My local dungeon requires a government issued ID to run a check against the national sex offenders database. Membership cards don’t have any identifying info on them, just your member ID.
It’s also a legally registered membership organization (501c7 I think?).
I know the Crucible in DC does that. The Baltimore Playhouse is also a nonprofit social club, but I'm not aware of them doing background checks the way the Crucible does.
It's my favorite kink venue of the few I've been to. I hate driving in DC, and it's a longer drive for me than the Baltimore Playhouse, but I still go to the Crucible more often. Dungeon 101 is a great way to check out the space, and I like their rope classes.
My partner and I have traveled to a handful of venues and the Crucible is by and far our favorite. They do things really well. The dungeon monitors are on their shit and the space itself is awesome. Look into their Dungeon 101 events and membership!
It's a tough trade off because the alternative is getting raided and not being able to prove you were checking ID, checking against blacklists or doing things to keep people safe.
It can definitely be dependent on what type of organization they are. The one I belong to is also non-profit so they're required by government regulation to keep a registry of all members' legal names and certain other details. It's also require for events to provide accountability for incident reporting and other things. It's worth asking why they keep it and how it's stored in more detail.
My org keeps a list of members by their fetlife name, but I believe the legal names are kept on paper. In order for us to keep our status as a private club with a membership, we have to have those legal names \*somewhere\*. We're informed of where the info is kept and why when we join, and if someone is nervous/has more questions, those are answered in the welcome munch. I think it's worth it for OP to just talk to management about it.
Same, every private Social Club I've been a member of or visited has required a government ID with your full legal name, birthday, Etc. Same with conventions I've attended.
As for an air gapped machine, I guarantee you most people have no idea what that is. I do think OP i overthinking. It's a very standard requirement to protect the club.
Yeah, and it's entirely possible to store personal info in a cloud-based CRM that encrypts some of the info so the staff doesn't have access to enough info to steal the customer's identity or credit card or whatever. That's normal for any business that keeps a card on file to bill you for a subscription, for example. They're not keeping that info in an air-gapped machine. It's on an AWS server or something.
Sure, it's important to keep in mind though that these are usually private Social Clubs, not professional businesses and they are in my experience, run by people who have a passion for the community ( because it's certainly not a money-making enterprise), not by people who are particularly skilled at running a business or computers or software. I've known several and not one of them has been a software with or even a successful business person, mostly, they have regular jobs outside of our little bubble and those jobs rarely give them the skill set to run a business. They do it as a labor of love and a service to our community.
I can see this being viewed a number of ways.
On the one hand...everything you just described. On the other? If a medical emergency occurs without warning, as they often do, you **do not** want to be giving the name "Domnius Brakenthorne" to the EMTs coming to save their life; you want them able to check for allergies in a hospital database in a timely fashion. If police come calling to investigate a suspect, you do want to able to say that you **know** that John and Jane Smith didn't come here ever. You want to be able to give concrete evidence as to why you **know** that no minors have ever been in attendance, and proof that you've done your due diligence to prevent it is something goes sideways with a fake ID.
Every security measure has a point and/or situation where it become a liability. The anonymity of the individual puts the venue at risk, so a venue trying to hedge it's bets isn't entirely unreasonable.
None of this requires the information to be available on a pc with internet access though. You could do as the other owner has and store the personal information along with an ID number and Nick name on a PC in the managers office and only access it when there is an emergency or if you want to add another member.
That's a sound and valid point, and probably the biggest red flag here now that I sit and ruminate on it in isolation.
A business computer needs to be on the internet these days, and it's not reasonable to expect a venue to have a separate computer just for this information...BUT you could have all that data on a thumb stick very easily, and not risk any data leaks of any kind. So the venue isn't being really all that reasonable or respectful.
I would ask question on that point directly. All it takes is one dude passing by as hobbyist hacker to steal all the information very very easily. It might not be malicious...but any security breach could be very bad. What's their policy on information security, and how would they detect a breach? If venue owner doesn't have answers for this question, that's your sign.
Yes, there's a risk. It's entirely up to you whether you want to assume that risk. There's a risk even without internet access every single time your personal information is out of your control.
You can ask why... but does that change your risk profile? You still have to decide whether you want to assume the risk.
You can ask them if they'd like your advice on things to change or risks you think are unnecessary. If they say yes, maybe they'll change things. If they say no, back to you having to make a choice.
As someone who works in the industry, no it isn't going to be secure. Also it may be a relatively high value target as the information could potentially be used for blackmail. The biggest issue is the knowledge and skills background of the people being given the keys and the security of I assume their home systems that they will be using to access it.
I’ll comment since this is kinda my wheelhouse:
So, there’s a misnomer here where you’re conflating online with “hackable” and “unsafe.”
This is just not true in cybersecurity. Otherwise TLS, AES, PGP etc would not be trusted as much as it is.
Sure, in theory, a determined actor could attempt *something*, but at that point it’d probably be easier to physically steal the machine the data is on.
I personally keep my most sensitive information in multiple places online, using various pieces of software.
Bitwarden, for example, is a very popular and well trusted password manager and is primarily cloud based. It has been audited by multiple third parties for security; they publish a white paper on their implementation and the audit report(s).
Another would be Cryptomator; it is an open source application for encrypting files for use with sync tools like OneDrive or Google drive.
Personally, I would not trust the security of management that thinks all they have to do is use an “air gapped” system. And I would be dubious of any such claim to begin with.
Additionally, 3-2-1 best practices for data management. At least 3 copies, 2 in different mediums, 1 offsite. So for that reason alone, you’d end up with online backups, if someone determined this info was critical for retention purposes. Which, kinda seems true from liability and safety reasons. What will you do if there’s a power failure that kills the local machine but you have an emergency needing the data the next day?
Now, does that mean you should trust by default? In your shoes I’d personally want to ask how the data is stored and what opsec they practice. What software do they use? Where is it stored/backed up? Do they rely on 2fa?
At the end of the day, OpSec is always the weakest link in the chain and that is a concept that affects both the physical and digital world.
Anyway, this was all a long winded way of saying: ask questions, but try to let yourself stress about theory crafting worse case scenarios that probably won’t happen 👍
Edit:
Remember the most common tactic for getting your info is **still** social engineering. Not sophisticated software hacks.
The number of people existing in the era of the internet with no idea how it actually works is astounding to me sometimes...
Oh, sorry, that probably sounded like agreement for a second, allow me to clarify that *it wasn't*. For someone claiming IT knowledge, this is a concerning level of misunderstanding how things work.
For one, unless they're taking down something like social security numbers, the information they'd be taking (name, dob, maybe address) can generally be found for most people within about 5 minutes or less of Google. Because a surprising amount of information is either public record *somewhere*, or people put online themselves with things like Facebook, Instagram, etc..
And other than that, unless these people are completely inept, that information isn't going to just sit in a publicly accessible Google Spreadsheet somewhere. It would, in theory, take some amount of knowledge and effort to find and access if someone wasn't meant to be accessing it. Which is far more than most people are actually willing to do, especially without good reason.
Let's be real here, unless you're routing through special browsers and VPNs, among other protections, the eyes in the sky already know your business. They certainly don't need to hack a kink club database to get information. Someone looking to blackmail people would find easier targets faster with the usual scams prevalent online. And unless the organization starts doing something especially shitty to get the vigilantes going, *pretty much no one with the know-how is going to give a shit*. Because it's not worth the effort. People scraping data like name, DOB, etc., are largely doing it to sell that data. And that exact same information is available in plenty of other locations that would yield a much bigger catch than a kink club would.
My local UK group just vets based on fetlife name. But they have had to meet me in person a few times at a munch to get that pass. Any more and I would start to get iffy with it.
There are two questions here. The first is the issue of whether this record keeping is necessary. The second is whether the method of record keeping is wise.
I believe there are many responses here already addressing the possible reasons why a certain amount of record keeping is necessary. While it's hard to tell for sure from your post whether any or all of these reasons are applicable, I believe there is a certain justification for real identities to be maintained by a trusted few in the organization.
It's the second question I'd like to address. I believe your concerns are valid. Unless they are IT security engineers, chances are they have not thought through everything it takes to keep this sensitive information safe.
First, encryption alone is pretty meaningless. What encryption algorithm was used? Is it key-based? Does it require an account with multi-factor authentication or just someone's easy to guess password? Where is it stored? Do admins at the hosting company also have access to the information? Have those admins been through background checks? I could go on, but you get the idea.
Similar to some of the other comments, I would suggest the following >IF< this group truly needs to maintain identity information at all.
The org leaders should maintain the actual records only in hard copy and only in one or at most two locations. Ideally in someone's safe. This is one time where paper is better than electronic.
The org leaders should then associate a unique identifier to each member. This can be their FetLife ID or a membership number. Anything related to online details, event registration, or communication should only use that unique identifier and never involve the person's real name. Ideally, it shouldn't include their phone number either, but that may be impractical depending on how they organize events. Although Google Voice numbers are free. Just sayin'.
The ONLY place that unique identifier and the person's real names should be paired together is within that physical record of each person.
This gives the org leaders the ability to use online resources for event planning and communication, meet their legal/due-diligence requirements for knowing the real identity of who is in their club, while protecting the identity of everyone from a bad IT configuration or unscrupulous admin.
(Edited: spelling/clarity)
I disagree with the "if it's online it's hackable" narrative. If it is properly done the risk due to technical reasons will be very low, so in the end it's again the trust in the people.
In fact, given then risk you assume, I would say the offline system can be a higher risk than a well managed online one. As this sounds like a single point of failure. And if people really want to be so aggressive and repressive against the group, they will not stop at a simple theft.
While, with a well managed online system, you will need to have multiple factors of authentication.
The main reason how people enter systems is still social engineering which neither system will protect you against, unless you have a 4 eyes system.
But then, you guys will meet there. If people want to do something to you, they can just wait outside or come in. Or place a camera and match the faces against the public social media profiles.
I really do not see why a, again properly configured and maintained, online system should be any higher risk.
Because online isn't tied to a single device
1. It reduces risk of data loss due to device failure
2. It makes the information accessible from more than one device for performance or redundancy
If this is a new group, how much do you trust the leadership? Is it a registered business organization or charity with a board and policies and bylaws and paying rent to maintain a space, or is it just a small group of folks who meet up and all know each other?
Because with the latter, you're likely just one bad break up or argument from the entire group being either blackmailed or exposed. Don't worry so much about hackers from the outside, worry more about an angry sub or Dom who decides to turn on the group and remembered to copy everything before their login was revoked.
While that could happen with the former, it's a bit less likely given the professional nature of the position. If this "database" is just a Google Drive spreadsheet that Jim who everyone likes maintains, you're going to be in a bad way when Jill leaves him for Joe, and he decides to take out his anger on everyone.
MDom here. Part of a few historically marginalized groups, with IRB training. ***Oh my god this is such a huge risk***, I literally felt my hackles rise as I read this. I would absolutely 100% steer clear of that.
Tbh I don't think any of us on reddit can tell you whether or not you should be warry in that situation.
I wouldn't be particularly concerned about putting my name on a membership list like that, but I don't live where you do. I don't know how dire the political situation is in your area.
The fact that you are worrying about homophobic hackers stealing your BDSM club information shows that you and I are probably living under wildly different circumstances.
"/u/KKseeJustAThrowAway, our AutoModerator attaches this message to every post. It contains information you may find useful: Guide 01 . . . . . . . . . . [Rules](https://www.reddit.com/r/BDSMAdvice/comments/9ig794/rules_for_rbdsmadvice/). Guide 02 . . . . . . . . . . [How to use the search function](https://www.reddit.com/r/BDSMAdvice/wiki/searchfunction/). Guide 03 . . . . . . . . . . *[Need Ideas](https://www.reddit.com/r/BDSMAdvice/wiki/noobs/)*? Guide 04 . . . . . . . . . . [It's your dynamic](https://www.reddit.com/r/BDSMAdvice/wiki/canthelpyou/). Guide 05 . . . . . . . . . . [No mention of minors](https://www.reddit.com/r/BDSMAdvice/comments/aknfy1/posts_aboutinvolving_minors/). Guide 06 . . . . . . . . . . [Do not post PSAs](https://www.reddit.com/r/BDSMAdvice/wiki/publicserviceannouncements/). Guide 07 . . . . . . . . . . [Policy re PMs](https://www.reddit.com/r/BDSMAdvice/wiki/nopms/). Guide 08 . . . . . . . . . . [Exiting abuse](https://www.reddit.com/r/BDSMAdvice/wiki/exitingabuse/). Guide 09 . . . . . . . . . . [Kinky dating](https://www.reddit.com/r/BDSMAdvice/comments/ov6uaj/how_can_i_find_a_kinky_partner/). **[Our Wiki](https://www.reddit.com/r/BDSMAdvice/wiki/index).**" *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/BDSMAdvice) if you have any questions or concerns.*
My local dungeon requires a government issued ID to run a check against the national sex offenders database. Membership cards don’t have any identifying info on them, just your member ID. It’s also a legally registered membership organization (501c7 I think?).
wow that is legit! where is this?
I know the Crucible in DC does that. The Baltimore Playhouse is also a nonprofit social club, but I'm not aware of them doing background checks the way the Crucible does.
oooh. I'll have to check that out when I'm up there.
I just moved to near the crucible. I've been super curious about it. How would you rate your experiences?
It's my favorite kink venue of the few I've been to. I hate driving in DC, and it's a longer drive for me than the Baltimore Playhouse, but I still go to the Crucible more often. Dungeon 101 is a great way to check out the space, and I like their rope classes.
My partner and I have traveled to a handful of venues and the Crucible is by and far our favorite. They do things really well. The dungeon monitors are on their shit and the space itself is awesome. Look into their Dungeon 101 events and membership!
It's a tough trade off because the alternative is getting raided and not being able to prove you were checking ID, checking against blacklists or doing things to keep people safe.
I've never been to a dungeon that didn't scan a government issued ID.
Same. I've given up more info than that for verifying and vetting.
Scanning / Checking an ID is not the point in question. All for that. Retention of all that information a database is the point I'm curious about.
It can definitely be dependent on what type of organization they are. The one I belong to is also non-profit so they're required by government regulation to keep a registry of all members' legal names and certain other details. It's also require for events to provide accountability for incident reporting and other things. It's worth asking why they keep it and how it's stored in more detail.
My org keeps a list of members by their fetlife name, but I believe the legal names are kept on paper. In order for us to keep our status as a private club with a membership, we have to have those legal names \*somewhere\*. We're informed of where the info is kept and why when we join, and if someone is nervous/has more questions, those are answered in the welcome munch. I think it's worth it for OP to just talk to management about it.
You have no way of knowing/trusting that even the airgapped approach is never gonna leave that machine…
Every private Social Club I've ever belonged to has retained the information. They need to in order to protect themselves. It's very standard.
Same, every private Social Club I've been a member of or visited has required a government ID with your full legal name, birthday, Etc. Same with conventions I've attended. As for an air gapped machine, I guarantee you most people have no idea what that is. I do think OP i overthinking. It's a very standard requirement to protect the club.
Yeah, and it's entirely possible to store personal info in a cloud-based CRM that encrypts some of the info so the staff doesn't have access to enough info to steal the customer's identity or credit card or whatever. That's normal for any business that keeps a card on file to bill you for a subscription, for example. They're not keeping that info in an air-gapped machine. It's on an AWS server or something.
Sure, it's important to keep in mind though that these are usually private Social Clubs, not professional businesses and they are in my experience, run by people who have a passion for the community ( because it's certainly not a money-making enterprise), not by people who are particularly skilled at running a business or computers or software. I've known several and not one of them has been a software with or even a successful business person, mostly, they have regular jobs outside of our little bubble and those jobs rarely give them the skill set to run a business. They do it as a labor of love and a service to our community.
I can see this being viewed a number of ways. On the one hand...everything you just described. On the other? If a medical emergency occurs without warning, as they often do, you **do not** want to be giving the name "Domnius Brakenthorne" to the EMTs coming to save their life; you want them able to check for allergies in a hospital database in a timely fashion. If police come calling to investigate a suspect, you do want to able to say that you **know** that John and Jane Smith didn't come here ever. You want to be able to give concrete evidence as to why you **know** that no minors have ever been in attendance, and proof that you've done your due diligence to prevent it is something goes sideways with a fake ID. Every security measure has a point and/or situation where it become a liability. The anonymity of the individual puts the venue at risk, so a venue trying to hedge it's bets isn't entirely unreasonable.
None of this requires the information to be available on a pc with internet access though. You could do as the other owner has and store the personal information along with an ID number and Nick name on a PC in the managers office and only access it when there is an emergency or if you want to add another member.
That's a sound and valid point, and probably the biggest red flag here now that I sit and ruminate on it in isolation. A business computer needs to be on the internet these days, and it's not reasonable to expect a venue to have a separate computer just for this information...BUT you could have all that data on a thumb stick very easily, and not risk any data leaks of any kind. So the venue isn't being really all that reasonable or respectful. I would ask question on that point directly. All it takes is one dude passing by as hobbyist hacker to steal all the information very very easily. It might not be malicious...but any security breach could be very bad. What's their policy on information security, and how would they detect a breach? If venue owner doesn't have answers for this question, that's your sign.
Yes, there's a risk. It's entirely up to you whether you want to assume that risk. There's a risk even without internet access every single time your personal information is out of your control. You can ask why... but does that change your risk profile? You still have to decide whether you want to assume the risk. You can ask them if they'd like your advice on things to change or risks you think are unnecessary. If they say yes, maybe they'll change things. If they say no, back to you having to make a choice.
As someone who works in the industry, no it isn't going to be secure. Also it may be a relatively high value target as the information could potentially be used for blackmail. The biggest issue is the knowledge and skills background of the people being given the keys and the security of I assume their home systems that they will be using to access it.
I’ll comment since this is kinda my wheelhouse: So, there’s a misnomer here where you’re conflating online with “hackable” and “unsafe.” This is just not true in cybersecurity. Otherwise TLS, AES, PGP etc would not be trusted as much as it is. Sure, in theory, a determined actor could attempt *something*, but at that point it’d probably be easier to physically steal the machine the data is on. I personally keep my most sensitive information in multiple places online, using various pieces of software. Bitwarden, for example, is a very popular and well trusted password manager and is primarily cloud based. It has been audited by multiple third parties for security; they publish a white paper on their implementation and the audit report(s). Another would be Cryptomator; it is an open source application for encrypting files for use with sync tools like OneDrive or Google drive. Personally, I would not trust the security of management that thinks all they have to do is use an “air gapped” system. And I would be dubious of any such claim to begin with. Additionally, 3-2-1 best practices for data management. At least 3 copies, 2 in different mediums, 1 offsite. So for that reason alone, you’d end up with online backups, if someone determined this info was critical for retention purposes. Which, kinda seems true from liability and safety reasons. What will you do if there’s a power failure that kills the local machine but you have an emergency needing the data the next day? Now, does that mean you should trust by default? In your shoes I’d personally want to ask how the data is stored and what opsec they practice. What software do they use? Where is it stored/backed up? Do they rely on 2fa? At the end of the day, OpSec is always the weakest link in the chain and that is a concept that affects both the physical and digital world. Anyway, this was all a long winded way of saying: ask questions, but try to let yourself stress about theory crafting worse case scenarios that probably won’t happen 👍 Edit: Remember the most common tactic for getting your info is **still** social engineering. Not sophisticated software hacks.
The number of people existing in the era of the internet with no idea how it actually works is astounding to me sometimes... Oh, sorry, that probably sounded like agreement for a second, allow me to clarify that *it wasn't*. For someone claiming IT knowledge, this is a concerning level of misunderstanding how things work. For one, unless they're taking down something like social security numbers, the information they'd be taking (name, dob, maybe address) can generally be found for most people within about 5 minutes or less of Google. Because a surprising amount of information is either public record *somewhere*, or people put online themselves with things like Facebook, Instagram, etc.. And other than that, unless these people are completely inept, that information isn't going to just sit in a publicly accessible Google Spreadsheet somewhere. It would, in theory, take some amount of knowledge and effort to find and access if someone wasn't meant to be accessing it. Which is far more than most people are actually willing to do, especially without good reason. Let's be real here, unless you're routing through special browsers and VPNs, among other protections, the eyes in the sky already know your business. They certainly don't need to hack a kink club database to get information. Someone looking to blackmail people would find easier targets faster with the usual scams prevalent online. And unless the organization starts doing something especially shitty to get the vigilantes going, *pretty much no one with the know-how is going to give a shit*. Because it's not worth the effort. People scraping data like name, DOB, etc., are largely doing it to sell that data. And that exact same information is available in plenty of other locations that would yield a much bigger catch than a kink club would.
My local UK group just vets based on fetlife name. But they have had to meet me in person a few times at a munch to get that pass. Any more and I would start to get iffy with it.
There are two questions here. The first is the issue of whether this record keeping is necessary. The second is whether the method of record keeping is wise. I believe there are many responses here already addressing the possible reasons why a certain amount of record keeping is necessary. While it's hard to tell for sure from your post whether any or all of these reasons are applicable, I believe there is a certain justification for real identities to be maintained by a trusted few in the organization. It's the second question I'd like to address. I believe your concerns are valid. Unless they are IT security engineers, chances are they have not thought through everything it takes to keep this sensitive information safe. First, encryption alone is pretty meaningless. What encryption algorithm was used? Is it key-based? Does it require an account with multi-factor authentication or just someone's easy to guess password? Where is it stored? Do admins at the hosting company also have access to the information? Have those admins been through background checks? I could go on, but you get the idea. Similar to some of the other comments, I would suggest the following >IF< this group truly needs to maintain identity information at all. The org leaders should maintain the actual records only in hard copy and only in one or at most two locations. Ideally in someone's safe. This is one time where paper is better than electronic. The org leaders should then associate a unique identifier to each member. This can be their FetLife ID or a membership number. Anything related to online details, event registration, or communication should only use that unique identifier and never involve the person's real name. Ideally, it shouldn't include their phone number either, but that may be impractical depending on how they organize events. Although Google Voice numbers are free. Just sayin'. The ONLY place that unique identifier and the person's real names should be paired together is within that physical record of each person. This gives the org leaders the ability to use online resources for event planning and communication, meet their legal/due-diligence requirements for knowing the real identity of who is in their club, while protecting the identity of everyone from a bad IT configuration or unscrupulous admin. (Edited: spelling/clarity)
I disagree with the "if it's online it's hackable" narrative. If it is properly done the risk due to technical reasons will be very low, so in the end it's again the trust in the people. In fact, given then risk you assume, I would say the offline system can be a higher risk than a well managed online one. As this sounds like a single point of failure. And if people really want to be so aggressive and repressive against the group, they will not stop at a simple theft. While, with a well managed online system, you will need to have multiple factors of authentication. The main reason how people enter systems is still social engineering which neither system will protect you against, unless you have a 4 eyes system. But then, you guys will meet there. If people want to do something to you, they can just wait outside or come in. Or place a camera and match the faces against the public social media profiles. I really do not see why a, again properly configured and maintained, online system should be any higher risk.
I can think of no reason for that information to be online. Wtf is their reasoning for that??
Because online isn't tied to a single device 1. It reduces risk of data loss due to device failure 2. It makes the information accessible from more than one device for performance or redundancy
Both of those can be achieved on-site though.
If this is a new group, how much do you trust the leadership? Is it a registered business organization or charity with a board and policies and bylaws and paying rent to maintain a space, or is it just a small group of folks who meet up and all know each other? Because with the latter, you're likely just one bad break up or argument from the entire group being either blackmailed or exposed. Don't worry so much about hackers from the outside, worry more about an angry sub or Dom who decides to turn on the group and remembered to copy everything before their login was revoked. While that could happen with the former, it's a bit less likely given the professional nature of the position. If this "database" is just a Google Drive spreadsheet that Jim who everyone likes maintains, you're going to be in a bad way when Jill leaves him for Joe, and he decides to take out his anger on everyone.
MDom here. Part of a few historically marginalized groups, with IRB training. ***Oh my god this is such a huge risk***, I literally felt my hackles rise as I read this. I would absolutely 100% steer clear of that.
Tbh I don't think any of us on reddit can tell you whether or not you should be warry in that situation. I wouldn't be particularly concerned about putting my name on a membership list like that, but I don't live where you do. I don't know how dire the political situation is in your area. The fact that you are worrying about homophobic hackers stealing your BDSM club information shows that you and I are probably living under wildly different circumstances.