It's time for porn sites to embrace HTTPS

Popular adult websites are often much less secure than people think, and a civil liberties group wants to help protect adult consumers and improve online secure within the porn industry.

pornhub logo
Credit: Pornhub

As long as you're of legal age, visiting adult websites should be your own business. The reality is, however, very few adult sites offer high levels of security, and if someone snoops on your browsing habits they can see the pages you visit, the content you download, and the specific terms you search for.

As the would-be adulterers who patronized the hacked Ashley Madison site learned, being exposed as a visitor to an adult site can be extremely embarrassing and even threaten a marriage or a career.

The Center for Democracy and Technology (CDT), a nonprofit organization that spends most its time defending free speech and privacy on the Internet, has teamed up with a porn industry trade group to help adult sites secure their traffic. The technology the group promotes is one you've probably used yourself. It's called HTTPS, and you generally see it on the sites of financial services companies and ecommerce pages. If a site uses HTTPS to secure data transfer you see an icon of a padlock next to the address in the URL bar of your browser. HTTPS creates a secure connection between websites and your computer.

A call for action in the adult industry

The CDT and the rather coyly named Free Speech Coalition, which represents the adult industry, started an educational campaign to convince adult sites to use HTTPS. The tech is now easier and cheaper to deploy than in the past, but few adult sites take advantage of HTTPS, according to Joseph Hall, CDT's chief technologist.

For example, 11 of the 100 most-visited websites in the world are adult oriented, according to Google's latest transparency report, and only two of those 11 use HTTPS, Hall says. Many adults sites deploy HTTPS to process payments, but the servers that house and transmit the actual content generally aren't protected.

Say a user goes to the page, "https://www.adult.com/cheapthrill." If someone was spying on that user, the hacker would be able to see that the user had gone to adult.com, but the HTTPS connection would block them from seeing the "cheapthrill" page. The hacker also wouldn't be able to discern any other details, such as content the user viewed or downloaded. If the site had a custom search engine, as many adult sites do, and it used HTTPS, the hacker would not have access to the user's search history, according to Hill. 

Porn sites aside, Hall also argues that HTTPS tech should be used on sites that have nothing to with adult content. "Without HTTPS, ISPs and governments can spy on what users are doing, and using HTTPS prevents malicious actors from injecting malware."

To comment on this article and other CIO content, visit us on Facebook, LinkedIn or Twitter.
Download the CIO October 2016 Digital Magazine
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.