Writing used to be a fairly private endeavor. An author would spend weeks or months alone with her typewriter or word processor, creating a work of fiction. Nobody other than her immediate family or friends knew much about her work in progress. After the book was published, luckier authors might do readings, signings, interviews, or perhaps even end up on some television talk show. Most authors shrugged, answered the occasional fan letter, and pounded away on the next book.
It’s hard to believe how much things have changed. Successful authors in the digital age are required to be very public indeed. We expose ourselves on our websites and blogs. We hang out our shingles on Facebook, Goodreads, or Google+ and try to wheedle readers into “liking” or “friending” us. We populate the ether with pithy hundred character messages designed to attract attention to ourselves and our books. Many authors I know post current word counts on their blogs, so readers can track the status of their WIPs. Some set up chat groups or mailing lists to provide readers with up-to-the-minute information about everything from plot issues to their kids’ school performances.
These days, authors who aren’t visible in the cybersphere might as well not exist.
In some ways, this is a positive development. Publicity has never been easier or cheaper (though you have to really shout to be heard above the cyber-din). However, there’s a serious downside. It has become far more difficult – close to impossible – to keep anything private.
I’m sure you all have read about the myriad threats to privacy lying in wait for anyone who logs on, anywhere. From hackers who steal your personal data for financial gain to trolls who persecute you purely out of malice, the Internet is full of villains. Identity theft and privacy breaches are significant concerns for everyone – but authors, especially authors of erotica, have more at stake than the average citizen.
What would happen if your neighbors – your children’s teachers – your boss – your pastor, priest or rabbi – learned that you write sexually explicit fiction? Sure, there are some erotica authors who write under their own names and are up front about what they do. Most of them live in New York City or San Francisco, and most of the ones I can think of, at least, make their living from erotic writing and related activities.
The rest of us toil away at our day jobs in some less cosmopolitan and less tolerant locale, hiding our dirty little vocation from almost everyone around us. I know authors who have been ostracized by their communities, lost their jobs, or even been forced to move because they were “outed”.
Aside from the problem of having your mask torn away, authors are more susceptible to other privacy threats as well. Online stalkers often tend to latch on to female erotica authors, confusing the fantasies we create with the realities of who we are. Most are just creepy cranks, but we’ve all read about people whose obsessions become dangerous. Keeping your real identity secure can help reduce the potential danger.
Then there’s the risk to your career of having your email hacked or your website or blog defaced. The former seems to happen almost daily on the reader lists where I hang out. I’ll see a message from the email address of some author I know, advertising cheap iPads, posting links to Russian dating sites, or pleading for money because her passport has been stolen in a foreign city. Of course, it’s usually clear that these weren’t sent by the real author – but can readers always tell? A day or two later these authors always pop in and apologize. Even if nobody gets fooled, one can’t help feeling hacked authors should have been more careful.
So what can you do if you really want to keep your author and real world identities separate, make things harder for stalkers and trolls, and save yourself from the embarrassment (or worse) of being hacked? To be bluntly honest, nothing can guarantee your on-line safety. However, there are a number of actions you can take to reduce your vulnerability.
Don’t use free email services like Hotmail, Yahoo or Gmail
Yes, I know. Most of us don’t make much money from our writing. Free is synonymous with “good”. However, hackers know how to exploit the weaknesses of these large systems. Microsoft, Yahoo and Google are constantly playing catch-up as the bad guys break in and harvest hundreds or thousands of email addresses every year.
Not only can hackers break in to steal your email address and password, they can suck up your contact list, too, when that list is hosted on a public server. Then everybody you know may receive messages from you with embarrassing content, dodgy links, or dangerous attachments.
An email address “@lisabetsarai.com” is considerably less likely to be hacked than a Hotmail account.
Aside from security concerns, using free services can make you look less professional. For ten or fifteen dollars per year, you can get yourself your own domain name, linked to your pseudonym or some other aspect of your writerly persona. You don’t need a website to use your domain for email. Many web hosting companies will “park” your domain and give you half a dozen email addresses associated with that domain for five or ten bucks additional annual cost.
Create different email addresses for different purposes
You may want to have one address for communications with editors, for example, another for communication with readers, and yet a third for commenting on blogs. Multiple email addresses do complicate things, but on the other hand, if one address is compromised, you don’t have as much work to do. Having several addresses also makes it easier to filter your email based on the “To” field.
Another advantage of having your own domain for email is that you can create separate, special purpose addresses that still reflect your branding. For instance, when I put together my call for submissions for Coming Together: In Vein, I created a special email address, still “@lisabetsarai.com”, to receive submissions.
Don’t publish your email in text form anywhere — on any web page or blog
When I say “in text form”, I mean, don’t ever include a string like “[email protected]” anywhere. It’s relatively easy for software to recognize the patterns of email addresses. (In fact my word processing program automatically turned the fake email in the previous sentence into a link!)
It’s not at all difficult to write a program that “crawls” the web, looking for email addresses. These programs, sometimes called “spiders” or “bots”, are very common.
Remember how the web works? You send a request with a URL to the web server, and it responds, sending back the data for the web page to be displayed. Spiders basically impersonate users sitting at browsers. They send URLS, grab the text returned, and then go looking in that text for email addresses (or other information). (They also recognize links, so that they can send out new URLs.)
The collected email addresses get sold to Internet marketers (who will then send spam to your address) or to criminal rings (who may use your address as the apparent source of emails that carry viruses or other malware).
But if you don’t publish your email, how will readers communicate with you?
There are several options. Some people simply take the “@” and replace it with the word “at”, e.g.”myname [at] mydomain.com”. I wouldn’t be surprised is some spiders are now looking for this pattern as well.
Another possibility, one that I use on my links page (http://www.lisabetsarai.com/links.html) is to create an image showing your email address.
A third strategy is to not publish your email address at all, but to include a contact form on your web page or blog. This requires a simple server-side script (remember active content?) that gathers information from your reader and then, behind the scenes, sends you email. It’s true that your email address in text form will be embedded in the script itself, but script files are somewhat more difficult for spiders to access and analyze. You don’t have to write this script yourself. Most hosting services can provide one for you, that you can customize.
Purchase domain privacy services
If you have your own domain, go to the following URL:
http://www.networksolutions.com/whois
Type your domain name into the text box at the top and click “Search”. What do you see?
The domain registry companies maintain a public database that lists the name, address, phone and email of the people associated with each domain. Thus, your contact information could be exposed to anyone who cares to look it up.
This is intended to be beneficial, to allow consumers, law enforcement and other affected parties to discover who is responsible for web content. However, for an author trying to remain anonymous, this can spell disaster (or at least, disclosure).
Many web hosting/domain registration companies sell a service called “domain privacy”. When you purchase this service, your details will not appear in the WhoIs listing. It’s still possible for people to ferret it out, but it takes a good deal more work. My hosting company charges $10 per year for this service. I feel this is worth paying – and of course, it’s tax deductible.
Remember that everything is public
You leave a trail of evidence as you traverse the web, engaged in authorly pursuits. Your comments on Facebook, the photos you post on your blog, the reviews you write for Goodreads, even your Amazon purchasing history, may be visible to others. Legitimately visible, I might add. When you sign up for many social networks and eCommerce platforms, you have to accept their privacy policies. In many cases you’re agreeing to expose more than you may realize. Furthermore, most privacy policies reserve the right to make changes at any time. And the fine print always says that they’re not legally responsible for unintentional breaches to their systems (although there’s new legislation being considered in many countries to change this).
It used to be that you could rely on the size and diversity of the Web to cover your tracks. With all the millions of blogs out there, who was going to realize that you posted one picture here, a similar one there, mentioned your birth place in a third location, noted your birth date in a fourth? Nobody was going to look at all these different posts and put that information together to identify you.
Now, though, companies are spending literally millions of dollars to connect all these dots, to build an integrated picture of who you are, where you live, what you like and dislike, how much money you make, and much, much more. These so-called data mining efforts are, I believe, more of a threat to privacy than the villains trying to steal credit card data or social security numbers.
A vigorous effort is underway to integrate and unify social networking and eCommerce platforms. For instance, when I post a review on Goodreads, I’m then invited to share it on Facebook, Google+ and Twitter. How convenient! This makes everything easier for the users! But every time you take advantage of one of these convenient cross-linkages, you’re adding more data to that personal profile companies are building. If you’re an author trying to hide her real identity, you’re increasing the risk that you’ll somehow expose the relationship between your pseudonym and your real name.
The linkages don’t have to be explicit. The software developed by the data mining companies can infer these connections by matching various items of data. They’re getting better at it all the time. Meanwhile, even pictures can reveal information you’d rather hide. Facebook just bought a company that can scour thousands pictures posted online and find all the faces that match a target face – in a matter of minutes.
If you have one Facebook account for your real identity, and another for your author identity, it’s only a matter of time before Facebook figures out that you’re the same person. Maybe that doesn’t bother you, but you should be aware of the risk. Do you really want your grandmother to hear about the ménage BDSM story you just published?
Every time you include some real world fact about yourself in an author blog post, consider whether you really need to share that item of data. I don’t publish pictures of myself (other than my head shot, which honestly doesn’t look much like the real me), or photos of my husband or family, or my home, or my cats… In fact, I don’t even publish my cats real names. They have pseudonyms just like I do.
You may think I’m being paranoid. Perhaps. But I’d rather be paranoid than knowingly risk exposure.
Use deliberate misdirection
As an author, you may want to keep your personal information private. But many readers sincerely would like to know you better. They get a kick out of communicating with their favorite writers and learning about the details of those writers’ lives. If you’re too stingy with your personal data, readers may come to feel that you’re insincere or stuck up.
One solution I’ve found is to employ a certain amount of deliberate misdirection in my blog posts and other public communications as Lisabet Sarai. I alter the facts I share, just a bit. I give the experiences I recount a twist, change the locations or the times, make up a subplot or a few characters. I don’t view this as dishonest – I’m terrible at lying – but rather, as a bit of fictional embroidery. My job, after all, is to tell stories. Meanwhile, every time I slant the truth, I’m helping to lead the data snoops astray.
Don’t piss people off
Online, you never know who’s paying attention to you. It pays to think long and hard before you post anything negative, about anyone. This is true in general, but especially when you’re wearing your author hat. It’s all too easy to take revenge on the ‘Net. Piss someone off and you may motivate him to do some detective work, trying to uncover your real identity. And despite all your care, he just might succeed.
Rants may be emotionally satisfying – especially when they’re directed at individuals or organizations that are obviously evil and wrong…! You may be right in believing the object of your criticism deserves every word. However, ask yourself whether the catharsis is worth the risk.
Consider the privacy of others
As you work to defend your own identity and privacy, remember that we all face the same threats. Don’t share private information about colleagues without getting express permission. I know it’s difficult. Industry gossip is one of the most enjoyable aspects of getting together with one’s author colleagues. It’s so tempting to tell your great stories about the big names you might have met – but hold back. Those stories belong to the protagonists, not to you.
One simple action you can take to enhance everyone’s privacy is to use blind CC’s (BCC) when you’re sending a message to a list of email addresses. You don’t have the right to expose anyone else’s email to the world – and that includes other authors. Readers, too. If you have a reader email list, be sure that you keep each member’s identity private.
Actually, even storing emails on your hard drive is something of a privacy risk. Many viruses have the ability read your address book and then forward their evil payload to every single person listed there. Unfortunately, it’s nearly impossible to function these days without a list of contacts that integrates with your email client. About the only thing you can do is switch to a client that’s less susceptible to attacks.
Conclusion
You may get the feeling from this article I’m pretty pessimistic about privacy issues. You’re right. The forces trying to tear down the walls that protect your anonymity are powerful and well-funded. There may come a time, in the not too distant future, when pseudonyms will be totally transparent, despite our intentions.
Until that time, though, you can reduce the likelihood of disclosing information you want to keep private by following the recommendations in this column. At least let’s make the hackers, the trolls and the data snoops work a bit harder.
Lisabet Sarai
August 2012
“Naughty Bits: The Erotogeek’s Guide for the Technologically Challenged Author” © 2012 Lisabet Sarai. All rights reserved. Content may not be copied or used in whole or part without written permission from the author.