Every time a major hack becomes public—Target, Yahoo, take your pick—Mike Stabile is grateful it’s not an adult site. As the director of communications for the Free Speech Coalition, an adult entertainment industry trade group, he knows what the fallout could be, and that it’s potentially a lot worse than another password dump.

“It’s one thing if your credit card information is stolen from something like Nordstrom,” Stabile says. “When you’re dealing with an adult company, it says a lot about you. It’s tremendously exposing, especially if you’re closeted or in a community that’s going to frown upon that.”

You don’t have to look especially far to prove that out. Ashley Madison isn’t a porn site, but it trades in adult (or more specifically, adulterous) themes. The leak of its member information over a year ago had devastating implications for some of them. It’s not a perfect comparison; no one’s equating watching porn with cheating. But Stabile says it speaks to the same type of vulnerability that visitors of porn sites should feel. They’re only a hack away from the world knowing their most private online actions.

That all changes today, as the FSC and the Center for Democracy and Technology, a digital civil liberties nonprofit, embark on a quest to make pornographic sites safer to browse. Together, they hope to bring the encryption protocol HTTPS to online porn, securing an incalculably large portion of the web along with it.

If successful, the initiative could make hundreds of millions of people more safe online every single day. When Google recently published a list of the 100 largest (non-Google) sites, eight were adult destinations, making it easily one of the best-represented categories. Even that belies the extent to which pornography has consumed the web, so here’s some additional context. According to analytics company Comscore, 200 million unique visitors pass through Facebook every month. A single porn conglomerate, Luxemborg-based MindGeek, boasts over 100 million uniques every day.

And that’s just one company. There are too many more to count, too many new operations springing up each day to keep track of, in part because there’s virtually no barrier to entry. “In 2016, anybody can pick up a camera and become an adult producer,” says Stabile. Avenue Q should have gone one step further; the Internet’s not just for porn. It’s largely made of it. It’s not just the deeply personal information these sites have access to that’s the problem. It’s the unfathomable scope.

And that’s also a big reason why it’s going to be so difficult to secure.

Getting Their Fix

The best way to make adult sites more secure is the same as with any site: Add HTTPS.

We’ve talked in depth about the benefits of HTTPS previously here at WIRED. In fact, we’ve even implemented it on our own pages. The short version, and what makes it so critical for the porn industry in particular, is that HTTPS encrypts content between servers and browsers. It makes sure that what you do online remains strictly between you and the sites you visit.

“The two big benefits are confidentiality and integrity,” says Joseph Hall, chief technologist at CDT. With HTTPS, your ISP can’t know how you’re spending time at the websites you visit. Neither can government spy agencies, or anyone else for that matter. That information is encrypted. It remains private. As for integrity, deploying HTTPS can prevent the injection of malware by third parties, or ISPs from stripping out advertisements in favor of their own. With a standard HTTP connection, you can never be completely sure who’s watching, or in extreme cases, who’s on the other end of the line.

The initial goal of the FSC and CDT partnership isn’t to force HTTPS on porn sites but to educate them as to its importance, and help with the transition. It’s not a monetary commitment, but an instructional one. The FSC has members who need to encrypt; CDT can show them how to do it.

“Initially it’s about raising awareness, introducing why they would want to do this and why it might not be as much of a burden,” says Hall. “I’m hopeful that when they see the benefits, they’ll realize they need these things yesterday.”

HTTPS isn’t totally absent in the online porn industry; two largest “cam” sites, which connect viewers with live erotic performances, both use it, for understandable reasons.

“Those are locked down to the teeth,” Hall says, in part because of the direct interaction. These are also typically paid sites, which invites stronger protections. “They’re highly encrypted, whereas the maority of porn traffic are broadcast sites, and those don’t do much of that at all.”

That’s not necessarily for lack of interest. The bigger problems, says Stabile, are awareness and resources.

“People think of the adult industry as a bunch of large companies,” says Stabile. “The truth is, even a lot of the ones that are large now started off as mom and pops…. It’s not people who necessarily have their own IT department.”

Hard Sell

For all the advantages of HTTPS, there are reasons porn sites might be wary. For one, it does take some resources beyond just know-how, which for smaller sites aren’t always readily available. More concerning, though, is that the transition to HTTPS can come with all sorts of unknowns.

Take the media industry. While WIRED and a handful of other publications have fully implemented HTTPS, the bulk of news sites remain unencrypted. That’s because news sites host third-party elements (ads, mostly) that often include trackers that don’t work with HTTPS. If the ads are delivered over HTTP, the site can’t be considered secure. The good news there is that porn sites actually use far fewer tracking elements than media sites, but a smaller-scale impediment is still an impediment.

Then there are the unknown side effects. WIRED, for instance, saw some SEO challenges during its HTTPS transition. Hall acknowledges that search traffic is vital to adult sites, which may cause some anxiety about adopting the protocol. It’s not clear that they’d actually lose any incoming eyeballs by switching over, but it’s understandable that no one would want to be the first to chance it. “This is something we will learn through this partnership, what the specific barriers are,” he says.

Eventually adult sites may not have much choice but to adopt HTTPS. “I could imagine that it’s going to become something where in order to do business in this industry, you have to have HTTPS up and running,” Stabile says. “If you’re leaving yourself exposed, you’re leaving a lot of people in your network exposed; advertisers, billing providers, members. The pressure’s going to come from a critical mass of vendors and partners.”

The question, then, isn’t really if the porn industry will or won’t go HTTPS eventually. It’s if they can get there before the next big hack.

See original article – 

The Quest to Make Porn Sites More Secure