It’s time for porn sites to embrace HTTPS

As long as you’re of legal age, visiting adult websites should be your own business. The reality is, however, very few adult sites offer high levels of security, and if someone snoops on your browsing habits they can see the pages you visit, the content you download, and the specific terms you search for.

As the would-be adulterers who patronized the hacked Ashley Madison site learned, being exposed as a visitor to an adult site can be extremely embarrassing and even threaten a marriage or a career.

The Center for Democracy and Technology (CDT), a nonprofit organization that spends most its time defending free speech and privacy on the Internet, has teamed up with a porn industry trade group to help adult sites secure their traffic. The technology the group promotes is one you’ve probably used yourself. It’s called HTTPS, and you generally see it on the sites of financial services companies and ecommerce pages. If a site uses HTTPS to secure data transfer you see an icon of a padlock next to the address in the URL bar of your browser. HTTPS creates a secure connection between websites and your computer.

A call for action in the adult industry

The CDT and the rather coyly named Free Speech Coalition, which represents the adult industry, started an educational campaign to convince adult sites to use HTTPS. The tech is now easier and cheaper to deploy than in the past, but few adult sites take advantage of HTTPS, according to Joseph Hall, CDT’s chief technologist.

For example, 11 of the 100 most-visited websites in the world are adult oriented, according to Google’s latest transparency report, and only two of those 11 use HTTPS, Hall says. Many adults sites deploy HTTPS to process payments, but the servers that house and transmit the actual content generally aren’t protected.

Say a user goes to the page, “https://www.adult.com/cheapthrill.” If someone was spying on that user, the hacker would be able to see that the user had gone to adult.com, but the HTTPS connection would block them from seeing the “cheapthrill” page. The hacker also wouldn’t be able to discern any other details, such as content the user viewed or downloaded. If the site had a custom search engine, as many adult sites do, and it used HTTPS, the hacker would not have access to the user’s search history, according to Hill. 

Porn sites aside, Hall also argues that HTTPS tech should be used on sites that have nothing to with adult content. “Without HTTPS, ISPs and governments can spy on what users are doing, and using HTTPS prevents malicious actors from injecting malware.”