“The URL is one of the basic pieces of information in all HTTP requests,” privacy researcher Tim Libert told me, “so whoever sneaks in their code [e.g., Google, Tumblr] on the page gets that by default. Purely numerical strings [e.g., ‘?id=123’] may not tell you what somebody’s particular sexual preferences are, but you know they are looking at a porn site. In contrast, really descriptive URLs can tell you exactly what somebody is into, so if it says something naughty, well, that’s not a secret anymore.”
Another important point, he said, is that incognito mode does “virtually zero to stop this tracking, and at best your address bar won’t auto-complete to something embarrassing, but advertisers and data brokers still get the information. I have no idea what, if anything, they do with it—but it’s all sitting in a database somewhere.”
This shouldn’t be all that surprising. It’s a truth about the modern internet that just about anywhere you go, you’re being tracked. Not necessarily for any malicious purposes but because web developers, including porn-site developers, have become reliant on these third-party tools, many of which are “free,” to increase the functionality and shareability of their sites. Recent research revealed that 91 percent of health sites—which are supposed to be the most private and secure on the web—are sending your medical search data to third-party corporations. Of course porn sites are doing the same: Libert ran a scan for me, and found that
The porn sites might not even be interested in saving or collecting your data at all. XVideos’ privacy policy states that “XVideos does not record its unregistered users’ IP addresses or activity,” and Libert tells me that this may be 100 percent accurate—but it is still passing said data, along with those scandalous URLs, to third parties. And again, we can’t be sure what, exactly, those third parties, from Google to AddThis to Pornvertising, are doing with that data. When asked for comment, AddThis said it “does not collect or identify any personally identifiable information from websites that utilize the company’s tools,” and its terms of service “prohibits use of its tools by adult content sites.” However, Ghostery revealed AddThis was installed on some of the web's biggest porn sites.
“From a technical perspective, it’s incredibly hard to ensure zero traceability,” Brookman told me. “After all, we are always tethered to an IP address that could potentially be identified through ISP records.
“I believe that’s how the government finds some people who view and distribute child pornography today,” Brookman added. But it’s also probably how the NSA was able to spy on Muslim men’s porn habits—the agency considered a harebrained scheme to delegitimize potential “terrorists” by outing their predilection for porn, thus, ostensibly, ruining their credibility as faithful adherents to Islam.
Not everyone is convinced that Thomas’s nightmare scenario could come to pass. Cooper Quintin, the Electronic Frontier Foundation’s staff technologist, says he thinks Thomas is conflating “the threat of data brokers tracking your browsing habits and the threat of hackers leaking information about people’s porn-site memberships. Either one of these things is certainly possible.” But he calls the notion that someone would be easily able to dump all of your porn data into the public sphere “alarmist.”
“The far more likely scenario is just that a porn company gets hacked and credit-card data is stolen. If this were the case I think that an attacker would be more likely to sell the credit-card information than release it online ‘for the lulz,’” Quentin said. “I think a bigger concern is data brokers using your IP address to correlate data about what porn sites you visit with tracking profiles that they already have, even when browsing in ‘incognito mode.’” Since brokers are vacuuming up data about your browsing habits all the time, they may be able to tell what porn you like to watch, too—and there are no laws governing what they can and can’t do with it. They could use it to improve the ads they serve on adult sites. Into leather? Perhaps you’re in the market for a new bodice.
Another important point, he said, is that incognito mode does “virtually zero to stop this tracking, and at best your address bar won’t auto-complete to something embarrassing, but advertisers and data brokers still get the information. I have no idea what, if anything, they do with it—but it’s all sitting in a database somewhere.”
This shouldn’t be all that surprising. It’s a truth about the modern internet that just about anywhere you go, you’re being tracked. Not necessarily for any malicious purposes but because web developers, including porn-site developers, have become reliant on these third-party tools, many of which are “free,” to increase the functionality and shareability of their sites. Recent research revealed that 91 percent of health sites—which are supposed to be the most private and secure on the web—are sending your medical search data to third-party corporations. Of course porn sites are doing the same: Libert ran a scan for me, and found that
The porn sites might not even be interested in saving or collecting your data at all. XVideos’ privacy policy states that “XVideos does not record its unregistered users’ IP addresses or activity,” and Libert tells me that this may be 100 percent accurate—but it is still passing said data, along with those scandalous URLs, to third parties. And again, we can’t be sure what, exactly, those third parties, from Google to AddThis to Pornvertising, are doing with that data. When asked for comment, AddThis said it “does not collect or identify any personally identifiable information from websites that utilize the company’s tools,” and its terms of service “prohibits use of its tools by adult content sites.” However, Ghostery revealed AddThis was installed on some of the web's biggest porn sites.
“From a technical perspective, it’s incredibly hard to ensure zero traceability,” Brookman told me. “After all, we are always tethered to an IP address that could potentially be identified through ISP records.
“I believe that’s how the government finds some people who view and distribute child pornography today,” Brookman added. But it’s also probably how the NSA was able to spy on Muslim men’s porn habits—the agency considered a harebrained scheme to delegitimize potential “terrorists” by outing their predilection for porn, thus, ostensibly, ruining their credibility as faithful adherents to Islam.
Not everyone is convinced that Thomas’s nightmare scenario could come to pass. Cooper Quintin, the Electronic Frontier Foundation’s staff technologist, says he thinks Thomas is conflating “the threat of data brokers tracking your browsing habits and the threat of hackers leaking information about people’s porn-site memberships. Either one of these things is certainly possible.” But he calls the notion that someone would be easily able to dump all of your porn data into the public sphere “alarmist.”
“The far more likely scenario is just that a porn company gets hacked and credit-card data is stolen. If this were the case I think that an attacker would be more likely to sell the credit-card information than release it online ‘for the lulz,’” Quentin said. “I think a bigger concern is data brokers using your IP address to correlate data about what porn sites you visit with tracking profiles that they already have, even when browsing in ‘incognito mode.’” Since brokers are vacuuming up data about your browsing habits all the time, they may be able to tell what porn you like to watch, too—and there are no laws governing what they can and can’t do with it. They could use it to improve the ads they serve on adult sites. Into leather? Perhaps you’re in the market for a new bodice.
