Porn Sites Ratings
 Rating Scale
 Rating Method
 Research & Statistics

Porn and Privacy
  1. Home
  2. Research & Statistics
  3. Modern Tracking

Modern Tracking

June 27th 2020

The (Ir)relevance of Cookies

While analyzing the privacy and security risks of adult sites, we do not take cookies into account. This approach was not chosen because cookies are neglectable – they still are in use and they are a relevant tool for tracking user behavior. Out of 601 websites which we scanned back in Fall 2019, 372 were applying 3rd party cookies. However, 599 of those 601 sites have sent 3rd party requests which are relevant for tracking. While having a closer look at the 227 websites which used 3rd party requests only, it quickly turned out that many of them do apply user tracking. Only six of those 227 porn sites did not send suspicious requests. All the others have at least sent requests to G. Analytics, besides many of them have sent requests to companies such as F**book or Oracle, which we consider much more risky than G..

Turn mobile to make the chart readable

We see two main reasons why 40% of the websites do not use cookies for tracking: On the one hand, in some jurisdictions cookies are subject to the consent of the visitor. The second reason, and more important for our decision, 3rd party cookies are outdated. Safari and Firefox have started to block 3rd party cookies by default already some time ago, and G. has announced to phase out from 3rd party cookiesby 2022. Consequently, companies have to rely on other tracking techniques already now and even more in the future.

By the way, we also analyzed cookie consent implementations: In case of proper implementation websites must hold back cookies unless the visitor has agreed to their usage. In fact, we could only find a handful of cases where this was applied properly, e.g. mycams.com. Most of the websites analyzed did place cookies without waiting for user consent.

What comes next?

The adult industry is a peer in alternative tracking techniques. Ever since many porn site visitors are blocking cookies with the help of private browsing, which forces providers to use alternative approaches such as fingerprints. And as you can see in the above chart, this method is already widely spread. However, the European e-Privacy-Regulation, which is expected to come in force by 2020 or 2021, may change a lot. With this regulation in force, website providers must inform their visitors about any kind of user tracking, and visitors must give their consent in advance. We will see how the market reacts to that, what comes next...

The challenge: classifying 3rd Party Requests

While analyzing 3rd party requests, it is quite challenging to separate tracking requests from others. On the one hand, we still see space to improve our algorithms. But more than that we have difficulties to draw a proper line between safe and unsafe requests, especially when it comes to porn sites. We are currently strict in that regard because even a simple referrer or origin URL in the header is suitable for sharing sensitive information about visitors with 3rd parties. An analysis found out that more than 40% of the website urls provide details on the potential sexual orientation of their visitors (see chapter 5.3 of this paper). Moreover, for many of those requests, there is no valid reason to add referrer or origin information except user tracking and sloppy implementations. Thus, we think a conservative approach is appropriate, where any suspicious request is scored a bad request.

© 2020 pornandprivacy.com