
Tracking Sex: Implications of widespread data leakage and tracking on porn sites - interweb
https://arxiv.org/abs/1907.06520
======
rv-de
Maybe a good moment to commemorate the infamous RedTubeGate from 2013 in
Germany:

A couple lawyers and fishy business men launch an ad campaign on RedTube.
Through that advertisement they collected IP addresses of visitors.

Before launching that campaign they allegedly bought the rights for three
cheap porn flicks.

Now they also claim that they have some miraculous software which allows them
to track who has been watching those flicks on RedTube. They even get a
totally unclear blueprint for that software officially certified by a
surveyor. [4]

Then they appeal to a court in Cologne for the real world addresses
corresponding to the IP addresses arguing they can prove those poor schmocks
watched their illegally uploaded crap flicks.

Suddenly thousands of people receive letters threatening legal action if they
do not agree on paying a fee of 250 Euro. Many people comply out of fear for
their reputation and just pay.

1: [https://web.archive.org/web/20140822000304/http://www.wbs-
la...](https://web.archive.org/web/20140822000304/http://www.wbs-
law.de/eng/streaming/redtube-wave-streaming-warning-letters-hits-
germany-49182/)

2: [https://www.joyofdata.de/blog/tool-visualization-
connections...](https://www.joyofdata.de/blog/tool-visualization-connections-
agents-entities-for-redtubegate/)

3:
[https://web.archive.org/web/20140911214044/http://www.cracka...](https://web.archive.org/web/20140911214044/http://www.crackajack.de/2013/12/13/pornostreamingabmahnungsupdate-3-the-
distributed-digital-porn-heist/)

4: [https://www.abmahnhelfer.de/wp-
content/uploads/2013/12/EV.pd...](https://www.abmahnhelfer.de/wp-
content/uploads/2013/12/EV.pdf)

(many of the original sources have been deleted and are only available through
archive.org)

~~~
mirimir
I can't imagine visiting port sites without using at least a VPN. And without
using an ~anonymous persona, and ~anonymous payment methods. And full-disk
encryption. And as I recall, I never did.

But people obviously do. And get nailed by stuff like RedTubeGate, and the
Ashley Madison leak. It's mind-boggling.

Edit: OK, so I get the "I love my porn, and you closed-minded idiots can just
sod off". That's easy to say, when you live somewhere that porn is legal and
~accepted. But many who read HN aren't in such places. And they may not
realize just how much they're not in such places. Until the come to a
prosecutor's attention, and they're screwed.

~~~
Swizec
I watch porn. Like everybody else on the planet.

Why hide something so mundane? It’s like pretending you don’t poop. We all
know you poop. You’re human.

Reminds me of a failed study I read about. Researchers wanted to look into the
effects of porn and couldn’t find a big enough control group. There simply
aren’t enough people who don’t watch porn to make the study viable.

PS: in terms of malware it’s religious sites you gotta worry about.
[https://www.pcworld.com/article/254694/religious_sites_carry...](https://www.pcworld.com/article/254694/religious_sites_carry_more_malware_than_porn_sites_security_firm_reports.html)

~~~
NeedMoreTea
I bet you close the bathroom or stall door when you poop though.

They're both something many/most people don't like to advertise. Maybe they'd
be even less happy to have details of either habit known. You might think
that's silly, but it's far from unusual, it's the norm.

~~~
isostatic
> I bet you close the bathroom or stall door when you poop though.

Many public restrooms in the U.S. barely have a door, and if they do it is so
high off the ground and so short it barely offers any privacy at all

~~~
ctrl-j
And in restrooms like that, I rarely poop. Only if necessary.

I'm pretty sure the lack of privacy in US public restrooms stems from illicit
use and loss prevention. Not a cultural norm of acceptance of pooping.

~~~
Fnoord
Why not? Are you so ashamed your your body? The worst thing I can imagine is
something involving cameras. But that would be probably prosecutable.

------
pessimizer
Mindgeek runs all of the biggest porn sites, and also runs its own ad network.
Since the biggest of those sites are their "tube" sites, they run into the
same issues as youtube when it comes to tracking individual tastes. Since the
product is porn, which is very easily classifiable with a list of the physical
features of actors (with maybe a few behavioral distinctions), the actors in
the video, how they are matched ("how" doing a lot of heavy lifting here) and
possibly director, producer, and age of content, it would be easy for them to
have a very specific dossier on all users. Moreover, it would be financially
beneficial, because it'd be easy to maximize engagement with that stuff and a
past record of engagement time, and that information would also aid
conversions to their other paysite products (of which there are many.) The
fact that they run so many paysites probably means they can associate specific
sexual tastes (and schedules) with _a credit card number._

Mindgeek have also shown themselves to be extremely savvy technologists, so
this stuff is probably already being done. If it's your own ad network, is it
really a third party, though? The plethora of domains does give the user the
impression that they're leaving one business and moving to another, when it's
really more akin to switching rooms.

example of unexpected situation: I used a credit card to join
vanillanormalromance.com, but I watch weird stuff on redtube.

\-----

edit: for some reason it didn't occur to me, but there would clearly be an
interest to sell these categories to other porn sites, facebook-style,
generating even more info from people _not_ on Mindgeek sites.

I feel like I remember a few Mindgeek/Manwin devs being good HN posters.

~~~
jedberg
I’ve met their head of data science. They’re doing all that stuff and have
been for many years.

Porn has always been leaders in technology. They were the first to embrace
home video and can arguably be credited for VHS winning over BetaMax despite
being inferior, because it was cheaper and all the porn was VHS only.

~~~
gist
> Porn has always been leaders in technology.

This is typically repeated but I question if there is actual proof of it
rather than one of those '8 glasses of water a day' which just keeps getting
passed along or some kind of plausible and believable anecdote.

~~~
ergothus
I don't know about formal studies, but I've read many an article (insert
appropriate "reading for the articles" joke here) talking about how demand for
porn influenced early adoption of most new forms of media:

printing, broadsheets, photos, different forms of film, and definitely
computer video. (Here in Seattle I recall reading about some form of early
adult film that shows up notably in local laws...some form of -scope, though I
don't recall the name)

DVD-HD vs blu-ray? Adult industry influence was not small. When HD rolled
around, the adult industries had notable influence. Where did the makeup
techniques for dealing with such high def come from? Porn.

I think the comparison to the "8 glasses of water" standard might be off
because unlike that, here no one is claiming a precise measurement, merely an
observation of trends.

~~~
Phlarp
VHS and Betamax was maybe influenced by the adult industry (although sports
seems to have mattered as well)

Parroting the same about HD/Blu-ray is kind of hilarious though. Porn was deep
into the streaming game long before blu-ray hit the scene.

~~~
ergothus
> long before blu-ray hit the scene

When the dust settled, perhaps, but I recall when the issue first came up in
2000 and just about every discussion argued technical merits...and where the
porn industry was looking. Anecdotal data, but in 2000 streaming wasn't viable
for the majority of users (and still remains not viable for a lot) so that's
no reason to discount the impact in that arena.

------
johnedwards
Some friends noted that this had been up on HN for three hours with no
comments. So I decided to read the paper and note some highlights.

> What Jack does not know is that incognito mode only ensures his browsing
> history is not stored on his computer. e sites he visits, as well as any
> third-party trackers, may observe and record his online actions.

> ‘30% of all the data transferred across the internet is porn,’ with site
> YouPorn using six times more bandwidth than Hulu (Kleinman, 2017)

> Herein, we take such a ‘sex positive’ view of porn and access to online
> pornography. While acknowledging the many racist, misogynistic,
> heteronormative and other problematic histories and themes in pornography
> and its production, distribution and consumption, our work recognizes the
> ubiquity and permanence of porn and its many uses and social functions, and
> the danger of societal, state, and institutional narratives that might work
> to discipline gender and sex.

> To identify third-parties found on a given website we used the webXray
> software platform. webXray 'is a tool for analyzing thirdparty content on
> web pages and identifying the companies which collect user data’ (webXray,
> 2018)

> We used four coders from diverse backgrounds: one primary researcher and
> three volunteers. Three coders were women (one identifed her sexuality as
> fluid; the others as queer), and one was a heterosexual man.

> Coders were instructed to code Presence for: ‘Any word or phrase that
> indicates or suggests the porn content will feature a specifc gender or
> sexual identity, orientation, or preference,’ and/or ‘Any word or phrase
> that indicates or suggests the porn content will feature a specifc sexual
> focus, body part or type, identity or character (like race, nationality,
> ethnicity, religion, profession), act, fetish, interest, porn genre, porn
> trope, etc.

>Our March 2018 analysis successfully examined 22,484 sites drawn from the
Alexa list of one million most popular websites where the URL, page title, or
page description includes ‘porn.’ We found third-party tracking is widespread,
privacy policies are difficult to understand and do not disclose such
tracking, and third-parties may often be able to infer specifc sexual
interests based solely on a site URL.

> We identified 230 different companies and services tracking users in our
> sample. Such tracking is highly concentrated by a handful of major
> companies, some of which are pornography-specifc. Of non-pornography-specifc
> services, Google tracks 74% of sites, Oracle 24%, Facebook 10%, Cloudflare
> and Yadro 7%, and New Relic and Lotame 6%. Porn-specific trackers in the top
> ten are exoClick (40%), JuicyAds (11%), and EroAdvertising (9%).

> Based on a random sample, 44.97%of porn site URLs expose or strongly suggest
> the site content includes or targets one or more specific gender or sexual:
> identities or orientations, and/or topic(s) of interest/focus.

> We contend that the tracking of online porn consumption represents an even
> riskier violation of privacy, in line with Citron’s (2019:1870,1881)
> argument that: "Sexual privacy sits at the apex of privacy values because of
> its importance to sexual agency, intimacy, and equality. We are free only
> insofar as we can manage the boundaries around our bodies and intimate
> activities… It therefore deserves recognition and protection, in the same
> way that health privacy, financial privacy, communications privacy,
> children’s privacy, educational privacy, and intellectual privacy do."

> For example, same-sex relations between consenting adults are criminalized
> in 70 United Nations member states, with punishments ranging from
> imprisonment to death (Fox et al., 2019). Thee consequences of sexual
> privacy violations in such contexts would clearly be severe. Even in
> societies with less regulation around sex, breaches of sexual privacy often
> have bodily stakes

> Porn website privacy policies are long, dense, difficult to understand, and
> only 11% of the third-parties observed tracking users on a given page are
> listed in the policy, leaving users ignorant of which organizations may be
> assembling catalogues of their perceived sexual interests

Edit: I have been adding to this comment as I read the study. I do have other
things to do today.

~~~
anaphor
The paper is wrong when it says incognito mode only ensures your browser
history is not stored. It also ensures that any session cookies are not shared
between private mode / regular mode.

Obviously that doesn't rule out other browser fingerprinting methods of course
(see panopticlick, evercookies, etc)

Edit: It seems like they are saying you can be tracked _within_ incognito mode
sessions? That seems pretty obvious. I don't understand why this is
surprising.

Isn't the whole risk here that you could have your porn browsing habits tied
to your "real" identity? (i.e. your facebook/google/twitter identities). It
doesn't really bother me that Google is aggregating porn browsing habits if
they can't tie that to my real identity.

~~~
FabHK
> between private mode / regular mode

Or within private mode. (I use private mode by default, and anytime I open a
new tab, I need to log into HN again).

~~~
novaRom
In Firefox on desktop you can use a container just for HN, another for Reddit,
etc.

------
octosphere
> _This paper explores tracking and privacy risks on pornography websites. Our
> analysis of 22,484 pornography websites indicated that 93% leak user data to
> a third party. Tracking on these sites is highly concentrated by a handful
> of major companies, which we identify. We successfully extracted privacy
> policies for 3,856 sites, 17% of the total. The policies were written such
> that one might need a two-year college education to understand them. Our
> content analysis of the sample 's domains indicated 44.97% of them expose or
> suggest a specific gender/sexual identity or interest likely to be linked to
> the user. We identify three core implications of the quantitative results:
> 1) the unique/elevated risks of porn data leakage versus other types of
> data, 2) the particular risks/impact for vulnerable populations, and 3) the
> complications of providing consent for porn site users and the need for
> affirmative consent in these online sexual interactions._

------
meruru
The hentai sites I tend to use are pretty good in this regard I think. Most of
them even work with no JS. E.g.
[https://danbooru.donmai.us](https://danbooru.donmai.us)
[https://e-hentai.org](https://e-hentai.org)

Edit: I tried visiting them without adblock and I'm actually surprised they
didn't even have ads.

~~~
posix_compliant
In case it wasn't already abundantly clear, all of these links are not safe
for work.

~~~
meruru
Ah, yes. Hentai means cartoon pornography.

------
bfirsh
Here's an HTML version if you're on a phone: [https://www.arxiv-
vanity.com/papers/1907.06520/](https://www.arxiv-
vanity.com/papers/1907.06520/)

------
bitxbitxbitcoin
Looks like everyone - vulnerable population or not - should be using VPN when
viewing pornographic content.[1]

[1] [https://www.privateinternetaccess.com/blog/2019/07/why-
you-n...](https://www.privateinternetaccess.com/blog/2019/07/why-you-need-to-
use-a-vpn-to-stop-google-and-facebook-from-tracking-your-porn-habits/)

~~~
toyg
VPN protection from site-level tracking is basically nonexistent. Browser
fingerprinting is widespread and bypasses anything a VPN might offer. VPN is
effective against network-level issues, not against browser-based tracking -
it's a different level in the stack.

~~~
ryacko
Virtual machines have the same virtualized graphics drivers, if everyone used
virtual machines for browsing and deleted cookies and cache, web tracking
would be restrict to IP-based.

~~~
toyg
There are still several bits of data, like plugin support, touch support,
platform, language, screen size, and timezone, that have to be actively
manipulated if you want to reduce the likelihood of unique tracking.

~~~
jimijazz
are there any browsers that obscure these properties to sites?

~~~
BlackListed
The TOR browser if probably your best bet for this, even if you don't use TOR
to browse.

~~~
ryacko
Yes, but it is trivial to distinguish usage of Tor browser as commonly
distributed and Tor browser in TAILS, by default one comes with an additional
plug-in.

------
tdy721
I always liked how thepiratebay.org seemed to make that tracking really
transparent. Visit that site on a machine and observe the advertising. It’s
not the deep shadow fingerprint we evolved into. But it’s something that has
informed me over the years.

Just visited on my mobile and didn’t get the same effect. It was different
back in the day.

------
wruza
At least it serves its main goal. Youtube is far behind with their stupid
suggestions than any major porn aggregator.

~~~
scanny
To be fair, Youtubes content is significantly more diverse and harder to
classify than what these aggregators deal with.

------
300IQGAMER
I assume most people won’t sign up with their work or personal email or
otherwise put revealing info on a porn site, so is this really an issue?

~~~
ComputerGuru
Assume again. It’s probably safe to assume (I know, right?) people are more
cautious with websites used to arrange cheating for married individuals than
with the typical porn site, and yet as the Ashley Madison disaster revealed,
people are just plain stupid when it comes to online privacy.

------
300IQGAMER
I doubt people use personal email or put other revealing info on those sites
anyway. Would this be an issue if you didn’t?

~~~
svachalek
If you've ever put that kind of information anywhere on the internet using the
same browser, it's best to assume they can connect you. From browser
fingerprinting to IP logging to security exploits, they'll find a way. You can
definitely make it more difficult for them but without going all the way to
TOR or something like it, it's best not to assume you have any secrets.

------
homakov
What does porn have to do with sex though?

------
kingkawn
I've assumed (without evidence, only deduction) since the 90s that every
pornographic thing anyone has ever looked at has been recorded for future
blackmail use against social rebellions.

~~~
friedegg
You reach a point where if nearly everyone is blackmail-able for the same
thing, that it stops becoming effective. If everyone is cheating on their
spouse, then who is anyone to judge?

~~~
philwelch
There's still an information asymmetry that's powerful. If everyone knows that
everyone is cheating on their spouse, it's ineffective. If the Stasi knows
that everyone is cheating on their spouse, and isn't stupid enough to share
quite all of that information with everyone, it's another story.

And with porn it's so multifaceted. Everybody breaches some taboo or other,
but they're all different taboos. Not to mention that every social taboo
immediately gets sexualized.

If the conspiracy theory was true though, they would have never let Tumblr go
down. Tumblr was the mecca of weird, fringe, taboo porn. And they could even
take down the people who _made_ it.

~~~
DonHopkins
These days, cheating on your spouse with a porn star right after she gave
birth to your child is considered presidential.

------
jstewartmobile
Between Stormy Daniels, " _grab 'em by the p_", and Epstein's community
service for pedophilia, perhaps we are living in a post-blackmail era?

NXVIM, pizzagate, Weinstein, Epstein, the Catholic Church--all I see now are
echoes of Elizabeth Bathory and feudalism.

------
thanatropism
Possibly relevant:

[https://en.m.wikipedia.org/wiki/Profumo_affair](https://en.m.wikipedia.org/wiki/Profumo_affair)

~~~
_-___________-_
how is that in any way related to the article?

