Skip to main content

How Porn Sites Are Spying And Selling Your Private Data

N

Nyakundi Report

Newsroom 2 min read

This archive report was first published on 17 August 2019.

On August 17, 2019, a research team from Microsoft, Carnegie Mellon University, and the University of Pennsylvania published a study on the data-mining practices of adult websites.

The researchers analyzed 22,484 adult websites, finding that 93% of them leaked user data to online advertisers and web analytics providers. The list of companies involved includes Google, Oracle, Facebook, Cloudflare, and several advertisers active in the adult industry.

The researchers used the Alexa Top 1 Million list to identify the websites, scanning for those that used the term 'porn' in their title or metadata. They then analyzed the source code of the selected websites, looking for the presence of a privacy policy and wording that may indicate data sharing with third parties.

According to the researchers, only 11% of third-parties tracking users on adult web pages were listed in a site's privacy policy, indicating that many users are being tracked and their data stored without disclosure.

Per the research, Google-related scripts were found on 74% of the adult sites, followed by exoClick (40%), Oracle (24%), JuicyAds (11%), and Facebook (10%). The researchers noted that the majority of non-pornography companies in the top ten are based in the U.S., while the majority of pornography-specific companies are based in Europe.

The researchers also found that almost 45% of adult sites used URL structures that exposed users' sexual preferences, making it difficult for users to keep their viewing habits private.

As one of the researchers noted, 'Our results indicate tracking is endemic on pornography websites. 93% of pages leak user data to a third-party; the pages that leak data do so to an average of seven domains; 79% have a third-party cookie (often used for tracking); of the pages with cookies, there is an average of nine cookies; and only 17% of sites are encrypted, allowing network adversaries to potentially intercept login and password details.'

Be the first to react

Support

Support this reporting

M-Pesa support recorded against this story.

Send support →

Stay close

Get the briefing

Major updates by email. No spam.

Get email brief →

Share

Save share card

Download a clean portrait card for sharing.

Save image →