You might want some privacy when consuming porn online, whether that’s going in incognito mode, locking the door, putting in headphones, or all of the above. And while this certainly conceals your activity from a roommate or someone who might look at your search history, researchers have demonstrated that your intimate browsing time is an open book to companies like Facebook and Google.
A study published on Monday by researchers from Microsoft Research, Carnegie Mellon University, and the University of Pennsylvania explores how online porn activity is susceptible to being tracked by third-party websites, and the sensitive and supremely personal information attached to that activity.
The researchers analyzed 22,484 porn websites in March of last year and found that 93 percent of the pages leaked user data to a third party. Of the webpages leaking data to third parties, they sent it to an average of seven external domains. The study also found that only 17 percent of the porn sites are encrypted, making user information especially vulnerable to hackers and bad actors. The researchers used webXray, a tool for identifying third-party content, as well as policyXray, a companion program that identifies privacy policies.
For those who believed incognito mode shielded their porn activity from trackers, the study is a sobering reminder that that is not the case. The dark truth is that your sexual data is still being tracked, and according to the study, it’s not just porn-specific sites interested in this data. Google tracks 74 percent of the sites, Oracle tracks 24 percent, and Facebook tracks 10 percent. They were among 230 companies and services the researchers identified as tracking their sample of porn sites. Most of the non-porn companies in the top ten that tracked the webpages were based in the U.S., according to the study, with the majority of porn-specific companies located in Europe.
The consequences for handing over data scraped from this type of activity to major corporations aren’t hard to imagine. As the researchers point out in the study, assumed sexual preferences are easily gleaned from this data, and in the wrong hands, can be used as a form of targeted harassment or exploitation. Whether or not it constitutes the “wrong hands” for Google or Facebook to possess this data for the purposes of targeted advertising is up to you.
To be clear, we don’t know exactly how these tech companies are using this type of data. Facebook, Google, and Oracle did not immediately respond, but Facebook and Google told the New York Times that the companies didn’t create targeted advertising based on this type of information collected on porn websites. “We don’t allow Google Ads on websites with adult content and we prohibit personalized advertising and advertising profiles based on a user’s sexual interests or related activities online,” a Google spokeswoman wrote in a statement to the New York Times. “Additionally, tags for our ad services are never allowed to transmit personally identifiable information to Google.” The notoriously secretive Oracle hasn’t made a public statement.
One should be able to have a strong expectation of privacy when it comes to some personal online habits. (Not to mention, one’s most personal online habits.) But as this study makes clear, it’s not apparent in any way to a user that their sexual data is being handed off to outside parties for unstated purposes. The researchers propose that these websites give users a more transparent opportunity to give or withdraw their consent when it comes to tracking this type of data.
“The fact that the mechanism for adult site tracking is so similar to, say, online retail should be a huge red flag,” Elena Maris, a postdoctoral researcher at Microsoft and the lead author of the study, told the New York Times. “This isn’t picking out a sweater and seeing it follow you across the web. This is so much more specific and deeply personal.”