Porn websites share nearly 95% of your sexual preferences data, study reveals

Why it’s important to use more than a private browser when accessing porn.

An overwhelming 93% of porn website share user data to third parties, with Google taking the biggest interest in your sexual preference, monitoring 74% of porn sites you visit, and followed by Facebook at 10% — and even in incognito mode.

Researchers from Microsoft, the University of Pennsylvania, and Carnegie Mellon University analysed 22,484 porn sites to find out just how safe your online sexual data is.

The study found that people who visit such sites may have their sexual interests inferred by third parties that also track web browsing, often without user notice or consent.

While many people use private browsing for viewing porn, this makes little difference. There is a huge misconception around private browsing, which actually only ensures history and cookies are not saved to your device.

Just like normal web browsing, the sites you visit, as well as any third-party trackers like cookies, may observe and record your online actions through network connections and other touch points, as private browsing affects only your device and does not affect where your data is sent to. This data can then be used to infer other characteristics. <link to cookies blog>

However, despite making specific reference to private browsing, it is unclear what browsers and modes were analysed in this study.

Fantasies, sexuality and gender can be identified

It’s common knowledge that companies know not only what you share with them, whether consensual or not, but also what you don’t. This is through inference, based on your original data. Online activity can be incredibly insightful at both a granular and meta level, and the story is no different when it comes to pornographic websites.

Research found 45% of URLs on the sites analysed likely reveal personal information about you, including specific genders and/or sexual preferences, genres, and acts found in the site content.

While a URL doesn’t reveal personal information in the sense of your name and contact details, the extent of the information revealed may be enough to link to online data collected via other means.

This is especially true when it comes to niche fetishes. And although there are more intelligent ways to tell someone’s gender, from behavioural profiling to trends spotting, “female friendly” categories could give data miners a nudge in the right direction.

Your data is then likely shared with Google, as half of the sites analysed use Google APIs and 49% used the company’s analytics tool. These services allow sites to keep an eye on what content you’re consuming.

We watch porn for different reasons

The great thing about porn is that it’s a massive playing field.

Previous research, cited in the new study, concludes that people watch porn for varying reasons, including: “for reconnection with my body, to get in the mood with my partner, for recognition of my sexual interests, to see things I might do, to see things I can’t do, to see things I wouldn’t do, to see things I shouldn’t do, for a laugh”.

As a result, sexual data collected online may not be relied upon. It tells companies what you’re watching, but not why. The playful nature of online sexuality allows you to explore changing interests in an external space, which removes worry of stigma during exploration.

This data is nonetheless used to build a bigger picture of you, whether by the porn site itself or a third party who has bought the data. Have you ever seen a social media advert that was so dead-on that you were convinced your phone was listening to you? Exactly. Although your tech probably isn’t actually listening to you (though this might depend on the device you’re using), it’s a sobering reminder just how good behavioural profiling is.

Those who deviate from the norm are most at risk

People with deviant or ‘abnormal’ sexual interests are more vulnerable to ‘moralistic attacks based on sexual data’, where they are blackmailed because of their sexual preferences.

Researchers paid particular attention to “precedent for such targeted abuse of women and other marginalised populations online”.

Bribery and manipulation is one thing, moral judgements can lead to devastating consequences. Same-sex relations between consenting adults are criminalised in many United Nations member states, where punishments ranging from imprisonment to death.

Those with mainstream interests but undertaking immoral acts are vulnerable too. For example, in 2015 the extra-marital site Ashley Madison suffered a prominent hack exposing personal data of its 36 million members, including names, credit card numbers, email and physical addresses as well as sexual interests of cheating spouses.

While those on the fringe are often targeted, mainstream porn sites are not threat-free. In 2017, Pornhub users were encouraged to download software by a fake advert on the site’s homepage, resulting in millions of users potentially being spied on and exploited for money.

While many popular sites allow non-members to access a library content, meaning data will not be tied to an offline name, address, and bank account, porn’s hack threat level is increasingly concerning, especially with the UK’s new porn regulations — though implementation is currently suspended — which forces viewers in the UK to enter some form of ID before watching adult content.

But we’re all consenting adults, right?

Wrong. To give active, meaningful consent, you must be able to access and understand the website’s privacy policies. But the study found that, out of the 3,856 sites analysed, only 17% had extractable privacy policies.

According to the research, major reasons for not extracting the policy of a given site are that:

  • it does not have a privacy policy,
  • the link for the policy uses uncommon phrasing,
  • the structure of the page makes it difficult to extract a policy URL (as with a modal window).

From that 17%, only 11% of third-parties found tracking users on a given page were listed in the policy, meaning your ability to learn which companies are tracking you is severely limited.

For those sites that do contain a privacy policy, consent is often assumed. While ‘silence equals acceptance’ was once the norm, the introduction of GDPR across Europe and for anyone dealing with European data has given you more protections. The move, according to the study, “matches norms for sexual consent by emphasizing consent must be affirmative and freely given”.

However, you cannot effectively manage your privacy and data sharing setting without a privacy policy in the first place, or with a half-complete list of third parties.

How to protect yourself

Restrictive privacy policies and limited transparency makes it difficult for you to really understand and consent to the practices of websites hosting adult content. This is made more problematic due to the intimate and personal nature of such sites, and the fact porn is often overlooked as a vulnerability. As a result of a high threat level, you may want to protect yourself against tracking.

If you’re signing up to sites, make sure to create passwords and usernames that are as unique as possible (get a password manager so you don’t forget them), and use alternative email addresses so that your activity is not easily traceable to one account.

While you can use tools like Privacy Badger to block tracking cookies and HTTPS Everywhere to encrypt your activity when visiting porn websites — both of which are installed in pretty much one click.

While these options are great for blocking trackers, they don’t prevent the sites you visit from grabbing your IP address, which is an identifier in itself. To mask your IP address, use a VPN.

Virtual private networks (VPNs) are used every day by businesses to enable more secure networks for mission critical data, and even slipped into mainstream use within the Netflix community as — because your computer’s true identity is hidden and replaced with another — you can access content from other countries.

***

This blog is part of a series based around online privacy and tracking. You can find more great content here. Fair Custodian is a privacy-minded startup building critical personal data management tools for both companies and consumers.)