You never know if you’re browsing alone online unless the website has a secure connection.
Having a roommate scan their browser’s history might be the chief fear for U.S. porn consumers (use a private browser mode for your self care, folks), but browsing habits have much higher stakes in other parts of the world. In 2015, pornography was ruled illegal in Russia, and a disturbingly large number of countries in the world still treat homosexuality as a crime punishable by death. So a person’s voyeuristic predilections have much higher stakes in more repressive parts of the world.
That’s why it’s important for porn sites to secure their connections with visitors. That way, internet service providers and others can’t step in the middle and see what someone is looking at or even change what he sees. RedTube, a site listed on Google’s last transparency report as one of the 100 most trafficked websites in the world, has now secured its connection with visitors, the Observer has learned.
Visitors to the site now will find something like this little green padlock that indicates that data sent to and from the site has been encrypted:
Sites that encrypt their connection with a user add an “s” into the URL after HTTP, making it HTTPS.
“HTTPS should not only be reserved for payment pages and financial institutions. At RedTube, we owe it to our visitors to ensure their browsing habits, downloads and searches are truly their own,” said Alex Taylor, a RedTube vice-president, in a press release. “On top of that, we are also doing our part to protect users against malware. After all, safe sex should be a priority not just in real life, but also on the web.”
The security professional behind the site HaveIBeenPwned, Troy Hunt, explained why this is so important, writing that a secure connetion “ensures other people can’t modify the traffic. For example, a compromised internet service in a hotel couldn’t insert malware into the page,” in an email to the Observer.
“So much of our internet traffic is examined,” Joe Hall, the chief technologist at the online civil liberties organization, the Center for Democracy and Technology, told the Observer in a phone call. Hall’s organization has been helping major websites make the switch from HTTP to HTTPS. “We don’t want people’s behavior online to stigmatize them later,” Hall said.
Encrypted connections can also stymie certain kinds of government spying as well, making it harder for online spies to identify specific users as they bounce around.
‘This is a very positive indicator of how far we’ve come with security’
When Google started grading the top 100 non-Google sites in its transparency report, it checked sites on three separate points. Is it secure, does the site use an up-to-date encryption standard and will the site bounce a user over to HTTPS even if they type in or click a URL that’s HTTP (in other words, is it secure by default)?
Hall checked out RedTube and found it checked the first two boxes, but not the third. If a users just types in “redtube.com” it will come up secure, but if he or she types in the whole address (http://redtube.com) it will stick to the insecure connection.
[UPDATE: RedTube has since updated the site so that it does default to a secure connection.]
It’s good that RedTube uses modern encryption. Last week, Google and security researchers in Amsterdam demonstrated that a determined attacker can bust older encryption.
“It’s also a major step forward to see this on an adult website as they’re frequently media-heavy,” Hunt wrote. “Serving this content over HTTPS is a greater challenge and seeing organizations address it like this is a very positive indicator of how far we’ve come with security.”
We previously reported on another major porn video site, Thumbzilla’s, move to a secure connection. Like RedTube, Thumbzilla is owned by MindGeek, which owns many of the biggest sites for sexual content online. Hall also pointed out for us that another top 100 site, Prague-based XVideos, has gone secure as well, but it doesn’t default over to a secure connection if a user types in the full URL.
Hopefully, the move by RedTube indicates that porn fans have come to demand secure connections. Eventually, Google Chrome will indicate all HTTP sites as “not secure” by displaying a red triangle in the URL bar, the company announced in September.
Porn sites and media sites have been some of the last big webpages to go secure. Both industries have been stymied by the fact that both serve so much more third party content, particularly advertising, which makes security more complicated, yet they are also the two kinds of sites that web users most need security when viewing. The Washington Post was one of the first major news organizations to go secure, doing so in 2015.
“Certain kinds of content is especially sensitive,” Hall said.
UPDATE: Since we first reported this story, RedTube has updated the site so that it now defaults to HTTPS. March 1, 2017 5:45PM.
