You’ve probably heard of OnlyFans, or maybe even used it. Launched in 2016, this subscription service for content creators gained momentum during the pandemic and now boasts a user base of more than 170 million people, of whom 2.1 million are registered content creators.
While OnlyFans hosts all types of content, it has mostly been linked to material containing images of sexual content or violence (NSFW – Not Safe For Work).
When it comes to online privacy and security, this alone is enough to significantly increase your risk. One such example is the data breach from the Ashley Madison dating website in 2015, which still haunts many victims years later, say experts at global digital security firm ESET.
Many content producers have already raised concerns about content leaks, accounts being hacked, the posting of revenge porn, and even theft of content that subscribers download and then redistribute, often for a fee, to other social networks and message sharing platforms.
It goes without saying that if content creators are at risk, so are subscribers, the ESET team warns. As a result, ensuring the security and privacy of those who work in this industry, and their fans, requires the utmost care and attention. That’s why it’s vital that users be careful when sharing personal information online and be on the lookout for stalkers, scammers, and other malicious people.
What to keep in mind
Each OnlyFans creator offers their own subscription plan in exchange for users’ access to their exclusive content. Some even allow users to sign up for free. But there’s a catch: Whether you sign up for a subscription or a free plan, the site requires you to enter your payment card details. At this point, the most difficult part of the registration process is over.
Please note that OnlyFans does not have an app, neither on Android nor on iOS. You can only access it through a web browser like Chrome or Safari.
While most Pages have a monthly subscription, Free OnlyFans Pages can build a large audience and creators can make a lot of money by adding special subscription-only content that many users are willing to pay for.
As of late 2021, it was reported that former OnlyFans employees still had access to the personal information of both creators and subscribers who requested technical assistance. What information might be available to these employees?
In its Privacy Policy, OnlyFans is very clear: while the app does not receive the user’s full payment card details, “if you are required to provide your name and email address to the payment provider, then the payment provider will too.” gives us this information.”
Additionally, for the verification process to run, creators must provide their social media profile information and may be required to make public posts related to their new account. Fans may also be asked to provide additional personal information, depending on their location.
So how can you stay safe on OnlyFans?
content creators
OnlyFans creators will need to provide their real bank details, name and identity, not only for the verification process, but also to receive payment. So you can’t be completely anonymous, but you can try to keep some anonymity on your profile by using secondary social media accounts that aren’t linked to any of your close contacts. You can also choose to hide your face and avoid showing your location on the website.
It is also recommended that you use a disposable email address to create your account in case there is a personal data breach on OnlyFans. Similarly, you can also use single-use payment cards for online payments.
Be aware, however, that a malicious attacker could attempt to compromise your OnlyFans account through clever social engineering techniques or even cyberbullying, tricking users into simply handing over their passwords and other login details.
Therefore, it is vital that you exercise caution when giving out private information in any communication.
If a malicious actor were able to gain unauthorized access to a creator’s account, they could perform a variety of malicious activities, including:
- View subscription-based content posted by the account owner
- Change the password of the account owner and block him from his own account
- Post new content to the account.
- Delete account content
- Change account settings
- Add new bank details to withdraw money
- View the account owner’s personal information (such as their name, email address, and payment information)
- Using the account to send messages to other OnlyFans users
Content creators and subscribers.
Whether you’re a content creator or a subscriber, there are some simple but effective steps you can take to protect your account and keep yourself out of harm’s way. Most importantly, you must:
- use a strong and unique password
- enable two-factor authentication (2FA)
be careful when clicking on links or downloading attachments from unknown sources, and beware of voice phishing (or vishing) tactics which are also often used to steal user accounts.
Two-factor authentication is an additional layer of security designed to protect online accounts from unauthorized access and is offered on all OnlyFans accounts. Requires entering a code sent to a phone or generated by an authenticator app, in addition to the account password, before account access is granted.
This makes it much more difficult for attackers to gain access to an account, even if they have the password.
However, in case you forget your password, the way to recover it is by requesting a code in your email. Therefore, an attacker with access to your email account could gain access to the password recovery email and then take over your account.
It’s important to note that while OnlyFans prevents image theft from Android device accounts (i.e. by not allowing screenshots on those devices), this sadly doesn’t apply to Apple’s iOS, which still allows screenshots. screen, like the ones shown below.
4. Finally, report any suspicious activity
There is always a risk of harassment, sextortion and doxing (the term comes from “docs”, short for “documents” and refers to files leaked online containing a victim’s personal information) when sharing personal information on the Internet and the risk it’s especially high when using a platform like OnlyFans.
Both its creators and its fans must do their duty by reporting any strange activity or any suspicious event. Sites like PimEyes, which use powerful facial recognition software, make it very easy for stalkers to find information about content creators, so it’s vital that you only show your face if you know the risks.
OnlyFans allows you to block or limit a profile. While blocking will completely prevent a specific profile from seeing yours, blocking will only prevent that profile from sending private messages or replying to posts.
Finally, if you see harmful content or if you suspect that a particular video or photo has been stolen or posted without the consent of one or more of the people involved, you can also report a user.
Is OnlyFans safe?
The fact that so many people use OnlyFans to monetize crafty content greatly increases the risk, and not just for content creators. Therefore, it’s important to know what you may be getting yourself into and how to protect yourself from the privacy and security risks this could entail, say ESET experts.
In fact, as with many other social networking platforms and online services, the key to staying safe is to stay aware of threats, manage security and privacy settings on your accounts, and apply basic cyber health principles to minimize risks.