Listening to people describe their initial discovery of FetLife, the social network for those interested in the BDSM lifestyle, is not unlike listening to the newly converted describe their spiritual awakening. When the website launched in 2007, many who had never disclosed their sexual predilections felt free to do so in what they perceived as a digital safe space. FetLife soon became the home for kinky people seeking like-minded friends and partners, local event listings, and a forum to discuss BDSM in non-judgmental spaces.
But as many users learned last February, FetLife was also the home of an unsophisticated code that left its user data vulnerable to collection and re-publication elsewhere. The incident shed light on a number of FetLife’s failures to protect its users. More broadly, the security leak was a reflection of how best practices around safety, privacy, and communication are inconsistently enforced on the site.
The most recent incident started when a man named Mircea Popescu published a blog post titled “The FetLife Meat List—Volume I,” which he promised would be the first of several posts featuring a searchable list of female-identified FetLife users under the age of 30. The list contained the FetLife users’ usernames, ages, preferred BDSM roles, and number of FetLife friends, as well as their sexual orientations and locations. The post also included something of a preemptive FAQ about the list, in which Popescu claims the leak was motivated by a desire to call FetLife to task for “putting up the pretense of a ‘fetish for security,’” a reference to a message that shows up on the site when a user signs on for the first time.
While Popescu’s claims about FetLife’s lax security measures were valid, his decision to target women under 30, identify them as “meat,” and bemoan the “alleged abundance of tail” on FetLife in the post belies less than noble motives. But because he wasn’t actually breaking a law by leaking the information, he has already posted up to Volume IV as of April 25.
Of course, Popescu is not a sympathetic character in this story. But the ease with which he exploited the site’s vulnerabilities and FetLife’s subsequent failure to take meaningful action sheds light on the site’s history of turning a blind eye to abuses of people they claim to support.
While BDSM pops up in mainstream culture from time to time, it still remains largely misunderstood and frequently stigmatized. Until 2013, the Diagnostic and Statistical Manual of Mental Disorders classified a number of BDSM behaviors as inherently pathological, and BDSM remains largely illegal under US law. Simply having a FetLife account is not necessarily identifying oneself as a practitioner of BDSM, as the site can be used anonymously with non-identifying email addresses and usernames. But it is still a powerful medium for connection.
“FetLife can be hugely important to someone who is feeling isolated. Facilitating community is a huge service. And ‘coming out’ can be a matter of liberation,” says Tanya Bezreh, who studies disclosure and communication in BDSM. “But there are dangers, and it’s a question of risk tolerance.”
“FetLife can be hugely important to someone who is feeling isolated…‘coming out’ can be a matter of liberation.”
When discussing the FetLife information leak, many have argued in Popescu’s defense, claiming that users knew what they were getting into by sharing information with the site, as nothing is truly private on the internet. But it is worth noting that FetLife’s privacy page claims that the site has measures in place to prevent people from accessing the site’s data. The aforementioned “fetish for security” claim is one that every new user sees when they initially sign up for a FetLife account. But as the Meat List proved, these privacy claims are mostly empty promises to cover the scope of the site’s insecurities.
The Meat List leak wasn’t even the first time that FetLife user information has been leaked. In 2012, a searchable mirror site of FetLife was created that exposed user dara. Although FetLife CEO John Baku quickly claimed the proxy was blocked in a community post, there was a repeat incident in 2014 that exploited the same fundamental flaw. A.V. Flox, the editor-in-chief of the sex news site Slantist, said via email: “FetLife has chosen to paint each incident as a ‘hack’ that can be solved by issuing copyright takedowns under the Digital Millennium Copyright Act.”
Flox noted that by failing to be transparent about the issues that come with simply having a Fetlife account, Fetlife makes users believe that security threats are minor and easy for administrators to eliminate. “The more likely threat model is a script that indiscriminately copies every profile on the site—in minutes—and disseminates the information on mirror sites that might well be indexable by Google,” Flox said.
Kitty Stryker, the founder of the website Consent Culture and a BDSM practitioner herself, noted that the word “community” is a misnomer to describe FetLife or BDSM in general. “We create a harmful situation in which people believe that there are things like mutual responsibility and mutual accountability that don’t exist. It is too big,” Stryker told the Daily Dot in a recent phone interview.
Stryker compared FetLife’s security practices to those of Facebook, a social network that billions of people use every day—not because they find it safe or rewarding, but because it is simply the only way they can stay in touch with their friends. Like Facebook users, people on Fetlife are enormously reliant on the site, simply because it’s one of the few platforms for people in the BDSM community to connect with each other. This reliance on Fetlife means that the company is able to get away with ignoring some community concerns, while selectively enforcing others.
The FetLife Community Guidelines claim that the website doesn’t “accept aggressive personal attacks, criminal accusations, making fun of, trolling, flaming, bullying, racial slurs.” This has resulted in users who posted personal accounts of being assaulted by people they had met on the site receiving messages that their posts had been edited to remove usernames, with a note that “it’s really not cool” to accuse members of crimes. (Later, other FetLife users came forward with their own testimonies of being abused by the site’s members, thus bolstering the original allegations.)
Users who posted accounts of being assaulted by people they’d met on FetLife were told that their posts had been edited to remove usernames, with a note that “it’s really not cool” to accuse members of crimes.
When sexual assault allegations against FetLife users first started surfacing in 2012, CEO John Baku responded by writing that “the only way to protect others from a sexual offender is by putting them behind bars.” But this statement undermines the principle of self-policing within BDSM in a legal environment that doesn’t recognize it as a legitimate expression of sexuality—which is, arguably, one of the most important reasons for FetLife to exist.
It’s also telling that many of the profiles on the Meatlist had zero friends on the network, indicating that many of these users might just be exploring FetLife to learn more about BDSM. One of the ways that they learn about the BDSM lifestyle is through the many forums where posts are moderated inconsistently, revealing a range of abuses of the Community Guidelines.
A search for the word “drama,” for instance, pulls up a huge number of posts from users who viciously rail against members who posted assault claims as being dramatic, attention-seeking liars who should leave FetLife once and for all. A search for several racial slurs also turned up posts and groups littered with these terms. The existence of this content clearly undermines FetLife’s claims that such material runs counter to its own guidelines.
Many Fetlife users defend the site’s policy on assault accusations as a way for the site to protect users against libel, which brings up issues of which jurisdiction the site falls under. FetLife’s copyright notice lists a Vancouver address for the site but then invokes US copyright right law over the material on the site. A search for the IP address of FetLife show that the FetLife domain is registered in Scottsdale, AZ and the servers are located in Dallas, TX.
FetLife representatives did not respond to inquiries for comment on this discrepancy. But assuming the website is US-based, Section 230 of the Communications Decency Act protects Fetlife from legal liability. As the law states: “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”
FetLife’s Community Policy starts with the line: “Our number one priority is to create a fun and safe place for kinksters.” But it ignores the reality that sometimes, talking about safety and consent is not especially fun.
“People just want to get off and not have spaces complicated by assault politics,” says FetLife user Svetlana* (name has been changed), who sees the issues of FetLife as issues that affect the BDSM scene at large. “Powerful people are doing the assaulting.”
Stryker notes that in the BDSM community, much like society at large, leadership roles are often occupied by people who already possess social power, such as white males. “BDSM isn’t inherently predatory,” she says. “However, if we do not interrogate how power functions there, we just hurt people who are already marginalized.”
When it comes to coming up with ways to protect Fetlife users from having their privacy leaked to being victims of sexual assault, there’s no shortage of ideas within the BDSM community. “Hope isn’t strategy,” says Flox. She sees FetLife as culpable in making people feel their information is safer than it is with policies that claim a commitment to privacy. But mostly, she says, Fetlife is just hoping to make the problem go away.
Stryker says that if the website made a concerted effort to create safe spaces for the voices of women, racial minorities, gender non-conforming people, sex workers, and disabled people, Fetlife would be a safer place in general. And Bezreh suggests that BDSM-inclusive sex education and consent education in mainstream curricula would help alleviate the climate of stigma that creates the anxiety of being outed. BDSM education on FetLife would help newcomers differentiate between reliable and unreliable information on BDSM.
There is a tendency to accuse people of kink-shaming whenever they suggest that an examination of BDSM practices and other forms or kinky play might be worthwhile. There is also a tendency to blame individuals for their own privacy violations. But FetLife throwing its hands in the air and saying, “People will like what they like and can deal with the consequences!” does a disservice to the thoughtful ways that BDSM practitioners think about, teach, and discuss how desires and behaviors affect sex, privacy, and identity.
The idea that people should just run the risk of having their boundaries crossed and their privacy violated is not just incomplete. It actively stifles the very dialogue about consent, desire, and boundaries that is a source of pride for so many practitioners of BDSM. Members who defend FetLife relentlessly against any critique aren’t defending kink. They’re defending a business institution that mirrors many of the same rigid constructions of power that BDSM challenges. And that’s “really not cool.”
Photo via Anton Petukhov/Flickr (CC BY 2.0)