Pornhub and YouPorn Move to Keep Your Taste in Privates Private

We told you that a tipping point to privacy had been reached among adult sites, and we were right

Pornhub’s Aria won’t let the online spies know about that thing you like with the thing. Monsieur Coms / Pornhub

During the Republican National Convention last year, traffic to porn sites spiked dramatically in its host city, Cleveland, according to xHamster, a giant purveyor of adult content online.

That data point suggests that Republicans watch a lot of porn. The party’s lawmakers should have thought about that before sending legislation to the president that greenlights internet service providers selling data about what their customers look at on the web. That practice was all set to be banned by FCC regulations next year. Instead, Republicans decided that capitalism required that data brokers know whether you’re more a stepsister vids or granny gang-bang kind of guy in order to help marketers find the best strategy to sell you socks.

Fortunately, the biggest porn site in the world, Pornhub, and its comparably popular sister-site, YouPorn, have moved to encrypt their connections by default with all visitors. Pornhub made the switch today and YouPorn will flip on April 4. That means your ISP will still know you visit those sites, but it won’t know if you search for “busty blondes,” “barely legal” or anything else once there.

“With this internet communication protocol we can ensure not only the security of our platform, but also that of our users. At the end of the day, we want every single one of them to feel safe and secure on our platform while enjoying our library of over 5 million videos,” Corey Prince, a VP at the company, said in a release.

Pornhub and YouPorn are in the top-100 most visited in the world, making this a big privacy win. “If you visit a website that doesn’t have HTTPS, someone who is not that site is keeping track of exactly what you visit,” Josh Aas told the Observer in a phone call. Aas runs Let’s Encrypt, a project that helps any and all sites move to secure connections with their visitors. It’s context specific, but it’s a safe bet someone is logging your logs. He explained, “It might be the ISPs going after that data or it might be people who have power over those ISPs or people those ISPs might want to cooperate with.” 

When a site hasn’t secured connections with visitors, anyone with visibility to that connection (such as the company that provides the broadband), can see absolutely everything a consumer does. ISPs can see not merely a visit to Pornhub, for example, but the fact that visitor binge-watched all of Stoya‘s clips one by one. When a site is encrypted, though, all an ISP and other snoops can see is the fact a visit was made. Everything else gets left in the zone of mystery.

It’s hard to believe that nearly everyone wouldn’t prefer that their particular prurient proclivities remain private. We can’t help but wonder if the legislators that backed spying-for-profit really understand how much ISPs can see. Did these politicians think about the chance their own viewing habits could show up in opponents’ opposition research files?

Maybe lawmakers just trust ISPs to anonymize users’ browsing history? The trouble is: large pools of data can’t be reliably anonymized.

“Republican lawmakers are willing to put ordinary Americans at great risk to keep cable lobbyists happy,” Gaurav Laroia, an attorney at Free Press said in a statement following the Senate vote to kill the FCC rules.

SEE ALSO: Camming in VR is so good you can almost believe the ladies really like you.

Increasingly, though, the public gets it. “We always encourage our users to leave feedback via our feedback form,” Prince told the Observer in an email, via a spokesperson. “Users have submitted requests for full HTTPS encryption, especially over the course of the past several month as privacy concerns saw an uptick.”

We last checked in with Pornhub about its progress toward encryption in June.

Adult sites have been some of the last major sites online to encrypt connections with visitors. In part, they have been stymied by processing such massive pools of data and in part by relying on third-party ad networks. An encrypted site needs to encrypt absolutely everything that appears on it, Aas explained. It needs every external site it grabs assets from to participate in the encryption as well.

The Observer has been following the adult-only web’s transition closely. Thumbzilla and RedTube made the move previously, both of which are owned by Mind Geek, the same parent company that also owns Pornhub and YouPorn.

Among non-MindGeek companies, MakeLoveNotPorn made the shift in July of 2016, according to an email to the Observer from Cindy Gallop, its CEO. XVideos has an encrypted option, but it should encrypt by default.

In fairness to the GOP, it is worth noting that not all its House members voted against the FCC’s rules on Tuesday. For example, Republican Rep. Kevin Yoder of Kansas didn’t, releasing a statement following the Congressional Review Act resolution passage, saying, “In the 21st Century, Americans deeply value their privacy when it comes to digital content. We don’t want the government having access to our information without our consent, and the same goes for private business.”

This isn’t Yoder’s only recent pro-privacy move. He’s also pushed an update to laws on email privacy, as we reported. Honestly, it’s hard to understand why any principled conservative wouldn’t support consumers’ right to decide how much the wider world can know about how they use the web.

Especially if that principled conservative happens to be one that, y’know… likes the weird stuff.

Pornhub and YouPorn Move to Keep Your Taste in Privates Private