How Online Porn is the Ultimate Privacy Nightmare
Source: Gavin Phillips
Is there anything porn can’t do? Other than ruining the sexual wellbeing of multiple generations, contributing to extreme warping of body images, and now somewhat commonly used as a disturbing revenge tactic against ex-partners, you mean?
Well, it can even be used as a handy tool in the hackers’ array, and not just for the reasons you might think. Let’s take a look at where and why porn might a bigger vulnerability in your life than you think.
Pornographic Database Ransom
Most people closely guard their porn use. It isn’t something people regularly broadcast, and your viewing habits are certainly not something you’d want online in an easily itemized database. Perhaps that database would have columns listing the type of porn — teen, gay, MILF, etc. — and the number of times you’d watched a video of that nature.
Regardless of how a tool of that ilk might provide an engaging user experience, there are genuine issues with a colossal database of this type. In the UK, authorities recently banned the creation and distribution of pornography containing a number of things, all seemingly focused on a male-centric view of pornography. However, if the authorities discover we have been enjoying one of these banned forms, we’ll get a reprimand. Do it again, and we might get a fine.
There are many billions of individuals living under vastly more oppressive rule than we have in the UK. A person living in a country that wrongly penalizes homosexuality may watch some gay pornographic material. If their viewing habits were exposed, there is a potential that the individual could be sought out and punished, or worse. Not only do they live in fear of exposing their sexuality, they must closely guard any other indicators that might disclose their secret.
Possibility?
While there is a definite possibility that a hacker could in theory attack and liberate information linking pornographic search data to specific IP addresses, Cooper Quintin, staff technologist at the Electronic Frontier Foundation, believes something different would happen:
“The far more likely scenario is just that a porn company gets hacked and credit-card data is stolen. If this were the case I think that an attacker would be more likely to sell the credit-card information than release it online ‘for the lulz'”
“I think a bigger concern is data brokers using your IP address to correlate data about what porn sites you visit with tracking profiles that they already have, even when browsing in ‘incognito mode.'”
Quintin’s final point brings us nicely onto ours.
Not-So-Incognito
These days, the majority of popular adult-content sites are largely malware free. There may be occasions where things slip through the net and we know that malvertising is an extremely popular threat delivery system in 2016. Even so, your chances of picking up something really bad on YouPorn or XVideos is slim.
However, something else is afoot.
Software engineer Bret Thomas believes Online Porn Could Be The Next Big Privacy Scandal. He leads his theory with a shocking premise:
“If you are watching/viewing porn online in 2015, even in Incognito mode, you should expect that at some point your porn viewing history will be publicly released and attached to your name“
According to the Wall Street Journal, some 30 million Americans regularly watch porn. That’s quite a few. I’m sure those 30 million regular viewers do so using incognito mode to keep their search histories and consciences clear. We all love incognito mode, but even if your search and session history aren’t being stored locally for your family to find, they’re being stored elsewhere.
The internet is a tangled-web of pervasive trackers and browser fingerprinting used to build individual user profiles. These profiles follow us around the web, and provide advertisers with personalized information designed to serve better suited ads that we might actually click. At the very least, advertisers hope we head to a site of our own accord.
Thomas elaborates further on the technical considerations:
Browser footprints: Web browsers leave an essentially unique footprint every time you visit a web page, even in incognito mode (and even without supercookies). This is well established; many web tools such as Panopticlick will confirm that you give a website lots of information about your computer every time you visit.
Global identifiers: Linking your browser footprint on one website to your footprint on another website — or to a previous footprint on the same website — is straightforward. You should think of your browser footprint as a persistent global identifier, and this is particularly true if you don’t take any measures to hide your IP address (eg. a VPN). The EFF has an excellent technical overview of how this works.
User tracking: Tracking web users is super valuable, so almost every traditional website that you visit saves enough data to link your user account to your browser fingerprint, either directly or via third parties. The Economist ran an overview of user tracking in September. (Though, interestingly, there is no mention of adult websites.)
Hacking is ubiquitous: We hear about data breaches that involve tangible harm — Target, Anthem, TurboTax — but not the (likely great majority) of cases when hackers don’t want additional exposure. Or, paraphrasing the FBI director: There are two types of companies… those that know they’ve been hacked… and those that don’t know they’ve been hacked.
Third Party Requests
When you click on a link on a “regular” website, a number of things happen. The website you’re browsing receives the “first-party request” and hopefully delivers a webpage that you want to see. At the same time, you’re also sending third-party requests to the numerous advertising trackers linked to the site — think Google, Nielsen, Skimlinks etc. — so they can power their advertising with increasingly accurate links.
| }
|