Elena Maris of Microsoft Research, Timothy Libert Carnegie Mellon University, and Jennifer Henrichsen University of Pennsylvania have penned a study examining tracking technologies from the likes of Google and Facebook that are incorporated into
re world's porn websites. They write:
This paper explores tracking and privacy risks on pornography websites. Our analysis of 22,484 pornography websites indicated that 93% leak user data to a third party. Tracking on these sites is highly concentrated by a handful of major
companies, which we identify [Google and Facebook].
Our content analysis of the sample's domains indicated 44.97% of them expose or suggest a specific gender/sexual identity or interest likely to be linked to the user. We identify three core implications of the quantitative results:
1) the unique/elevated risks of porn data leakage versus other types of data,
2) the particular risks/impact for vulnerable populations, and
3) the complications of providing consent for porn site users and the need for affirmative consent in these online sexual interactions
The authors describe the problem:
will protect his personal information, Jack clicks on a video. What Jack does not know is that incognito mode only ensures his browsing history is not stored on his computer. The sites he visits, as well as any third-party trackers, may observe
and record his online actions. These third-parties may even infer Jack's sexual interests from the URLs of the sites he accesses. They might also use what they have decided about these interests for marketing or building a consumer profile. They
may even sell the data. Jack has no idea these third-party data transfers are occurring as he browses videos.
The Authors are a bit PC and seem obsessed about trying to relate cookie consent with sexual consent but finally cnclude:
Through our results and connections to past porn site privacy and security breaches and controversies, we demonstrate that the singularity of porn data and the characteristics of typical porn websites' lax security measures mean this leakiness
poses a unique and elevated threat. We have argued everyone is at risk when such data is accessible without users' consent, and thus can potentially be leveraged against them by malicious agents acting on moralistic claims of normative gender or
sexuality. These risks are heightened for vulnerable populations whose porn usage might be classified as non-normative or contrary to their public life.
The authors seemed to think the porn sites are somehow ethical and should be doing the 'right' thing. But in reality they are just trying to make money like everyone else and as they say, if the product is free the your data is the
payment. But as the report points out, that price may be a prove a little higher than expected.
AVN notes that Google responded to the claims in a rather obtuse way. Google on Thursday attempted to deny the study's findings, as quoted by The Daily Mail newspaper.
We don't allow Google Ads on websites with adult content and we prohibit personalized advertising and advertising profiles based on a user's sexual interests or related activities online, the company said. Additionally, tags for our ad services
are never allowed to transmit personally identifiable information.
The study, however, did not allege that Google had placed actual advertisements from its GoogleAds network on porn sites, and in its elliptical statement, Google did not specifically deny that its tracking code is embedded on thousands of adult
Chrome's Incognito Mode is based on the principle that you should have the choice to browse the web privately. At the end of July, Chrome will remedy a loophole that has allowed sites to detect people who are browsing in Incognito Mode.
People choose to browse the web privately for many reasons. Some wish to protect their privacy on shared or borrowed devices, or to exclude certain activities from their browsing histories. In situations such as political oppression or domestic
abuse, people may have important safety reasons for concealing their web activity and their use of private browsing features.
We want you to be able to access the web privately, with the assurance that your choice to do so is private as well.
Google also noted a useful bit of info on evading article count restrictions imposed by some publishers with metered access policies
Today, some sites use an unintended loophole to detect when people are browsing in Incognito Mode. Chrome's FileSystem API is disabled in Incognito Mode to avoid leaving traces of activity on someone's device. Sites can check for the
availability of the FileSystem API and, if they receive an error message, determine that a private session is occurring and give the user a different [more restricted] experience.
With the release of Chrome 76 scheduled for July 30, the behavior of the FileSystem API will be modified to remedy this method of Incognito Mode detection.
The change will affect sites that use the FileSystem API to intercept Incognito Mode sessions and require people to log in or switch to normal browsing mode, on the assumption that these individuals are attempting to circumvent metered paywalls.
Unlike hard paywalls or registration walls, which require people to log in to view any content, meters offer a number of free articles before you must log in. This model is inherently porous, as it relies on a site's ability to track the number
of free articles someone has viewed, typically using cookies. Private browsing modes are one of several tactics people use to manage their cookies and thereby reset the meter count.