Switter: My six week rollercoaster ride

The last six weeks have been an intense rollercoaster ride for me.

It started from having a rough idea that became a social network in two days, which then exploded in popularity to 56,000 users in a month, received a bunch of press, and got kicked off Cloudflare… all due to a new law that is potentially more dangerous to the internet than (the lack of) Net Neutrality.

Let’s start at the beginning.

FOSTA-SESTA: Good intentions, terrible effects.

A bill called “Stop Enabling Sex Traffickers Act” (SESTA) was introduced August 2017 that would amend Section 230 of the Communications Decency Act to remove immunity from platforms knowingly assist, facilitate or support sex trafficking. It was then combined with “Fight Online Sex Trafficking Act” (FOSTA) to become “the FOSTA-SESTA package”, which passed the House in late February and was signed into law in April.

At first glance, these bills sound like they’re a good thing. Human trafficking is terrible and it should be stopped. However, Freedom Network USA (a national network of organisations working to reduce trafficking), the EFF, ACLU, and even the US’s own Department of Justice have opposed FOSTA-SESTA, citing that it actually makes it harder to fight sex trafficking, as well as putting the internet as we know it at risk by eroding Section 230.

FOSTA-SESTA could pave the way for the government to censor content on the internet, but compared to Net Neutrality, EFF’s campaign against SESTA never really made it mainstream.

Section 230 is a critical piece of Internet legislation that provides immunity from liability to providers and users of an “interactive computer service” for content that others users post. Without Section 230, any platform or service that has user-submitted content would be hard pressed to exist. No social networks, no Wikipedia, no forums.

The effects of FOSTA-SESTA have been felt across the globe, even before it passed and was signed in to law. Being able to screen potential clients online has made sex work much safer, and FOSTA-SESTA has put people’s lives in real danger.

A study published last year that looks at the effect of Craigslist’s erotic services section while it operated from 2002 to 2010 discovered some crazy statistics.

Prostitution is the most dangerous job for women in the US, with a homicide rate of over 200 per 100,000. The next most dangerous job is a liquor store employee with a rate of 4 per 100,000.

And the most terrifying one is this:

… on average, when Craigslist’s opened erotic services in a city, the female homicide rate went down 17 percent.

17 percent. That’s not the homicide rate for female sex workers. That’s the homicide rate for all women.

Reply All has a chilling episode where they interview Scott Cunningham, one of the economists behind the study.

Another study found when Rhode Island accidentally decriminalised indoor prostitution from 2003–2009, they found a 31% decline in reported rapes and a similar decline in gonorrhea cases.

Advertising platforms were not the only ones affected. Forums where sex workers share information and warn others about abusive clients are disappearing. Website hosts like Wix and Squarespace are removing content without warning, or straight up shuttering sites. Twitter and Instagram have been shadowbanning or outright banning accounts.

This is where the rollercoaster ride begins.

Switter — A sex work-friendly social network

A year ago, a couple of friends and I formed Assembly Four, a collective of sex workers and technologists, where the goal was to empower sex workers with technology. The main project was a CRM designed for sex workers. We all had full-time jobs so progress was slow.

However, in late March, we got wind through our network that there was an surge in platforms clamping down on sex workers’ content. Twitter, Instagram, Wix, Squarespace, and Google Drive were some of the platforms where content was being removed without warning, accounts being shadowbanned or closed.

I suggested setting up a sex work-friendly Mastodon instance on Monday (March 26), and by Wednesday, we were ready to announce Switter, a sex work-friendly social network.

The announcement tweet by Lola Hunt

Well, we thought we were ready. We weren’t.

I had deployed an instance of Mastodon to a VPS with 1.5GB of RAM using the quickest method possible. The idea was to see if the idea had any legs before putting more effort into infrastructure.

The announcement tweet spread like wildfire. 1700+ retweets, 700K impressions.

Two hours after the announcement, I had to schedule emergency downtime to double the CPU and RAM on the server.

Two hours after that, I had to schedule downtime again to further increase resources, which I hoped would hold overnight. I did not sleep well that night.

We had media enquiries coming in from all over the place, a rapidly-growing community, infrastructure rapidly running out of headroom, and a moderation queue where we weren’t sure what to do with, all within the first 24 hours.

The Easter long weekend gave me the time I desperately needed to figure out how to scale out Switter horizontally as we could no longer scale vertically. By Sunday, I had hacked together a version of Mastodon that could be deployed to a fleet of servers running Dokku which would also allow us to begin making changes to the codebase.

One week in, these were our stats:

… and a whole lot of stress.

We had to figure out a Code of Conduct so we form a framework on how to deal with reports and bad behaviour. We found some people to help moderate the site. We patched our instance to mark all media coming out of our instance as ‘sensitive’. We handled support emails. We dealt with spam and harassment. We figured out how to be a good instance in the Mastodon network.

We also spent a lot of time responding to press as it was important to spread awareness of FOSTA-SESTA. Compared to Net Neutrality, which has many companies and platforms fighting it, FOSTA-SESTA flew under the radar. It was important for people to see the dangers of these laws.

I woke up on Saturday (April 7) to the news of the Backpage seizure. The situation was dire.

Johanna Breyer, interim executive director and co-founder of the Saint James Infirmary, a health clinic that supports sex workers in California’s Bay Area, told me that in the weekend following FOSTA, the infirmary’s mobile van outreach saw a dramatic increase of street-based sex workers in the Mission District. Breyer estimated that there were about double or triple the usual number of workers seeking assistance.

The news came as a shock to sex workers who depended on it for their livelihood. Consenting sex workers worldwide had a major source of their livelihood taken away from them. Workers are resorting to street work, or being exploited by traffickers and pimps.

We were asked to build some kind of replacement to help people get by. Four hours later, I deployed a hacked-together a page where you could search all toots (a post in Mastodon-speak) on a particular hashtag. It wasn’t great, but it was good enough.

It would go on to have 4,500 posts and 191,000+ searches in its first week.

The amount of gratitude and support from the community has stunned me. We were positively impacting so many people so quickly. Nothing else I’ve done with my time have had so much impact.

That week, I made the decision to leave my job to work on Assembly Four full-time.

It was also that week when we got published by The Verge and Buzzfeed, which drove another surge in traffic, prompting more servers and optimisation. We were the the 6th biggest instance of the Mastodon network at this point.

I had my first burnout that weekend. It was a lot of stress and not enough rest. I had accidentally let my personal domain lapse due to dealing with Switter 24/7 and wasn’t receiving emails. Eliza and Lola had to talk me down from the proverbial freak-out tree.

Thanks to those two, I recovered just in time to deal with getting the boot from Cloudflare.

Getting kicked off Cloudflare

I woke up at about 7 AM on April 18th to a call from Eliza Sorensen telling me that we were down. Cloudflare had kicked us off without warning at around 5 AM, citing a Terms of Service violation.

We chose to use Cloudflare as our CDN because they have a history of fighting for free speech. They’re strong supporters for Net Neutrality, and brought HTTPS to the masses by providing it on their free plan.

Cloudflare did not respond to our request asking for more clarification, but they spoke to Motherboard and confirmed that they terminated our service because of FOSTA.

Now Cloudflare has confirmed to Motherboard that the company terminated service to Switter because of FOSTA, but also said it’s “a very bad law.”

The last time Cloudflare had kicked a site off their platform was a neo nazi website back in August 2017. Cloudflare even provides services to The Pirate Bay.

Think about that for a second.

“We are worried we won’t be the only casualty in the fight for sex workers’ right to have an online presence, not to mention any other community the US government deems inappropriate.”

We changed our nameservers away from Cloudflare’s and moved to another CDN. We were down for about five hours, and had to end up exposing our origin IPs as it appears Cloudflare is the only CDN provider that supports Websockets.

Our infrastructure costs doubled that day.

That evening, we did a live radio interview on RRR’s Byte Into It. Needless to say, we were bloody tired that night.

One month of Switter

Here are our stats one month in:

One month in, Switter had 56,000 users and used about 12TB of bandwidth.

DDoS Attack

Last weekend, and two and a half weeks later after being kicked off Cloudflare, we were hit by a DDoS attack.

The attack targeted our load balancer as well as two app servers, causing our provider to drop all traffic to our public IP addresses to protect their infrastructure. I brought up another load balancer on a new IP to bring us back online while I looked for a provider that had DDoS mitigation that we could afford.

I spun up a VPS on OVH which pointed back at the origin servers, and minutes after switching IP, we triggered OVH’s DDoS protection.

OVH’s DDoS mitigation graph which I still can’t understand. 220MB/s seems awfully high.

I was able to capture some of the attack and understand it in a bit more detail. It appeared to consist of Layer 7 attacks on the streaming API and an NTP amplification attack. Cloudflare documented a 400Gbps NTP amplification attack back in Feb 2014.

Even with DDoS mitigation, some of the traffic was still hitting our server, peaking at 7MB/s.

We managed to stay up during the attack, and the attack stopped about 9 hours later. I went to bed at about 3:30 AM that night.


What’s next?

At the time of writing, Switter has 72,923 users and averages 420GB of traffic per day.

Our immediate goal is to make Switter sustainable. This means staying online, understanding the legalities, as well as finding ethical ways to generate revenue to cover running costs.

Assembly Four’s long term goal is to increase safety and well-being for sex workers globally. Sex work is real work and it’s someone’s own right to do what they want with their own body.

We’re extremely thankful for the support both from the community and from our networks. You know who you are!

If you’d like to support our work, please donate to our LiberaPay.

– chendo / J, cofounder of Assembly Four / Switter.

Recommended reading/listening