Every time a major hack becomes public—Target, Yahoo, take your pick—Mike Stabile is grateful its not an adult site. As the director of communications for the Free Speech Coalition, an adult entertainment industry trade group, he knows what the fallout could be, and that its potentially a lot worse than another password dump.
Its one thing if your credit card information is stolen from something like Nordstrom,” Stabile says. “When youre dealing with an adult company, it says a lot about you. Its tremendously exposing, especially if youre closeted or in a community thats going to frown upon that.
You dont have to look especially far to prove that out. Ashley Madison isnt a porn site, but it trades in adult (or more specifically, adulterous) themes. The leak of its member information over a year ago had devastating implications for some of them. Its not a perfect comparison; no ones equating watching porn with cheating. But Stabile says it speaks to the same type of vulnerability that visitors of porn sites should feel. Theyre only a hack away from the world knowing their most private online actions.
That all changes today, as the FSC and the Center for Democracy and Technology, a digital civil liberties nonprofit, embark on a quest to make pornographic sites safer to browse. Together, they hope to bring the encryption protocol HTTPS to online porn, securing an incalculably large portion of the web along with it.
If successful, the initiative could make hundreds of millions of people more safe online every single day. When Google recently published a list of the 100 largest (non-Google) sites, eight were adult destinations, making it easily one of the best-represented categories. Even that belies the extent to which pornography has consumed the web, so heres some additional context. According to analytics company Comscore, 200 million unique visitors pass through Facebook every month. A single porn conglomerate, Luxemborg-based MindGeek, boasts over 100 million uniques every day.
And thats just one company. There are too many more to count, too many new operations springing up each day to keep track of, in part because theres virtually no barrier to entry. In 2016, anybody can pick up a camera and become an adult producer, says Stabile. Avenue Q should have gone one step further; the Internets not just for porn. Its largely made of it. Its not just the deeply personal information these sites have access to thats the problem. Its the unfathomable scope.
And thats also a big reason why its going to be so difficult to secure.
Getting Their Fix
The best way to make adult sites more secure is the same as with any site: Add HTTPS.
Weve talked in depth about the benefits of HTTPS previously here at WIRED. In fact, weve even implemented it on our own pages. The short version, and what makes it so critical for the porn industry in particular, is that HTTPS encrypts content between servers and browsers. It makes sure that what you do online remains strictly between you and the sites you visit.
The two big benefits are confidentiality and integrity, says Joseph Hall, chief technologist at CDT. With HTTPS, your ISP cant know how youre spending time at the websites you visit. Neither can government spy agencies, or anyone else for that matter. That information is encrypted. It remains private. As for integrity, deploying HTTPS can prevent the injection of malware by third parties, or ISPs from stripping out advertisements in favor of their own. With a standard HTTP connection, you can never be completely sure whos watching, or in extreme cases, whos on the other end of the line.
The initial goal of the FSC and CDT partnership isnt to force HTTPS on porn sites but to educate them as to its importance, and help with the transition. Its not a monetary commitment, but an instructional one. The FSC has members who need to encrypt; CDT can show them how to do it.
Initially its about raising awareness, introducing why they would want to do this and why it might not be as much of a burden, says Hall. Im hopeful that when they see the benefits, theyll realize they need these things yesterday.
HTTPS isnt totally absent in the online porn industry; two largest cam sites, which connect viewers with live erotic performances, both use it, for understandable reasons.
Those are locked down to the teeth, Hall says, in part because of the direct interaction. These are also typically paid sites, which invites stronger protections. Theyre highly encrypted, whereas the majority of porn traffic are broadcast sites, and those dont do much of that at all.
Thats not necessarily for lack of interest. The bigger problems, says Stabile, are awareness and resources.
People think of the adult industry as a bunch of large companies, says Stabile. The truth is, even a lot of the ones that are large now started off as mom and pops. Its not people who necessarily have their own IT department.
Hard Sell
For all the advantages of HTTPS, there are reasons porn sites might be wary. For one, it does take some resources beyond just know-how, which for smaller sites arent always readily available. More concerning, though, is that the transition to HTTPS can come with all sorts of unknowns.
Take the media industry. While WIRED and a handful of other publications have fully implemented HTTPS, the bulk of news sites remain unencrypted. Thats because news sites host third-party elements (ads, mostly) that often include trackers that don’t work with HTTPS. If the ads are delivered over HTTP, the site can’t be considered secure. The good news there is that porn sites actually use far fewer tracking elements than media sites, but a smaller-scale impediment is still an impediment.
Then there are the unknown side effects. WIRED, for instance, saw some SEO challenges during its HTTPS transition. Hall acknowledges that search traffic is vital to adult sites, which may cause some anxiety about adopting the protocol. Its not clear that theyd actually lose any incoming eyeballs by switching over, but its understandable that no one would want to be the first to chance it. This is something we will learn through this partnership, what the specific barriers are, he says.
Eventually adult sites may not have much choice but to adopt HTTPS. I could imagine that its going to become something where in order to do business in this industry, you have to have HTTPS up and running, Stabile says. If youre leaving yourself exposed, youre leaving a lot of people in your network exposed; advertisers, billing providers, members. The pressures going to come from a critical mass of vendors and partners.
The question, then, isnt really if the porn industry will or wont go HTTPS eventually. Its if they can get there before the next big hack.
Read more: https://www.wired.com/2016/10/quest-make-porn-sites-secure/