You don’t need paranoia.

You need clarity!

OPSEC (operational security) isn’t spy cosplay. It’s just disciplined thinking about risk. It’s asking: “If someone wanted to cause me trouble, how would they do it?” and then quietly closing those doors before they even notice they were open.

Threat models specific to sex work

Platforms

Platforms are the first bucket. They love you until they don’t. AI moderation can misread context. Payment processors can get nervous. An algorithm can interpret “normal adult content” as “policy violation” and suddenly your income disappears. That’s not morality. That’s automation plus liability math.

Clients

Then there are clients. Most are fine.

Some are not. The boundary-pushers. The screenshot archivists. The “I found your LinkedIn” guy who thinks that’s charming.

It’s not. It’s reconnaissance.

Exes / acquaintances

Low-skill but emotionally motivated. Surprisingly dangerous!

### Doxxers & hobbyists

Reddit detectives with too much time and zero ethics. They treat lives like puzzle games. The ethics are thin. The time commitment is not.

Institutions

Banks, payment services, advertisers, and occasionally law enforcement.

They’re not stalking you personally.

They’re managing risk.

If you trip a compliance filter, you become a checkbox.

Checkboxes do not have feelings.

Separation of identities (devices, accounts, behavior)

If your personal life and work life share devices, accounts, usernames, recovery emails, or posting patterns, they are not separate.

They are roommates pretending not to know each other. Real separation means different devices when possible, different email ecosystems, different behavioral patterns.

You don’t “sometimes log in.” You architect distance.

Communication security basics

Communication security basics are boring. That’s why they work. Strong passwords. Unique passwords. Two-factor authentication that isn’t SMS if you can avoid it. Encrypted messaging where appropriate. Fewer apps with microphone permissions. Less oversharing in DMs. Excitement is cute. Digital breadcrumbs are not.

Financial & payment privacy (high level)

Financial privacy is about reducing blast radius. Diversify platforms when possible. Understand terms of service. Don’t rely on one processor as your lifeline. Keep clean records. Assume any mainstream financial service can panic if headlines shift!

Content & metadata hygiene

Content and metadata hygiene sounds technical, but it’s simple: what information is embedded in your files?

Photos can contain location data.

Posting patterns can reveal routines. Background details can reveal neighborhoods. Cropping is not paranoia. It’s editing.

Platform risk & AI moderation

Platform risk and AI moderation deserve respect. AI doesn’t understand nuance.

It understands patterns. If your language, imagery, or engagement patterns drift into automated “risk clusters,” you might get flagged even if you did nothing wrong.

Design for resilience, not innocence.

Common OPSEC mistakes

- Mixing real emotions + work accounts

- Reusing usernames across platforms

- Oversharing timelines (“just landed,” “on my way home”)

- Trusting platforms to protect you

- Assuming silence = safety

Silence often just means data collection.

How much security is “enough”

Enough that a low-effort attacker gives up.

Enough that a medium-effort attacker has to work very hard.

Enough that a platform glitch doesn’t erase your entire income overnight.

Enough that you sleep at night without spiraling.

You don’t need invisibility. You need resilience.

The goal isn’t to disappear. The goal is to control your own narrative surface area. In a world run by algorithms and bored hobby detectives, that’s not paranoia. That’s professional literacy.

And literacy, especially digital literacy, is power.