts as opposed to just the accounts of suspects. Effectively, all 500 million+ Yahoo Mail users were presumed to be guilty.
  • Instead of searching stored messages, this directive forced Yahoo to scan incoming messages in real-time.
  • Because ALL incoming email messages were targeted, this program spied on every person who emailed a Yahoo Mail account, violating the privacy of users around the world who may not even have been using a US email service.

What does this mean for US tech companies?

This is a terrible precedent and ushers in a new era of global mass surveillance. It means that US tech companies that serve billions of users around the world can now be forced to act as extensions of the US surveillance apparatus. The problem extends well beyond Yahoo. As was reported earlier, Yahoo did not fight the secret directive because Yahoo CEO Marissa Mayer and the Yahoo legal team did not believe that they could successfully resist the directive.

We believe that Yahoo’s assessment is correct. If it was possible to fight the directive, Yahoo certainly would have done so since they previously fought against secret FISA court orders in 2008. It does not make sense that US surveillance agencies would serve Yahoo Mail with such an order but ignore Gmail, the world’s largest email provider, or Outlook. There is no doubt that the secret surveillance software is also present in Gmail and Outlook, or at least there is nothing preventing Gmail and Outlook from being forced to comply with a similar directive in the future.  From a legal perspective, there is nothing that makes Yahoo particularly vulnerable, or Google particularly invulnerable.

Google and Microsoft have come out to deny they participated in US government mandated mass surveillance, but under a National Security Letter (NSL) gag order, Google and Microsoft would have no choice but to deny the allegations or risk breaking US law (our analysis of Yahoo’s denial is at the bottom of this post). Again ,there is no conceivable reason US intelligence would target Yahoo but ignore Gmail, so we must consider this to be the most probable scenario, particularly since gag orders have become the norm rather than the exception.

In effect, the US government has now officially co-opted US tech companies to perform mass surveillance on all users, regardless of whether they are under US jurisdiction or not. Given the huge amount of data that Google has, this is a truly scary proposition.

How does this impact ProtonMail?

ProtonMail’s secure email service is based in Switzerland and all our servers are located in Switzerland, so all user data is maintained under the protection of Swiss privacy laws. ProtonMail cannot be compelled to perform mass surveillance on our users, nor be compelled to act on behalf of US intelligence. ProtonMail also utilizes end-to-end encryption which means we do not have the capability to read user emails in the first place, so we couldn’t hand over user email data even if we wanted to.

However, since email is an open system, any unencrypted email that goes out of ProtonMail, to Yahoo Mail for example, could potentially have been swept up by these mass surveillance programs and sent to US government agencies. This is why if you want to avoid having your communications scanned and saved by US government agencies, it is important to invite friends, family, and colleagues to use non-US email accounts such as ProtonMail or other email services offered by European companies.

What can the rest of the world do about this?

Unfortunately, the tech sector today is entirely dominated by US companies. Just like Google has a monopoly on search, the US government has a near monopoly on mass surveillance. Even without US government pressure, most US tech companies also have perverse economic incentives to slowly chip away at digital privacy.

This week, we have again seen how easily the massive amounts of private data retained by US tech companies can be abused by US intelligence for their own purposes. Without alternatives to the US tech giants, the rest of the world has no choice but to consent to this. This is an unprecedented challenge, but it also presents an unprecedented opportunity, particularly for Europe.

Now is the time for Europe to invest in its own tech sector, unbeholden to outside interests. This is the only way the European community can continue to safeguard the European ideals of privacy, liberty, and freedom online. It is time for European governments and citizens to act before it is too late.

The only chance for privacy to prevail against these attacks is for the global community to support a new generation of web services which protect privacy by default. These services, such as ProtonMail’s encrypted email service, must operate with a business model where users can donate or pay for services, instead of giving up data and privacy. The security community also has an obligation to make these new service just as easy to use as the ones they replace.

Services such as secure email, search, and cloud storage are now vital to our lives. Their importance means that for the good of all citizens, we need to develop private alternatives that are aligned with users, and free from corporate greed and government overreach. Crowdfunded services like ProtonMail are rising to the challenge, but we need more support from the global community to successfully take on better funded US tech giants. Privacy matters, and your support is essential to ensure the Internet of the future is one that protects our rights.

Best Regards,
The ProtonMail Team

You can get a free secure email account from ProtonMail here.

Analysis of Yahoo Denial:

Yahoo, like every other US tech company, has issued a denial, basically denying Reuter’s account of the mass surveillance. Here is Yahoo’s denial, word for word:

“The article is misleading. We narrowly interpret every government request for user data to minimize disclosure. The mail scanning described in the article does not exist on our systems.”

It is curious that Yahoo’s response to this incident is only 29 words, but upon closer examination, it is a very carefully crafted 29 words. First, Yahoo calls the reports misleading. This is a curious choice of words because it does not claim that the report is false. Finally, Yahoo states that, “The mail scanning described in the article does not exist on our systems.” While this could be a true statement, it does NOT deny that the scanning could have been present on Yahoo’s systems in the past.

The same day as the Yahoo denial, the New York Times obtained independent verification of the Reuter’s story from two US government officials. This allowed the New York Times to confirm the following facts:

  • Yahoo is in fact under a gag order and from a legal standpoint, they cannot confirm the mass surveillance (in other words, they must deny the story or avoid making any statements that would be seen as a confirmation).
  • The Yahoo mass data collection did in fact take place, but the collection is no longer occurring at present time. Thus, we now understand the disingenuous wording of the last sentence in Yahoo’s statement.

Yahoo’s denial (or non-denial, as the case may be), followed immediately by confirmation by the NYT demonstrates the new reality that denials by US tech companies cannot really be taken at face value anymore. It is not that US tech companies are intentionally trying to mislead their customers, but many times, they have no choice due to the gag orders that now inevitably accompany any government requests. If statements from US tech companies turn out to be suspect (as in the Yahoo example), the likelihood of the public ever knowing the truth becomes highly unlikely, and this brings us to a dangerous place.

Stay informed:

How to Encrypt for Dummies