Maybe a good moment to commemorate the infamous RedTubeGate from 2013 in Germany:
A couple lawyers and fishy business men launch an ad campaign on RedTube. Through that advertisement they collected IP addresses of visitors.
Before launching that campaign they allegedly bought the rights for three cheap porn flicks.
Now they also claim that they have some miraculous software which allows them to track who has been watching those flicks on RedTube. They even get a totally unclear blueprint for that software officially certified by a surveyor. [4]
Then they appeal to a court in Cologne for the real world addresses corresponding to the IP addresses arguing they can prove those poor schmocks watched their illegally uploaded crap flicks.
Suddenly thousands of people receive letters threatening legal action if they do not agree on paying a fee of 250 Euro. Many people comply out of fear for their reputation and just pay.
Reminds me of a 1990s scam, can't remember if I saw that in a movie or if it did really happen. Some dodgy magazine advertisement for porn videos or something. Customers orders, write a check to a totally innocuous company name. Then the company claims they ran out of stock and issue a refund check, with a "porn xxx sexshop" company name, and of course no customer wants to present that check to their bank or having that name appearing on their bank statement.
The scheme is found at an earlier date in a novel by Jerzy Kosinski. I believe it's in his book called "Steps" (1968), however I forget exactly which work it's in.
The scam seems to be well known. I presume it happened sometime.
Funnily enough I was talking to the cashier at a sex shop the other day about what it shows up as on my bank statements. I personally don't care, but was curious.
Turns out it just shows up as the name of the shop, they don't bother to try and hide it these days. Pretty sure strip clubs still show up with innocuous names though, but it's been over half a decade since I've been inside one.
The difference is that bittorrent is uploading content. People are getting sued left and right for Bittorrent cases in germany but for streaming, that was a new one.
I can't imagine visiting port sites without using at least a VPN. And without using an ~anonymous persona, and ~anonymous payment methods. And full-disk encryption. And as I recall, I never did.
But people obviously do. And get nailed by stuff like RedTubeGate, and the Ashley Madison leak. It's mind-boggling.
Edit: OK, so I get the "I love my porn, and you closed-minded idiots can just sod off". That's easy to say, when you live somewhere that porn is legal and ~accepted. But many who read HN aren't in such places. And they may not realize just how much they're not in such places. Until the come to a prosecutor's attention, and they're screwed.
Why hide something so mundane? It’s like pretending you don’t poop. We all know you poop. You’re human.
Reminds me of a failed study I read about. Researchers wanted to look into the effects of porn and couldn’t find a big enough control group. There simply aren’t enough people who don’t watch porn to make the study viable.
I bet you close the bathroom or stall door when you poop though.
They're both something many/most people don't like to advertise. Maybe they'd be even less happy to have details of either habit known. You might think that's silly, but it's far from unusual, it's the norm.
your analogy is off. and the suggestion to use VPN is outright counterproductive.
people close the bathroom door when they poop. I guess they also close the door when they whatch porn.
using a vpn is akin to (car analogy time) trying to using a rental car while in public. you actually expose yourself to the rental company, who might be shadier than the people at the place you're showing up at, who can still see you trhu the window (analogy for your 3rd party cookies)
“might be shadier” is a big part of it... many vpn services are fairly well vetted and it’s known they don’t maintain traffic logs, in addition to staking their whole business reputation on a malicious lie if even a whiff became public, with lots of media & security scrutiny
Just like with many car rebtal companies.. very trustworthy and staking their reuptation on not renting you a car that breaks down, etc.
even if thats is true, and let's assume it is, you are adding yet another bunch of ISP, networks, nation states laws into the original mix. That might not work out in your favour.
not to mention people. no matter how reputable the car renter is, it is still hiring a minimum wage clerk who will handle all your documents and credit card.
you do not trust layer X. so you add layer A, B, C, Y and Z. none have more merits to be more trustworthy than X. You are downgrading your total network trust by adding vpns you do not control fully.
Yeah but I still bring my personal tracking device to the bathroom. How else am I supposed to read memes?
Which brings us to an interesting point. We all want immediate privacy right? Close the door when watching porn, make sure your webcam isn't turned on, close the bathroom when pooping etc.
But having a VPN when watching porn or banning phones from the restroom, that's not something many (most?) people do. How come? What's the difference?
> I bet you close the bathroom or stall door when you poop though.
I do, but not because I'm shy someone might see (a glimpse) of me being naked; I do it so that they don't attempt to enter a toilet already in use. I find myself often not closing the toilet in after hours. In fact, I don't close the toilet at home cause I know the people who can enter won't. Except when I poo, I might, because I don't want them to smell it.
Huh? Really, "office wanking"? I don't recall anywhere that was OK. Although I won't claim that I never did it. Or office (in my case, lab) sex, either. But always at night, when very few were working.
Everyone has something to hide... and do you really want your fetishes and sexual interests tracked and profiled? That random BDSM video you viewed, etc
...it wasn't random and I'm out and proud. Some people are not ashamed of their sexual desires. I do understand some people are, and they are concerned about tracking.
If you were given access to a list of all the porn content you've viewed along with the associated metadata neatly categorized and documented it might change your outlook on the issue. It's not just about the subject matter, it's about what conclusions can be correctly or incorrectly drawn from the data. Metadata such as date and time, location, etc. would be of interest. All this being said, "I'm a sick fuck, I like a quick fuck"
I'm not necessarily ashamed about anything. Although I am disturbed at how hot I get about some seriously evil stuff. But at least not by abusive child porn, which only saddens and angers me. Even the child model bullshit. There's lots of that on Freenet.
And yes, I am perhaps too curious.
However, I definitely wouldn't want anything beyond mainstream porn linked to my meatspace identity. Because I don't want to risk rotting in prison for ~five years, and getting permanent probation. But by using VPNs and Tor, I need not be overly constrained by those risks.
It depends where you are, and what sort of porn you watch. In some places, any porn could mean prison or worse. In more places, it could mean losing a job, divorce, etc.
There are a lot of intolerant people of all kinds around. I can't blame people for being low-key about it. Arguably being open helps change that, but the more fringe content is going to take time to be accepted.
depending on which VPN provider you chose, (1) could be far safer. at least your local sysadmin and ISP have A) a direct work/business relationship with you that they'd likely rather not harm, and B) possibly some laws governing what they do with your personal information & which sites you visit.
Mindgeek runs all of the biggest porn sites, and also runs its own ad network. Since the biggest of those sites are their "tube" sites, they run into the same issues as youtube when it comes to tracking individual tastes. Since the product is porn, which is very easily classifiable with a list of the physical features of actors (with maybe a few behavioral distinctions), the actors in the video, how they are matched ("how" doing a lot of heavy lifting here) and possibly director, producer, and age of content, it would be easy for them to have a very specific dossier on all users. Moreover, it would be financially beneficial, because it'd be easy to maximize engagement with that stuff and a past record of engagement time, and that information would also aid conversions to their other paysite products (of which there are many.) The fact that they run so many paysites probably means they can associate specific sexual tastes (and schedules) with a credit card number.
Mindgeek have also shown themselves to be extremely savvy technologists, so this stuff is probably already being done. If it's your own ad network, is it really a third party, though? The plethora of domains does give the user the impression that they're leaving one business and moving to another, when it's really more akin to switching rooms.
example of unexpected situation: I used a credit card to join vanillanormalromance.com, but I watch weird stuff on redtube.
-----
edit: for some reason it didn't occur to me, but there would clearly be an interest to sell these categories to other porn sites, facebook-style, generating even more info from people not on Mindgeek sites.
I feel like I remember a few Mindgeek/Manwin devs being good HN posters.
I’ve met their head of data science. They’re doing all that stuff and have been for many years.
Porn has always been leaders in technology. They were the first to embrace home video and can arguably be credited for VHS winning over BetaMax despite being inferior, because it was cheaper and all the porn was VHS only.
It's definitely a myth, or at least a minor contribution.
BetaMax housings were very small, so they didn't have enough capacity for feature films unless they were run at 1/2 or 1/3 speed, which reduced quality. The thing is, VHS could also be run slower to improve run times, but instead of maxing out at 90m, they could run for almost 250m for tapes about at the same price.
Tapes with longer run times eventually came to market, but well after VHS had established itself.
Something I've heard brought up regarding the length is that early Betamax couldn't tape the average sports game, while early VHS could. I'd imagine that was a big selling point.
The early Betamax recorders didn't have a timer on them. Plus the tapes were super short. So if you had a show at 3pm you wanted to tape, you had to be there at 3pm to push the record button, then be stuck with only 90 minutes of recorded content.
The first Betamax recorder sold in the US was the LV-1901 which included a 24 hour timer.
The first standalone Betamax VCR was the SL-7200 on which the timer was a $45 optional add-on.
Also at the time people were already buying wall socket timers for their reel-to-reel tape decks to record the radio, these would also work with a Betamax deck. https://www.youtube.com/watch?v=XbNgbtZJAcU
Highly doubtful. They were (mainly) “just” a telecommunications hardware/electronics company up until their purchase of Columbia Pictures in 1989; they wouldn’t have had an incentive to defend the entertainment sector in 1975 when Betamax was introduced.
This is typically repeated but I question if there is actual proof of it rather than one of those '8 glasses of water a day' which just keeps getting passed along or some kind of plausible and believable anecdote.
I don't know about formal studies, but I've read many an article (insert appropriate "reading for the articles" joke here) talking about how demand for porn influenced early adoption of most new forms of media:
printing, broadsheets, photos, different forms of film, and definitely computer video. (Here in Seattle I recall reading about some form of early adult film that shows up notably in local laws...some form of -scope, though I don't recall the name)
DVD-HD vs blu-ray? Adult industry influence was not small. When HD rolled around, the adult industries had notable influence. Where did the makeup techniques for dealing with such high def come from? Porn.
I think the comparison to the "8 glasses of water" standard might be off because unlike that, here no one is claiming a precise measurement, merely an observation of trends.
When the dust settled, perhaps, but I recall when the issue first came up in 2000 and just about every discussion argued technical merits...and where the porn industry was looking. Anecdotal data, but in 2000 streaming wasn't viable for the majority of users (and still remains not viable for a lot) so that's no reason to discount the impact in that arena.
Given the bandwidth porn has consumed since literally the beginning of the internet, I think it's fair to say that they can be credited with significant technology gains too.
As a recent (but maybe not too important) example, PH created hover-to-autoplay-gif for video thumbnails and then YouTube copied it.
Funny related story! At Reddit we built a tool to create thumbnails for webpages. The algo was basically find the biggest “squareish” image and then remove a row or column of pixels. The row/col was chosen based on which one left the image with the most entropy. We kept doing this until the image was a square.
That algo basically cuts off women’s heads and leaves just their cleavage.
Obviously we had to adjust it to try and avoid that, but even today you’ll see thumbnails on Reddit that are just cleavage.
I thought that a face would contain more entropy than two flesh mounds! Color me surprised. Could the algorithm be tweaked to favor removable from the bottom part of the image, since humans generally perceive from top to bottom? Most images contain the 'meat' at the top or middle, I'd assume?
Of course, along with the very-fucking-annoying Youtube Face [0]. It's so ordinary to mess with human psychology, anything to increase click through rates!
I can count the number of reaction videos I've seen on one hand but the YouTube face is all over my homepage.
The next iteration to this is out, it's using extreme Snapchat-esque filters to comically exaggerate the size of the eyes and mouth of a reaction face.
It's mesmerisingly disgusting, I wonder what the next steps are. More digital augmentation awaits?
I haven't dug deeply, but there seems to be a whole ecosystem. An open source avatar data format[0], full body motion capture software[1], this stuff integrates with standard 3d software environments such as unity/unreal/blender/maya/max. So does commercial software[2]. For the hardware it can be a simple web/phone camera on the low end (giving you a talking head) over camera + VR trackers + an iphone for the face sensor to high end rigs with multiple cameras and mocap suits.
I mean, there would be holodeck sex, but unless you're a teenage boy, you're not going to do that more than maybe twice a day max, and you're usually going to do it alone. After you get off, you do the same thing even teenagers do today with the internet: you start playing shooting/fighting games with all your buddies.
Another example is VR/remote control toys adoption - Mindgeek was pretty early adopter of VR porn and remote control toys with synchronization of video frames.
It's not a violation of GDPR. However, is somebody makes a GDPR request to retrieve all of their personal data, or to delete their personal data, then they must comply within 30 days. They have to organize their datasets to make these operations easy.
There are six legal bases for processing personal data under the GDPR. Which do you think applies in this case?
Additionally, sexual orientation is subject to special rules under the GDPR and cannot be processed at all without consent (and some edge cases). That could possibly apply as well.
Article 4 section 11 defines "consent" as something that must be freely given. [1]
Article 7 section 4 further clarifies that consent is not freely given if provision of a service is conditional on consent. [2]
Recital 43 is super clear: "Consent is presumed not to be freely given if... the performance of a contract, including the provision of a service, is dependent on the consent despite such consent not being necessary for such performance." [3]
The gdpr.eu website unpacks the legalese: "“Freely given” consent essentially means you have not cornered the data subject into agreeing to you using their data. For one thing, that means you cannot require consent to data processing as a condition of using the service." [4]
> [porn] is very easily classifiable with a list of the physical features of actors (with maybe a few behavioral distinctions), the actors in the video, how they are matched ("how" doing a lot of heavy lifting here) and possibly director, producer, and age of content, it would be easy for them to have a very specific dossier on all users. Moreover, it would be financially beneficial, because it'd be easy to maximize engagement with that stuff and a past record of engagement time
See, this was my thinking when I created an account and tried to train the recommendation algorithm.
I was sorely disappointed when the secret sauce turned out to be nothing more than:
for vid1 in watch_history[:-10]:
for vid2 in all_videos: // Notice how it does not exclude watch_history
best[Levenshtein_distance(vid1.title, vid2.title) + Math.random()] = vid2
return ksort(best)
I would conclude their engagement maximizer is meant to give me the worst possible recommendations just so I spend more time on the site and load more pages (ad banners) before I find something, but then it would have taken the highest Levenshtein distance instead of the lowest. I'm not sure what the sibling comment from jedberg ("They’re doing all that stuff and have been for many years.") is on about, because they are definitely not matching the video content. I'm guessing it's still too computationally expensive. Reverse psychology (letting you think that you are getting personalized hits but giving you unrelated stuff instead) seems a bit too much like a conspiracy theory. And the theory of giving you something somewhat-good does not explain why it always matches the title and never anything else.
I've never really gone to tube sites (I just know how much business they do), but I can't believe it's that bad. I'd also think it would be cheap enough computationally, and iafd.com has pretty much compiled and indexed everything already.
Maybe there's an opening for someone who can do it cheaply, or they've discovered that it's not worth it?
From what I've heard from people peripherally involved in the space (and from what I've observed in practice, though that might be less useful) the big platforms definitely don't do only this.
> Moreover, it would be financially beneficial, because it'd be easy to maximize engagement with that stuff and a past record of engagement time
Maybe they don't recommend the best video for you (i.e. the one you'll like the most) but one that is relatively good fit for your taste, without being too good, so that you spend more time on the site. If you know what I mean.
No we aren't doing that. Ads are contextual on TrafficJunky/Pornhub. Too few people actually making accounts and purchases compared to the billions browsing anonymously.
separately, has there been any consideration given to googleanalytics (+google fonts) usage on your properties, and Google's ability to track visitors across your sites and the web?
Small since ~80% of our traffic is mobile and we also serve static ads to most adblock users on desktop.
Google Analytics is the only analytics product that can support the data we need processed at a reasonable price. We do use their IP anonymization by default and it's pretty easy to opt-out of GA tracking.
wow, I'm surprised that mobile makes up that much traffic!
it would be interesting to see what sort of UA visit your site... I'm assuming Chrome is the dominant mobile browser (which unfortunately doesn't support ad-blocking)
You can write poor code in any language. Language itself has very little other meaning than how well it does it's job in the given context. PHP is great for fast development, has a lot of developers available, and comes with great tooling for the web.
Traditional downsides like poor threading and overall performance were/are overshadowed in that most webcalls are always I/O bound. PHP7 has made great strides on this though, especially on memory usage.
YouTube has been criticized for it's recommender system tending to push viewers to more and more extreme content. I think the porn tube industry no different.
so somebody here thinks pornhub's recommendation system doesn't also encourage the viewing of more and more extreme content? if so, say so, don't be lazy.
Some friends noted that this had been up on HN for three hours with no comments. So I decided to read the paper and note some highlights.
> What Jack does not know is that incognito mode only ensures his browsing history is not stored on his computer. e sites he visits, as well as any third-party trackers, may observe and record his online actions.
> ‘30% of all the data transferred across the internet is porn,’ with site YouPorn using six times more bandwidth than Hulu (Kleinman, 2017)
> Herein, we take such a ‘sex positive’ view of porn and access to online pornography. While acknowledging the many racist, misogynistic, heteronormative and other problematic histories and themes in pornography and its production, distribution and consumption, our work recognizes the ubiquity and permanence of porn and its many uses and social functions, and the danger of societal, state, and institutional narratives that might work to discipline gender and sex.
> To identify third-parties found on a given website we used the webXray software platform. webXray 'is a tool for analyzing thirdparty content on web pages and identifying the companies which collect user data’ (webXray, 2018)
> We used four coders from diverse backgrounds: one primary
researcher and three volunteers. Three coders were women (one
identifed her sexuality as fluid; the others as queer), and one was a heterosexual man.
> Coders were instructed to code Presence for: ‘Any word or phrase that indicates or suggests the porn content will feature a specifc gender or sexual identity, orientation, or preference,’ and/or ‘Any word or phrase that indicates or suggests the porn content will feature a specifc sexual focus, body part or type, identity or character (like race, nationality, ethnicity, religion, profession), act, fetish, interest, porn genre, porn trope, etc.
>Our March 2018 analysis successfully examined 22,484 sites drawn from the Alexa list of one million most popular websites where the URL, page title, or page description includes ‘porn.’ We found third-party tracking is widespread, privacy policies are difficult to understand and do not disclose such tracking, and third-parties may often be able to infer specifc sexual interests based solely on a site URL.
> We identified 230 different companies and services tracking users in our sample. Such tracking is highly concentrated by a handful of major companies, some of which are pornography-specifc. Of non-pornography-specifc services, Google tracks 74% of sites, Oracle 24%, Facebook 10%, Cloudflare and Yadro 7%, and New Relic and Lotame 6%. Porn-specific trackers in the top ten are exoClick (40%), JuicyAds (11%), and EroAdvertising (9%).
> Based on a random sample, 44.97%of porn site URLs expose or strongly suggest the site content includes or targets one or more specific gender or sexual: identities or orientations, and/or topic(s) of interest/focus.
> We contend that the tracking of online porn consumption represents an even riskier violation of privacy, in line with Citron’s (2019:1870,1881) argument that: "Sexual privacy sits at the apex of privacy values because of its importance to sexual agency, intimacy, and equality. We are free only insofar as we can manage the boundaries around our bodies and intimate activities… It therefore deserves recognition and protection, in the same way that health privacy, financial privacy, communications privacy, children’s privacy, educational privacy, and intellectual privacy do."
> For example, same-sex relations between consenting adults are criminalized in 70 United Nations member states, with punishments ranging from imprisonment to death (Fox et al., 2019). Thee consequences of sexual privacy violations in such contexts would clearly be severe. Even in societies with less regulation around sex, breaches of sexual privacy often have bodily stakes
> Porn website privacy policies are long, dense, difficult to understand, and only 11% of the third-parties observed tracking users on a given page are listed in the policy, leaving users ignorant of which organizations may be assembling catalogues of their perceived sexual interests
Edit: I have been adding to this comment as I read the study. I do have other things to do today.
The paper is wrong when it says incognito mode only ensures your browser history is not stored. It also ensures that any session cookies are not shared between private mode / regular mode.
Obviously that doesn't rule out other browser fingerprinting methods of course (see panopticlick, evercookies, etc)
Edit: It seems like they are saying you can be tracked within incognito mode sessions? That seems pretty obvious. I don't understand why this is surprising.
Isn't the whole risk here that you could have your porn browsing habits tied to your "real" identity? (i.e. your facebook/google/twitter identities). It doesn't really bother me that Google is aggregating porn browsing habits if they can't tie that to my real identity.
I agree its not quite as concerning if your habits are only coalesced in an anonymous profile, but...
The matching engines will keep matching on. You can't ever slip up, even once.
If you leak any sort of signal, its all for naught - and the matching engines may be able to use that signal to link that anonymous collection of habits back to a real resolved identity.
> This paper explores tracking and privacy risks on pornography websites. Our analysis of 22,484 pornography websites indicated that 93% leak user data to a third party. Tracking on these sites is highly concentrated by a handful of major companies, which we identify. We successfully extracted privacy policies for 3,856 sites, 17% of the total. The policies were written such that one might need a two-year college education to understand them. Our content analysis of the sample's domains indicated 44.97% of them expose or suggest a specific gender/sexual identity or interest likely to be linked to the user. We identify three core implications of the quantitative results: 1) the unique/elevated risks of porn data leakage versus other types of data, 2) the particular risks/impact for vulnerable populations, and 3) the complications of providing consent for porn site users and the need for affirmative consent in these online sexual interactions.
Those are good sites. But cartoon porn with underage characters is illegal in some countries. And marginally so in the US, depending on attitude of the prosecutor. Also, I've come across some cartoon porn sites that are too disturbing to even risk describing here. Violence per se isn't so illegal, but underage sex + violence may well be.
That's actually the most disturbing aspect. They're absolutely cruel and disgusting, and yet extremely sexual. And it's been very hard to forget about them.
Some old-school shock sites were a little like that. Lemon party, for example, is a disturbing image, for an old man. And that girls/cups one. But even those are just funny, compared to what I'm talking about.
If you email me, or PM me on Keybase, I'll share the link.
And on reflection, I get that what I'm talking about isn't all that uncommon. Just torture, hanging, decapitation, cannibalism, etc. Some of my favorite fiction features all of that. Burroughs, Abercrombie, Morgan, Stover, and lots of older stuff.
I know, but I'll stick to it until a proper successor appears. nhentai.net and hitomi.la recompresses images and I want to be able to archive the originals easily.
VPN protection from site-level tracking is basically nonexistent. Browser fingerprinting is widespread and bypasses anything a VPN might offer. VPN is effective against network-level issues, not against browser-based tracking - it's a different level in the stack.
Virtual machines have the same virtualized graphics drivers, if everyone used virtual machines for browsing and deleted cookies and cache, web tracking would be restrict to IP-based.
There are still several bits of data, like plugin support, touch support, platform, language, screen size, and timezone, that have to be actively manipulated if you want to reduce the likelihood of unique tracking.
Yes, but it is trivial to distinguish usage of Tor browser as commonly distributed and Tor browser in TAILS, by default one comes with an additional plug-in.
Not that I know of -- there are just browsers that don't send out some stuff because they don't have the capability to detect it. You could do some more header-stripping with extensions and proxies, but in the end, like with cookies, this is stuff that a website might need to actually work properly.
To do this well, you have to take special care with how exactly you obscure them. If your browser refuses to report those values, or sends junk values, then you might actually make the problem worse. It's the internet version of this: https://xkcd.com/1105/
Yes. And using a VPN in a dedicated VM isolates activity well from the host machine and ISP uplink. There's still the risk that VPN providers will share information with adversaries. And so it's better to use nested VPN chains, which distributes over multiple providers.
The matter of virtual graphics drivers cuts both ways, however. Multiple VMs in a host that use the same virtual graphics driver have the same WebGL fingerprint. So if you want multiple fully compartmentalized VMs on a given host, they must use different virtual graphics drivers. That is, Windows vs macOS vs Debian family vs vs Red Hat family vs BSD family etc.
Sounds like that's fairly easily solved by just using a different browser only for your porn habits. If you use FF for your normal web browsing, only use Chrome just for porn, etc.
My understanding is that finger printing relies on gleaning data about the underlying os and hardware. I'd think using a browser in a fresh VM may offer more security security in this case.
(sadly) do-not-track also doesn't work - it makes you stick out even more when activating it. best is to try to blend in with aggressive hardware compartmentalization. there are no solutions that can easily be recommended to somebody less tech-savvy which would protect them from bad actors (and GDPR or not - there will always be plenty of them).
Well, Firefox for one does things to help against tracking. Surely not all the things that can be done, but at least the ones they figured out to be worth it for everyone.
I'm not in that business but I'd be surprised if you couldn't. Mobile devices are usually more trackable, since they are always at the forefront of browser/hardware integration in ways that increase the fingerprint surface ("does it support geolocation? does it support battery-related apis?" etc etc).
On Panopticlick with Firefox Mobile, with Ghostery plugin active in a normal tab I get 18 bits of info, in a private tab I get 17 bits, but the best is a private tab with Ghostery paused - then I get 16 bits, and equal results on the other parts.
Are privacy plugins really redundant in this day and age? Or is the test too incomplete to reflect their value?
If there is a good way to control this (FF does a much better job -- could be tied to plugins and such tho), one could further reduce the number of identifying bits.
Chrome seems to do better (less unique) in both Hash of canvas fingerprint and Hash of WebGL fingerprint. I've summarized the main differences I see below, seems like combining the best of Chrome w/ the best of FF would result in even better privacy:
Edit: I think Chrome's HTTP_ACCEPT Headers is like that because I've installed/enabled many languages in it for l10n testing. I'm removing them now, which should make Chrome get a better score than FF.
FWIW, I've not taken the number quoted by the website ("at least x bits", which appears to be the maximum of the per-characteristic numbers, which sort of assumes that the characteristics are fully dependent (such that knowing further characteristics does not tell you anything beyond that one maximally informative characteristic)), but the sum of the per-characteristic numbers (which sort of makes the opposite assumption that the characteristics are fully independent, and knowing all the other characteristics does not reduce the information added by any one characteristic).
In my experience the biggest entropy generator with browser fingerprinting in system fonts. I ran Panopticlick against both my Firefox browser instance (running Ghostery, uBlock Origin, and Privacy Badger) against a Chromium instance running no plugins and both cases yielded 17 bits from browser fingerprinting. It makes me curious whether system fonts are a major source of privacy leakage.
What do you mean by 'secure'? I just ran panopticlick in a fresh installation of Chrome on Windows in incognito mode. It returned a near-unique fingerprint with >14 bits of estimated entropy.
Of course, that makes total sense, because many of the factors that can identify your system have little to do with the browser, but are determined by the underlying system: fonts, display, date/time information, graphics fingerprints, etc.
I don't think a VPN is enough, it will mask your location but there are so many ways your browser can be fingerprinted so you would need to have fingerprint resistant browser profile, maybe with JS off is possible.
Easy to enable, but in practice not much help yet: For me, at least, I enabled resistFingerprinting and tested on https://panopticlick.eff.org. A unique fingerprint was still present. Test it yourself.
Check and make sure it's the same fingerprint across multiple runs.
I installed CanvasBlocker, and one of the things it does is fake results for a handful of API calls. So while Panopticlick reports a unique fingerprint each time, it looks (to me, based on their results) like a different browser each time.
In particular, the two most specific categories they track are canvas and webgl hashes. Those are changing every time, which I believe makes them less useful as tracking information; the next-most-specific thing is a list of fonts, which is almost two orders of magnitude less specific.
Right, that's why the setting is called resist fingerprinting. You still need to take other precautions like not full screening. A while ago I tested resistfingerprinting with a few machines and they all have the same fingerprint, so at least it's better than nothing.
I tested with my browser and it was unique as well. It seems to be caused by high dpi monitor breaking the window size rounding logic. Retrying with high dpi disabled results in
Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 5551.36 browsers have the same fingerprint as yours.
Currently, we estimate that your browser has a fingerprint that conveys 12.44 bits of identifying information.
Maybe having resistfingerprinting is a fingerprinting datapoint itself?
I don't fully understand panopticlick results. My machines always get uniquely identified by screen size (which I sort of understand, but find doubtful) and fonts installed. The latter I find very confusing since it often lists a set of garden variety Windows fonts, which I don't even have installed on my machine.
As others said it is not as easy, you probably need a special browser profile that is very "extreme" with the privacy settings. I would suggest not over selling that Firefox setting.
That still won't work. Most people don't have 'extreme' privacy settings, so you'll again be unique. To resist fingerprinting, you want your setup to be as generic as possible. This is one reason why it's important that browser vendors need to tackle this issue by setting privacy focused defaults.
With NoScript on Firefox, I have 8.7 (???) bits of identifying information according to Panopticlick. I did not enable the about:config setting a sibling poster mentioned. According to the site, I am passing adblocking and fingerprinting, but not invisible trackers or DNT.
> Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 417.05 browsers have the same fingerprint as yours.
> Currently, we estimate that your browser has a fingerprint that conveys 8.7 bits of identifying information.
So yeah, pretty much all web privacy is broken by Javascript.
While I don't disagree with using a VPN as you suggest, I would be wary of using an advertisement by a VPN company as a supporting source for that claim.
I think if you use a VPN that doesn't have any of your personal information of file for billing or infrastructure purposes (like your residential ISP does) then at the very least the shady logging VPN will have a dossier on you that doesn't include your name, street address, bank or credit card numbers, etc. Even if the VPN is otherwise a bunch of Mafia scum datamining you as hard as they can, you're still better off than if you were raw-dogging on Comcast.
However I think those VPN companies that throw around suspicious abouts of cash advertising all ask for credit cards or similar. I would never do business with one of them, it's pointless.
I also hate NordVPN's YouTube advertising campaign in particular, in which they pay YouTube creators to mislead their audience. Suggesting among other things that connections to your bank's website are unencrypted if you aren't using a VPN.
But most importantly, close the incognito mode once you finished consuming the content, don't just close the lid of your machine. The next day at work might be a bit more awkward than what Google does with your aggregated data :)
Also ask your girlfriend / boyfriend to tag imgur links with NSFW :)
A VPN might be handy for bypassing the near-future UK porn block / age verification system[0] (by spoofing your geo-location). I imagine tech savvy teens/children are already investigating VPNs in light of the recent articles which outline the system.
Here's the important bit from the article where children will need to bypass:
> From the launch date in July, porn websites will have to show anyone visiting from a UK IP address a landing page that doesn't show any explicit content.
>Each age-checking company has a variety of different ways people can prove they're old enough to view porn. These include using SMS, credit card data, passport information, or driving licence details. There are other options that include face scanning and the blockchain.
This is so going to result on a ton of teens with credit cards. Just look at what is already happening with mobile games. Sounds like a boom for the porn industry. Sure enough, MindGeek is already on it:
>The most well-known of these is AgeID, designed by MindGeek
That's very incomplete advice (on the blog of a VPN provider). A VPN alone won't give you any protection from being tracked either, you need both that and incognito mode (or a separate browser), and should probably throw ad/tracking blockers in the mix as well.
It might be problematic in countries where certain kind of sexual orientation is punishable even with death. If you don't live in those countries, then I don't see much problem with GA in these sites as well.
Are you claiming that in those countries there have been cases where people are identified and rounded up with some mass sweep identification by online viewing habits?
I was recently googling friends' names and looking at the results from find-people sites. It's already creepy enough that they have "related to:" and then a list of family members of that person. But the most recent concern was one site already has a "reputation score" like china has already implemented. I checked a few friends who had criminal convictions and, voila, their "score" ranked lower (and of course you can pay the site to remove your entry or whatever, aka a racket). Porn viewing could easily be ranked into the "score" in a negatively-impactful way and lead to job/social discrimination.
I always liked how thepiratebay.org seemed to make that tracking really transparent. Visit that site on a machine and observe the advertising. It’s not the deep shadow fingerprint we evolved into. But it’s something that has informed me over the years.
Just visited on my mobile and didn’t get the same effect. It was different back in the day.
Assume again. It’s probably safe to assume (I know, right?) people are more cautious with websites used to arrange cheating for married individuals than with the typical porn site, and yet as the Ashley Madison disaster revealed, people are just plain stupid when it comes to online privacy.
If you've ever put that kind of information anywhere on the internet using the same browser, it's best to assume they can connect you. From browser fingerprinting to IP logging to security exploits, they'll find a way. You can definitely make it more difficult for them but without going all the way to TOR or something like it, it's best not to assume you have any secrets.
I've assumed (without evidence, only deduction) since the 90s that every pornographic thing anyone has ever looked at has been recorded for future blackmail use against social rebellions.
It might be my age demographic but everyone I know is very open with their choices of pornography and I have the link to several of my friend's favorite lists and playlists.
There are also shared accounts of paid websites going around and we can see the "recently watched" lists. There shouldn't be any shame to pornography unless you are consuming illegal content.
Unless you are a content creator and wish to keep your personal and online life separated, there's not much of a blacklist potential.
Of course not, that's usernames I'm talking about.
We'd say "Oh, go log in as 'CoolUser69'. The password is 'hunter2'. We are sharing this account together, chip in a few bucks a month if you can" or "oh, I have a curated playlist of [XYZ category]. Look up 'CoolUser69' on [KinkySite.xxx]".
The age range is 26-31 years. Both males and females. Anything from owners of small web development agencies to university students or government office workers. I attempt to keep a diverse social group.
I am female and currently in a stable relationship. There has never been a person I have been in a relationship with that didn't know my kinks and turn-ons. I am not sure how that would work exactly.
Yes, but you may be talking about your social circle. I am skeptical that casually sharing your porn habits is going to be seen as acceptable and normal in the eyes of most of your peers.
I'm a few years from the age range you mentioned, and I can't say I have seen the same level of openness. Not even close.
Values change wildly depending on where you are from.
I am mostly talking about second and third generation atheists from Montréal and the surrounding region. The way of life is obliviously very different than what it would be in let's say, conservative southern USA.
That being said, being open about sexuality brings openness. For example, I had a very long conversation with a woman from Haiti this last weekend. She has a lot of questions and we talked about everything from the existence of female orgasms to gender identities and sexuality. I could literally see the weight and shame lift off her shoulders as I explained and normalized concepts for her.
I am not arguing the merits of openness, or whatever. But you don't need to travel all of the way to southern US to find that most people even in that age range aren't open about sharing their porn habits.
Claiming there would be no consequences from sharing publicly is unrealistic at best and dishonest at worst.
Using Southern US was simply an overstatement. I'm sure I could look at my neighbours from the same appartment block and find people who are not as open about all of this.
Could you provide examples on where disclosing your sexual preferences could be hurtful or dangerous? I honestly cannot imagine any situation except some edge cases where illegal habits are
involved. (E.g. a high school teacher that searches for pornography involving people roleplaying as minors.)
The only other situation that comes to my mind is people not out of the closet being found out and outed before being ready.
As someone who used to live in Lubbock, TX, revealing yourself as being a member of the LGBTQ+ community could lead to anything from shunning (job, church, school, "friends") to verbal/sexual harassment to direct physical violence.
I'll concede anecdotes are not data, so believe me as much as you want.
However, as a very shallow representation, google: lubbock lgbtq hate crimes
I haven't been there in years, but as of the beginning of this year, out of the maybe 2 dozen folks at possible risk that I know from my time there, only one has stayed, and that's mainly due to her wife's extended family living there and property she can't sell for what she wants.
It would be hurtful because it would negatively impact your social relations since it's unusual to be so open and there are a number of legal sexual interests that many find distasteful or even revolting.
You make your own social circle and only you can choose who you spend time with. If you are someone open about sexuality, then chances are that you will surround yourself with people who find this natural.
I absolutely reject the normalization of puritan values you are pushing. There is nothing abnormal and unusual at all about being learned about human sexuality and discussing the subject with friends. Yes, it can be something that does not attract you. You cannot, however, make such claims and present them as facts.
Being open about sexuality does not mean that you are socially awkward. Of course you need to read the room first. I would never assault someone with facts about sexuality and find it extremely distasteful when someone does so myself. You can be open about your sexuality while staying polite and professional. Being socially revolting is a character trait and has nothing to do with sexuality.
For example, I would never talk about sexual encounters with anyone from my office. I will, however, demystify and explain the details of sexuality and kinks if I hear people spreading stereotypes.
Talking with your close social circle at a bar or a house-party is not the same game as talking with co-workers or strangers. Nor is talking about your personal sex life the same thing as discussing the subject of human sexuality.
I have been talking about sexuality a lot in this thread and I strongly doubt that I have been revolting or distasteful about it.
The point is that people should have the choice to share however much they want of their sexual life with the rest of the world. It shouldn’t be a company/government that surreptitiously gathers information about you.
I understand the point you’re trying to make, but your argument sounds dangerously close to “why do you need privacy if you have nothing to hide?”
> I understand the point you’re trying to make, but your argument sounds dangerously close to “why do you need privacy if you have nothing to hide?”
We absolutely need privacy even with nothing to hide. My point is that pornography is not any more of an important issue than anything else. It simply sells more clicks and make people take more when news are reporting on it.
I'm in that age range (29), and I've never seen that (UK). It's not out of shame, or even any particular secrecy - it just doesn't come up, and would feel a little weird to bring up.
I agree, but millennials have no power, there's the potential that what they've done (while being tracked and recorded every moment of their lives) could be used to blacklist the entire generation by zombie boomers and their xer children. They've already come of age during a ruined economy, this could just be another strike. Xers will live long enough that they could skip most of the millennials in favor of their kids, who may take their parents' experiences as a cautionary tale and be more careful and contrived about their public faces (I think there's ample evidence of this wariness.)
Millennials are on the cusp of displacing Boomers as the dominant power in society, bypassing Gen X completely (as it was always clear would be the case.)
> there's the potential that what they've done (while being tracked and recorded every moment of their lives) could be used to blacklist the entire generation by zombie boomers and their xer children
Boomers' children are often Millenials, just as plenty of Gen X have Silent Generation parents. But, in any case, no, there's not, because Millenials are increasingly the ones running the show.
> They've already come of age during a ruined economy,
When they wouldn't have had much even if it was a good economy; meanwhile, GenX got wiped out mid-career by it, and Boomers facing retirement.
Sucks for everyone, but I'm not convinced it sucks worse for Millenials.
> Xers will live long enough that they could skip most of the millennials in favor of their kids
Except Xers will never be the dominant political, economic, or social power group, at best being #2 behind Millenials once the Boomers die off sufficiently.
Of course they are. They're also an absurdly tracked and recorded generation, all of their cultural idols and most of their work supervisors are Gen X, and the people who own the companies that employ them and manufacture everything they buy are Boomers.
Their kids are also up to 20 years old, and are more polished online than they were; they were born being judged for what they posted, and knowing that everyone at school would see it.
You reach a point where if nearly everyone is blackmail-able for the same thing, that it stops becoming effective. If everyone is cheating on their spouse, then who is anyone to judge?
Does it? Maybe if it was used to blackmail everybody, but as long as people are given a chance to feel superior, no matter how hypocritical the opportunity, they will take it. Thus as long as the blackmail is only selectively applied to a few targets it will remain extremely effective.
Also, there is the possibility of creating false data that is worse than the average blackmail material. For example, say you are a political dissident starting a new party that appears to be an actual threat to the incumbents. Oops, we leaked the data showing you had an uncanny knack for finding and repeatedly viewing the most illegal of material before our moderators manage to take it down.
No matter how well you can defend against such a claim, your political future is now over.
There's still an information asymmetry that's powerful. If everyone knows that everyone is cheating on their spouse, it's ineffective. If the Stasi knows that everyone is cheating on their spouse, and isn't stupid enough to share quite all of that information with everyone, it's another story.
And with porn it's so multifaceted. Everybody breaches some taboo or other, but they're all different taboos. Not to mention that every social taboo immediately gets sexualized.
If the conspiracy theory was true though, they would have never let Tumblr go down. Tumblr was the mecca of weird, fringe, taboo porn. And they could even take down the people who made it.
> You reach a point where if nearly everyone is blackmail-able for the same thing, that it stops becoming effective.
That's not true, because it requires a further massive step (that is unlikely to occur): all people must be similarly revealed to be doing the thing in question.
You'd have to know that everyone is cheating on their spouse; everyone would have to have max knowledge / transparency. Until then, the ones that get revealed will get judged by those not yet revealed. In my observation, people tend to be very comfortable with being a hypocrite, right up to the point where they're burned by it.
And further, if there's even a small detail that is different, the crowd will use that detail as the point of differentiation to say that they're not as bad as some other person.
If you have 100 people all surfing the same porn, and only one of them gets publicly revealed for the behavior, most of the remaining 99 people - assuming individual separation - will pretend they're not doing the same thing. They'll ostracize or harshly judge the person that got revealed publicly, pretend they're not doing the same thing, and go on doing the same thing in private. This behavior seems to repeat essentially non-stop among people socially; you see it in the news, with politicians or celebrities, with scandals, in various group behavior, among friends & family, et al.
I wouldn't be shocked if we have a mass kompromat attack trying to coerce people into doing something based on some porn site analytics data. Paired with god knows what Cambridge Analytica had at their disposal, it probably wouldn't be too difficult.
A couple lawyers and fishy business men launch an ad campaign on RedTube. Through that advertisement they collected IP addresses of visitors.
Before launching that campaign they allegedly bought the rights for three cheap porn flicks.
Now they also claim that they have some miraculous software which allows them to track who has been watching those flicks on RedTube. They even get a totally unclear blueprint for that software officially certified by a surveyor. [4]
Then they appeal to a court in Cologne for the real world addresses corresponding to the IP addresses arguing they can prove those poor schmocks watched their illegally uploaded crap flicks.
Suddenly thousands of people receive letters threatening legal action if they do not agree on paying a fee of 250 Euro. Many people comply out of fear for their reputation and just pay.
1: https://web.archive.org/web/20140822000304/http://www.wbs-la...
2: https://www.joyofdata.de/blog/tool-visualization-connections...
3: https://web.archive.org/web/20140911214044/http://www.cracka...
4: https://www.abmahnhelfer.de/wp-content/uploads/2013/12/EV.pd...
(many of the original sources have been deleted and are only available through archive.org)