Online Porn Privacy Lacking in the US
August 19, 2019
the internet has become the standard way to answer any question,
purchase anything, and generally fill the idle corners of your day. In
that solitary dialogue between your brain and the screen, it feels like
whatever you view is yours and yours alone. But contrary to that feeling
of privacy, your internet browsing is constantly being tracked by
companies who are building an online profile of you.
This may not bother you when shopping for jeans or looking up movie
times, but what about when you’re researching sensitive medical
information, or viewing things of a private sexual nature?
A forthcoming study — authored by Annenberg School for Communication
alumni Elena Maris (Ph.D. ’18) and Timothy Libert (Ph.D. ’17) and
doctoral candidate Jennifer R. Henrichsen — analyzed over 22,000
pornography websites and found that 93% of them were sending user data
to at least one third party. Google alone was tracking users on nearly
75% of the sites studied.
To make matters worse, many sites’ privacy policies failed to mention
the presence of third party trackers, and some sites lacked privacy
The research began when Libert, now core faculty at the CyLab Security
and Privacy Institute at Carnegie Mellon University, contacted fellow
students at Annenberg about a collaboration on privacy and pornography.
Currently a postdoctoral fellow with Microsoft Research’s Social Media
Collective, Maris, who focuses on the relationships between media and
tech companies and their users, and Henrichsen, who studies the
implications of surveillance and tracking on journalists, were excited
to work with Libert, who had previously published research on online
health privacy (link is external).
“Particularly in studies of technology and the internet, both technical
and cultural sensibilities are needed to make sense of the complex
challenges of the digital age,” says Maris. “Our study is a great
example of the rich collaborative work that can emerge when people
working with different methodologies and areas of expertise come
together to think about the same problem.”
Using webXray and policyXray, software developed by Libert, the
researchers were able to identify third party trackers present on
pornography sites and extract sites’ privacy policies. The team then
analyzed the data, finding an overwhelming lack of privacy and lack of
transparency about privacy on these adult websites.
Why should we care? The researchers cite three main reasons:
First, the authors highlight the need for affirmative consent in all
types of sexual activity. Watching porn falls into this category, they
argue, and therefore, the lack of transparency around what information
is being shared with third parties is problematic.
Second, the researchers point out that while everyone should have
control over all of their personal data, certain types of information
carry more risk. According to their findings, approximately half of the
pornography sites analyzed have URLs that reveal a specific gender
and/or sexual preference, identity, or interest.
“In the U.S., you can be fired for being LGBTQ in a number of states,”
Maris says. “That alone demonstrates a severe potential consequence of a
leak that revealed someone’s history of browsing gay porn sites. And
legal ramifications may be even more serious in other international
Lastly, the authors discuss the larger implications for privacy across
the web. Maybe you don’t watch pornography, but you’re likely accessing
some kind of content online that you consider personal or sensitive.
Even if you’re using a browser with an enhanced privacy setting, like
Google Chrome’s incognito mode, you’re still susceptible to online
“People often assume that using private browsing modes protects them,”
Henrichsen says, “but that primarily limits your browsing history from
being stored on your personal computer. In reality, private browsing
modes offer little to no protection against tracking more generally. The
ecosystem for tracking is vast and ever-changing, so it is incredibly
difficult to truly avoid being tracked online.”
to the researchers, new laws are needed to remedy the situation.
Presently, websites are strongly encouraged, but not exactly required,
to have privacy policies, and the enforcement around this is hazy.
Often, when privacy policies do exist, they are written in hard to
“Our study is further proof that the current model for privacy
self-regulation in the U.S. is a failure,” says Libert. “And recent FTC
fines against internet companies are wholly insufficient to curb
objectionable behavior. Any solutions which place the burden of privacy
protection on user actions are likely to be flawed from the start.”
The authors point to the European Union’s General Data Protection
Regulation (GDPR), which has specific protections for sexual life and
orientation, as a step in the right direction for online privacy. But
they caution that the U.S. still has a long way to go to achieve