Because of the sensitive content that they offer, modern privacy regulations try to control user tracking activities in such sites. However, little is known about the privacy risks that users face when visiting such sites and their regulatory compliance.
In this work, we present the first comprehensive and large-scale analysis of 6.843 porn websites. We provide an exhaustive behavioral analysis of the use of tracking methods by these services, their concerning lack of encryption and cookie consent forms, and their lack of regulatory compliance, including the absence of age-verification mechanisms. The results indicate that, as in the regular web, tracking is prevalent across pornographic sites: 72% of the websites use third-party cookies and 5% leverage advanced fingerprinting scripts. Further, our analysis reveals a third-party tracking ecosystem semi-decoupled from the regular web in which various analytics and advertising services track users across, and outside, the porn web. We complete the paper with a regulatory compliance analysis in the context of the EU General Data Protection Regulation (GDPR), and newer legal requirements to implement access control mechanisms (e.g., UK’s Digital Economy Act). We find that only 16% of the analyzed websites have a privacy policy and only 4% have a cookie consent banner. The use of verifiable access control mechanisms is limited to prominent pornographic websites.
About Pelayo Vallina
Pelayo Vallina is a Ph.D. student at IMDEA Networks Institute working at Global Computing Group under the supervision of Professor Antonio Fernandez Anta. He obtained his B.Sc. in Computer Science from Universidad Carlos III. He extended it with an internship at NEC Lab Europe (Heidelberg, Germany). Then, he obtained his M.Sc. in Telematics Engineering in 2017 from the same university, combined it with an internship at NETCOM research group, working under the supervision of Professor Rubén Cuevas. His principal research areas are privacy, social networks, and online advertising. He works on several projects related to the regulatory compliance on sensitive websites as well as studying possible algorithmic biases on the online advertising ecosystem.
This event will be conducted in English