Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Announcements (Altcoins)
Re: [ANN] Pink: Escort startup Series A share sale
by
deeltje
on 20/10/2017, 19:58:11 UTC
Quote from: bradpink on October 19, 2017, 10:10:49 PM
Quote from: Zeatorius on October 19, 2017, 08:17:32 PM
Please provide an answer to how you'd protect the service providers, last thing we want is blood-coin on our hands

(bad pun i know)

Provider safety is top of our list. Our VP of Product and Development, Sarah (Twitter @SarahPinkApp) is an active sex worker and has helped a great deal in designing our policies. We enable easier screening for providers, so that more clients will screen. This is big for business, but also increases the average level of security. Providers are constantly harassed by clients that don't understand the need for or don't want to go through the process of screening. They don't understand the risk providers face. Here are two articles Sarah wrote about the difficulties of escorting and how Pink helps:
https://medium.com/@PinkApp/challenges-in-the-business-of-pleasure-d22e9ec03b75
https://medium.com/@PinkApp/providers-for-pink-cd37087eda7a

Pink acts as a clearinghouse. Providers can either trust us to screen, or allow us to pass through client info directly so they can be screen the client themselves. All this will just be one click for clients. And our ultra security setup makes clients more likely to trust us. Not to say anything bad about good agencies, but our data security policies are a lot stronger than most companies can even do, let alone afford. Read about our setup here: https://medium.com/@PinkApp/pink-app-trading-latency-for-anonymity-and-other-techniques-815ee21c6da4 TL;DR:

  • Database is stored 2 Tor hidden services deep.
  • HS uses authenticated mode, so the .onion is not published in the HSDir. No one can stumble on it or access it without the auth cookie.
  • All systems are RAM-based, no disks. Encrypted backups are streamed and can be restored quickly in case of failure.
  • App and DB servers are physical hardware, not virtual or cloud. Combined with no HDD, no one can image our systems, even if they did manage to find the servers.
  • DB access is gated per user, rate limited. SQL injection and attacks like that are not possible, even with an app layer compromise.
  • Servers do not have Internet connectivity. For DB, only connectivity is inbound hidden service traffic. So even with exploit, data exfil is incredibly difficult.
  • Clear net proxy (www.pinkapp.io) is TCP->Tor proxy only. SSL keys are only on the app servers. Even if someone monitors or controls the gateway, all they get is IP addresses, no content.

We will have third party security audits and publish the results. There will not be a better place to ever have your information.

That's interesting you have an escort on staff. What's an example of a policy directly influenced by having someone with her experience there that you wouldn't have otherwise thought of?