������ý

More than 90 per cent of pornography sites leak data on people browsing them to third party companies, including Google and Facebook.

Elena Maris at Microsoft Research and her colleagues analysed 22,500 pornography sites around the world found that tracking of users was “endemic” and posed “wide-scale privacy and security risks”. Tracking by advertising companies and other firms is widespread on many websites, but the team warn that the addresses of pornography sites could reveal uniquely compromising information about a user’s sexual preferences to companies without consent.

“The consequences of just the URLs you’ve visited being revealed without your consent could be dire,” says Maris. “Imagine the consequences for, perhaps, a conservative religious leader who regularly views gay porn having these interests revealed to his community.”

Almost 45 per cent of the addresses gave an idea of the site’s content, sexual orientation and preferences, the team found after analysing the URLs for 378 of the total 22,484 sites.

Pornography site pages on average leaked data to seven different domains, and in total 230 different companies and services. Most of those companies were non-pornography specific ones. Google tracked 74 per cent of sites, US tech giant Oracle 24 per cent and Facebook 10 per cent. The top pornography-specific tracker was Exoclick, which tracked people on 40 per cent of sites.

Less than a fifth of the sites had privacy policies that the team could extract. Of those with a policy, they listed only a tenth of the third parties tracking people, which the researchers say means users have no way to learn which firms have “troves of data” on their pornography use. “The big take home is tech companies know they are collecting this data and are responsible for gaining user consent,” says Tim Libert of Carnegie Mellon University.

As well as unwittingly sharing data with third parties, people browsing pornography risk their personal data being exposed because of poor security on the sites – only 17 per cent of the sites were encrypted, raising the possibility of log-in and password details being intercepted.

“Incognito” or “private” browsing is no defence against the tracking, though tracking-blocking plugins can help to a degree, the researchers say. “I would like the public to more clearly realize the extent to which their activities are tracked online and the implications this tracking has for safety, security and privacy,” says Jennifer Henrichsen of the University of Pennsylvania. The burden should be on regulators and societies to tackle wide-spread tracking, not individuals, she says.

Reference: arXiv,