Honestly, as an employer, I really wouldn't care if my employees watched porn in his free time as long as he keeps it to himself. Our attraction to naked bodies of the opposite (or same) sex is as old as walking upright and is deeply and fundamentally a part of our humanity since our ancestors roamed the Serengeti. And while for the sake of social norms I'm more than willing to put aside my "dirty pastime" in a professional setting in today's modern age, if society is going to come around into my private life and "expose" that I look at porn in my off hours, I see no reason to feel ashamed or apologetic for it (unless it's my girlfriend who finds out, then all bets are off, and I will feel as much shame and apology as necessary).
I agree that's how people should feel about it, and if they did that it would solve two major issues we have in the society right now (hopefully):
1) "sex scandals" - it seems politicians or others in power can't go to prison for stealing a lot of money or even murdering someone. But if they are involved in a sex scandal - well god may have mercy on their souls! Their careers are basically over then. It's also why intelligence agencies can have tremendous power over politicians, judges and so on, if they can "discredit them" through their porn or sex habits. That should stop happening. It should be a non-issue for everyone.
2) the more people are "okay" with porn or sexuality in general, the less likely it will be for some politicians one day to manage to pass a bill that criminalizes either porn in general, or specific kinds of porn or sexuality (like say gay porn).
Not quite. Most of the big ISPs were required to add an 'adult content' filter, which yes, basically blocks porn among other things.
When signing up for a new broadband connection, the box enabling this 'adult content' filter is ticked by default, meaning you have to actively untick it.
ISPs are also required to contact all existing customers somehow and ask them whether or not they want the filter enabled.
No laws have been passed yet to enforce ISPs to do this, just pressure from David Cameron and campaigns by the Daily Mail and 'parent' groups and stuff, although David Cameron did say if the recently implemented system was not effective enough they would have to legislate (the problem now, is whether the 4-8% takeup on all but one isp is 'effective'.)
It's not always as simple as that unfortunately.
I arrived in the UK recently and got a mobile sim card with a pay-as-you-go system.
When trying to view an adult content website using my mobile data connection, I arrived on that wonderful "blocked content" page.
To get it removed, I could use a credit card. Oh, but not any credit card. The one I have from my country of origin wasn't valid, not even the one from my previous country of residence. I needed a UK credit card, which I didn't have yet.
The only option was to go back in a store, with my passport, and say "Yes dear Sir/Madam I would like my internet with porn enabled please".
It was (almost) faster to setup a vpn.
Also, note that I say _adult content_, not even porn, as some website that do not contain specifically porn are blocked as well.
I'm not from the UK (and may thus stand corrected) but I think this law has very little support in the general population. It seems like merely the latest fig-leaf for another increase in mass surveillance and "guided democracy", which the UK is notorious[1] for.
Many people are well aware that once these filter-systems are in place, they will inevitably be used not only to suppress porn, but also to "accidentally" suppress other things[2]. There has been quite a bit of backlash[3][4], but I guess we know how these things tend to pan out...
People getting a new internet connection are required to actively choose whether they want their ISP's filtering to be applied or not. It doesn't feel like a big deal - everyone I know takes the view of "of course you opt out of the filter" and there doesn't seem to be any stigma attached to doing so. (of course that's just my friendship circle)
Try at least occasionally watching it together with your girlfriend. I'm sure you can find some movies/scenes that you both like. I made very positive experiences with that.
Otherwise I absolutely agree with your comment. I don't give a sh*t whether you, my co-workers, my boss or my wife watch porn.
I'd be rather more astonished to find out that some guy never watched it. It used to be complicated, but since the late nineties it's all 'just a click away' and free.
The "problem" probably lies more in the type of porn people watch, than the fact that they watch porn at all. Exposing the former might be very embarrassing while the latter as you say - wouldn't.
Yeah, I mean...you typically assume that any guy (and many gals) you're friends with or work with watches porn at least sometimes. And in your head it's just "porn" without much thought given to it. For better or worse, a person's sexual fantasies and proclivities are considered very personal and private. Knowing that the fella in the next office over doesn't just watch "porn" but rather that he watches a lot of scat porn or porn with specific focus on power play between (for example) people of different races or ages or is into any number of other fantasies...it might cause many people to get skeeved out. Even if you're fairly open minded and don't care that people you know could be watching any number of porn sub-types, there's something uncomfortable about knowing the specifics. It's like seeing someone defecating. Everyone does it but for whatever sociological reason, it's not something you want others to see (usually (see porn discussion)) or something you personally want to watch.
I think on some level, the situation of "modern man" is one where we cultivate the image of our higher functions and logic while hiding the more primitive, animal sides. For many people, sexual activity and elimination are just too "gross" and primal for comfortable observation. Of course that transgression is the fuel for several fetishes but that's only tangentially related.
The other thing to consider is that fantasies are often a way to address those primitive motivations and desires in a way that doesn't interfere with the operation of modern society. Maybe a woman likes the fantasy of a dominant or forceful partner even if actual coercion or rape would be horrifying. Maybe a man likes to fantasize about sex with a room full of women or people who look like his boss. In reality he's not going to attend orgies or pursue his employer but the fantasy is a way of exorcising and addressing what his lizard brain keeps pestering him about.
When others learn of these fantasies and interests, how do you know they aren't going to draw the wrong conclusion? Your coworker probably isn't a rapist or a rape victim or planning to pursue their boss or someone who goes cruising for anonymous sex with lots of partners but when their porn history is exposed, how do their coworkers not recoil from them or judge them harshly for those thoughts?
I guess in a perfect world we would all just accept sex fantasies as what they are but in reality, the line between public and private life is one that seeks to minimize the conflict that would arise if we really knew everything about other people.
As someone who got fired from Amazon for sexual harassment because I was viewing "porn" (the image in question was a hand-drawn signature on a game forum showing less skin than your average perfume ad)... this rings very true with me.
I quickly learned two things: the viewpoint of your coworkers matters more than any facts, and we Americans are terribly prude.
If someone wants you gone, you're probably going to be gone; it doesn't matter what you do.
Everyone commenting seems to be very blase about this. I guess they are forgetting that there countries where it is still illegal/dangerous to be openly gay. Besides that, probably useful in targetted blackmail/extortion plots but not a huge threat to the common man.
They can fix most of this. Tor Browser has addressed some of the easier problems and makes fingerprinting more difficult. If you read the bug reports of major browsers, you'll see the maintainers will usually value compatibility and features over privacy. It would be especially nice if they'd fix the issues with fonts because that's one fingerprinting aspect that's really only solved by modifying the core browser code (unless you remove/add fonts system-wide from your machine to match Tor Browser).
There's a long tail to fingerprinting that's pretty daunting. E.g., you can detect OS by looking for idiosyncrasies of the low level networking stack. One project did attempt to solve this but hasn't been touched in years: http://ippersonality.sourceforge.net/
You can test whether a font is installed with any number of tricks. For example, render white text on a white background with "sans". Then, change the font to the candidate font, with a fallback of sans. If the width of the text changes, the font must be installed.
Maybe browsers shouldn't have access to system fonts except a specific set. Websites can't assume fancy fonts are installed anyway, I don't think it would be a problem?
Yeah, all we'd have to do is convince every manufacturer of operating systems and/or browsers to agree on a common set of fonts, work out licensing/font rendering technology issues etc., then convince all web developers across the world (or at least a sizable portion) to redevelop their websites to work with this list, then enforce the font restriction, and then convince users that this is somehow a good idea because invariably a bunch of the websites they use are going to break. We also need to do it within a few years, otherwise it's too late, and our main argument is going to be 'but maybe websites can use fonts as part of a fingerprint to track what websites we are visiting'.
You're both wrong; most people at the point of browsing don't care that much for privacy. Most users would hand out their passwords for a chocolate bar! [0] How much less would they care about their privacy let alone understand how one browser is better than another.
Very interesting, but it still seems like browsers would be able to prevent that: simply restrict the font list to a generic set when in incognito mode. Similarly for any other fingerprint thing. Of course, in the most general case this might be hard (or impossible) to prevent fully, but a browser developer should be able to at least get close to minimizing it... I would think?
Browsers should improve incognito mode so websites won't be able to distinguish Chrome@OS X from Firefox@Windows. And may be allow easier integration with proxy services. Privacy is important.
I agree; I don't think there's any reason for a browser to be fingerprintable even when not in incognito mode. I'm curious if this is on the roadmap for a browser like firefox or one of the linux ones. You would think govt / infosec people might care about it too?
Write a script to continuously scrape and hit every porn video on every porn site. It's obviously impossible for you to watch all that porn and unlikely any hacker will try to intuit your exact history (which would be difficult and not worth the effort). Problem solved.
Unless there is big money in this, I don't think this will be the next big privacy scandal, with the exception of politicians --they could get worried (people who have a big stake in maintaining an image). But your average Jurgen and Silvie, not so much.
[edit]That's to say, porn, for all practical purposes, is mainstream. It's an open secret. I don't think people are going to hyperventilate, freak out. I mean, 50 shades, the movie, is a marketing juggernaut in middle America --and beyond.
Yeah. I don't think people will freak out. I can imagine the first few people being freaked out, when it's a novel thing, their names alongside the titles they viewed, but after they see what their neighbor and their boss and their friends watched, they begin to think, "meh".
If you wanted to target a politician, instead of hacking an ad network or owning both a porn site and a mainstream social network, you could just start a salacious rumour.
Pick a catchy enough claim combining a particular politician, a particular porn genre and then maybe an intriguing twist ("in the toilets at a cancer charity function!?") and there's every chance that an anonymous story could start doing the rounds.
I would think a lot of people would pay to keep such information secret though. Maybe not enormous sums individually but given data that you can personally verify this would be a fairly effective threat.
I'm imagining the typical popup - 'Warning your browsing information is compromised - pay us to remove the offending data!'. Add to that page a list of actual viewing history and I think conversion ratios would increase.
I think this would tremendously backfire. It wouldn't be too difficult to figure out which companies have leaked customer data, which is now being used for extortion, and they'd likely lose more money than they could gain from the ad clicks.
Reputable porn sites tend to be more secure than your average company website specifically because they know that privacy is important to their viewers. Being known for leaking your viewer data would be suicide.
A very substantial proportion of porn viewers don't restrict their browsing to "reputable sites", and a very insubstantial portion of porn viewers have the will and inclination to retrace their browsing history trying to work out which ad network or tracker beacon is responsible for the disclosure in order to report them to site owners which may or may not be part of the scam. It's not as if nobody is selling clicks to websites making amateurish attempts to persuade you to pay up or face investigation.
If I have your browsing history, and it's clean, I can threaten to throw in some random unpleasant links, and still threaten to release it as "credible looking". If I have your browsing history, and it's dirty, and I do release it, you can just claim I have tainted it as part of a blackmail attempt.
Presumably they can't verify it, but I feel like real data would be much more likely to convert to 'sale'. Besides if that's the particular strategy the site takes then it may well develop a reputation for reliability in some sort of way.
I understand and I agree. My point is just that sites make money with fake claims of viruses on your computer - I think real browsing history would scare the money out of enough unsophisticated people to make it profitable.
I'm surprised the article doesn't mention an even bigger point - very few porn sites provide end to end TLS. Through, uh, research, redtube doesn't have ANY TLS available, and xhamster has a 'some content on this site is not delivered over TLS' warning.
> yet another reason that the tech community should take a more proactive approach ensuring data privacy.
Or maybe yet another reason for people to get their shit together.
Seriously, this is not an issue of privacy - it's an issue of society potentially overreacting to things. So Jane Doe watches porn. Big deal. John Doe watches it too. Like 80% of country's population. It's an open secret, like going to shrink used to be. It only holds power over you if you expect people around you to behave like apes (which they often do - see being gay 30 years ago, or being not pro-gay now).
I know very well that it's easier to influence tech than society; hell, it's even easier to influence biological factors than social ones. But ultimately, we can't blame it on tech when it's lack of civility that's the problem. Maybe it's the very expectation of privacy that makes people such bigots?
Either way, it's another data point for "privacy vs. progress of mankind, pick one".
Here's a real issue. It's not the existence of porn, it's the nature of the porn. If you've decided you want to attack someone, and if they have even remotely unusual tastes, you can certainly attack based on those.
If it's really a low status taste (e.g., furry, femdom, cuckold), the attacks write themselves. If it's more mainstream, it isn't hard to twist it into something deeply revealing about their character (e.g., "omfg look at how he objectifies asians").
Without disagreeing with your observation, as a practical matter the biggest influence is how one responds to the allegations. I remember a few years ago it emerged that a US Senator not only patronized prostitutes, but that his preferred sexual fetish supposedly involved wearing diapers (which is a pretty fringe preference, to at least the same degree as those you mention). Embarrassing of course, especially as it was his second prostitution-related scandal in a decade, but he made the usual tearful public apology to his wife on TV followed by a reaffirmation of his religious faith and bingo, forgiven. His party didn't want to lose a Senate seat if he resigned, and he's since been re-elected and is this year planning to run for governor of his home state.
To say "privacy vs. progress of mankind, pick one" is rather naive and not helpful.
If you take the aspect of watching gay porn alone: people will lose their jobs over this if their boss is conservative or they work for a conservative institution. People will lose their families or be beaten up or killed for that in fundamentalist societies or regions. Look at russia, the middle east, african countries.
And even if sexual orientation would be no problem at all in our society, perhaps in five or ten years from now that may change. All over europe right-wing political movements are rising and in the USA, well...
So, it's great that you have no problem. And yes, people should be more relaxed about watching porn. But in reality they aren't, and the decision whether someone wants other people to know about his sexual preferences or orientation has to be his and his alone.
Privacy is a human right and it's _important_. Technology should aid people in every way possible to guard their privacy, their dignity and their personal choices. To hold this as a value is not going against the progress of mankind. In fact, it's relatively easy to change technology and there is no reason at all not to do it.
> If you take the aspect of watching gay porn alone: people will lose their jobs over this if their boss is conservative or they work for a conservative institution. People will lose their families or be beaten up or killed for that in fundamentalist societies or regions. Look at russia, the middle east, african countries.
I know, and I agree that having porn habits suddenly public worldwide will cause short-term problems there (though one could argue that sudden reveal of how common some preferences are could also force their societies to reconcile official values with reality).
> So, it's great that you have no problem. And yes, people should be more relaxed about watching porn. But in reality they aren't, and the decision whether someone wants other people to know about his sexual preferences or orientation has to be his and his alone.
Well, for one, part of the progress of mankind is people being more relaxed (that seems to be the only stable solution with good cost/benefit tradeoff).
But in general, the very notion of being able to be private seems misguided. If you really want to make revealing someone's sexual preferences his and his alone decision, you'd have to reduce human interactions to text-only chat.
Scratch that - even that wouldn't help, you could always infer stuff from prolonged conversation.
The point is, we really suck at hiding anything and it makes no sense to limit our ability to perceive and interpret the world to perserve a flawed notion of "private information".
> Privacy is a human right and it's _important_.
I'm not convinced. We give up a lot of privacy to form a society.
> (though one could argue that sudden reveal of how common some preferences are could also force their societies to reconcile official values with reality).
Fundamentalists don't care for statistics and they usually aren't very open to new ideas. Besides if they would have lists of people watching gay porn, they'd probably have a minority anyway.
> If you really want to make revealing someone's sexual preferences his and his alone decision, you'd have to reduce human interactions to text-only chat.
Of course not. Gay people in countries where they are oppressed have to hide their sexual orientation and they succeed with that. And in more open societies people decide for themselves whether they want to 'come out' to others or not. Nobody has the right to take that decision from them.
If this decision is taken away from them, it may destroy their life. And if that happens because their browsers didn't guard their privacy, the technology sucks.
> We give up a lot of privacy to form a society.
No, our society is based on the individuals' privacy. That is why we vote in secrecy and why we value a persons' liberty.
Privacy doesn't mean that everything I do is a secret. It means that I have the right to choose what I want to be a secret and what not. And I should be able to count on that, since it's a human right.
Take a look at what happens in reality. People are killed all over the world for their beliefs, their political opinions, their sexual orientation. Peoples lifes depend on their privacy. It that is taken away from them, that is totalitarianism.
This is a strong point in favour of privacy. I don't feel I have much to add at this point in conversation, I need to think about this issue more. Thanks for elaborating :).
> That is why we vote in secrecy
Just to address this one thing though - from what I understand, we vote in secret so that we can't be forced to vote against our will by external actors via e.g. blackmail - not because we value privacy per se. Am I wrong here?
> Just to address this one thing though - from what I understand, we vote in secret so that we can't be forced to vote against our will by external actors via e.g. blackmail - not because we value privacy per se. Am I wrong here?
No, you're right. But I'd say that we implicitly value the privacy of the voting booth as a tool to guarantee a free election.
Privacy is not secrecy. It's not a secret what I do when I go to the toilet. However, I do want my privacy when I'm in there. Understand the difference?
I do. Though I think it's something curable by rejection therapy, given by the popularity of urinals in public places. Anyway, I keep thinking about a different but related thing.
Are you, or were you ever religious? A lot of people are, and probably majority were in the past. Pretty much every mainstream religion teaches that there is an all-seeing god who watches you all the time. And that includes being watched while in toilet. Or while in bed with your spouse. So I wonder - if people were used to be watched by an omnipotent god, how is that different from being watched by omnipotent cloud?
For the record, I haven't in any way made my mind about the issue. I am just exploring the concept that maybe we don't need as much privacy as most think we need, and maybe it would be better for the whole mankind to limit those expectations.
> if people were used to be watched by an omnipotent god, how is that different from being watched by omnipotent cloud?
That's an interesting meta point which is much wider than this discussion (it also encompasses PRISM etc)
But plenty of us don't believe in the omnipotent God, and most of those that do don't expect Him to adversely affect their every day life by forwarding on their browsing history to their spouse, the local newspaper or the police.
> That's an interesting meta point which is much wider than this discussion (it also encompasses PRISM etc)
Fair enough, though I don't think I ever saw that meta point being touched in any of the discussions about recent privacy issues, and I wish it had - it seems to be important for the future of mankind.
> most of those that do don't expect Him to adversely affect their every day life
To be honest, a lot of the stuff we want to be "private" about probably wouldn't adversely affect our daily lives as well. For instance, if I were to be discriminated by my employer for being a Trekkie (because everyone who cares can know everyone elses fandom affiliations), that employer would be doing himself a big disservice by dismissing potentially good people because of irrelevant criteria and will be outcompeted by one who doesn't discriminate (unless he wants to create a Star Wars-oriented workplace to improve cohesion and morale; let the market decide then if this actually makes sense).
The only big objection I can see is with insurance - while on the one hand I'd be totally fine for insurance companies to bill people by their risky behaviour, it would have nasty consequences for health-related policies; having access to medical data makes insurance more expensive for people who need it the most. But I suppose there could be workarounds.
I don't want to spoil the book too much for myself, but from a cursory check I infer that this comment was meant to be a criticism.
My point is, if one stops treating the vague notion of "privacy" as some kind of end-goal and focuses on costs and benefits, it seems reasonable that we might be losing more than we are gaining as a civilization by fighting for as much "privacy" as possible.
I see a lot of people saying, essentially, "I don't care that anybody knows I view porn; that's totally mainstream". And, yeah, I feel the same way.
But on reflecting on it, I find there's more nuance to it:
I don't care that anybody knows I view porn; that's totally mainstream. But to have people know the specifics of my tastes in porn? Suddenly, I would begin to feel embarrassment; I'd worry I'd be thought a weirdo for getting off to X which is considered a fetish instead of Y which is considered standard stuff, etc.
Only at the last election there were some presidential candidates that toyed with the idea of banning porn. That would mean all the sudden you could be criminalized for watching porn, just like you are now for playing poker online.
This may or may not be an issue for targeted attacks on high-profile individuals (which in turn likely have the means to avoid them). But I don't think crosslinking moderately-reliable browser identifiers across different websites, so as to be able to extort "average Joes", will really be that profitable.
Remeber that there's a lot of people watching porn and a lot of people on facebook-like sites, so those unique broswer identifiers won't be so unique any more in the end. Also there's a lot of money involved in both porn and facebook, so trying to meddle with them get you sued if you endager their profits.
The real issue I see however is credit card data and how easy it would be for corrupt authorities to abuse it. I looked into options for anonymous credit cards just because of this, but sadly that gets you into really shady money landering territory really quickly.
This is assuming that there is data to be breached though. Unless it was some realtime MITM attack, I don't think many porn websites are storing the browser footprints of all their visitors in a database. But, I could be naive.
Ad networks, probably including adult ad networks, regularly track browser footprints. You don't need an MITM attack, you merely need a porn site which runs ads. That consists of about 100% of the porn sites I browse.
Maybe not the websites themselves but the ads they might display might store this information. I.e. if they capture your fingerprint on a porn site while browsing in incognito mode and then capture your fingerprint while browsing in normal mode on a regular website. Simply put two and two together.
There's an ongoing criminal case in Sweden where a website streamed their porn movies for "free". However, in the fine print it said that in order to watch this you need to pay X. So basically the company could bill you just for watching.
This wouldn't be any problem since people are anonymous. The twist is that the company behind it actually had a deal with some of the phone network operators where they sent the phone number as a header for mobile devices.
The result was that hundreds of people got invoices and were told that their personal details would be exposed if they didn't pay.
I think this should only be applicable to sites where you are logged in, as otherwise its going to be pretty difficult for them to identify using your name.
Wrong. All it takes is a browser fingerprint. If they can associate that with a name, whether or not you're logged into the porn site — e.g., through sites that you are logged into — they can identify your browsing session on the former.
It seems like denying access to my plugins (and maybe non-standard fonts) would solve this. Why does a website need to know my plugins in the day and age of Flash being deprecated?
"Web browsers leave an essentially unique footprint every time you visit a web page, even in Incognito mode (and even without supercookies). This is well established; many web tools such as Panopticlick will confirm that you give a website lots of information about your computer every time you visit."
Access to IP address + browser fingerprint on two sites that you've recently visited. Doesn't seem that implausable with all the recent security breaches.
Having built a system which does this, here is what I need you to do:
Step 1: Open an incognito window and watch some british milfs getting creampied by black dudes.
Step 2: go to cuteoverload.com and tweet the URL of some snuggly G-rated kittens.
I've now fingerprinted you across both xhamster and cuteoverload.
Additionally, once you tweeted something on cuteoverload, I just learned the the tweet_id of something attached to your twitter handle, which I tied to your browser fingerprint. Provided the tweet is public I can then get any personal info you make public in your twitter profile.
Apparently people generally do not "tweet the URL of some snuggly G-rated kittens." Especially not using the tweet button on the porn site. Secondly this is more of a leak from public tweet rather than by visiting your websites. Unless i tweet, you have practically nothing.
Suppose I have a tag on both porno.com and kittens.com. I can fingerprint you across both sites, even if porno.com is incognito. Then you can tweet on kittens.com and I can now tie your kittens.com usage to your twitter usage.
I only need you to engage in one of many non-obviously trackable social interactions ("YES send me a cute kitten every day to my email!") on kittens.com to identify you.
Of course it's deniable, just say the person is clearly trying to blackmail you, or that you watched that one but not that truly terrible one. Also who cares. Now if they could hack into your camera while you watch and you happen to be a person in the public eye, that could turn into a short lived manufactured controversy that gossip sites and cable news live on.
When reading the headline I expected someone had done facerecognition over redtube, xvideos and the like and created a database with people in pornvideos, making it easy to lookup for future reference...
Just finding out that someone watches porn at work is really uninteresting from my european point of view...
Flabbergasted that the HN crowd harps on endlessly about privacy until it's about porn. Then it's all about get over your hangups, radical transparency.
Many people don't want their porn habits made public for all sorts of reasons and it is not your place to judge.
There is a huge privacy problem even without browser fingerprinting. Some porn sites use google analytics. I find this irresponsible, especially since most people have their real word ID bound to their google account.
isn't this what throwaway Linux VMs where invented for?
Elsewhere in this thread someone mentions a conspiracy of service provider and porn [alleged] criminal. So I guess Fapuntu-64 won't work for that, but for all else, it seems a good solution, so long as your desktop is not your telephone.
does it mean if there is a browser just for browsing non-login sites and doing nothing else (do all browsing that requires a login or identification of any kind from a different browser), this problem can be prevented ?
I would love something in a browser that makes it easier to seperate the login sites I use, like webmail and facebook (occationally).
I use all the usual plugins, like Disconnect, uBlock, https everywhere, but recently I have been using a Firefox plugin called 'priv8' to sandbox the login sites I use the most (means I am not signed into google or facebook for my regular browsing). I honestly do not have that much of a in depth knowledge of browser tracking, so I am not exactly sure if this makes much of a difference.
