FSC Pushes to Make Adult Sites More Secure

FSC Pushes to Make Adult Sites More Secure

CANOGA PARK, Calif. — The Free Speech Coalition and the Center for Democracy and Technology, a digital civil liberties group, have agreed to work together to advocate use of the encryption protocol HTTPS for adult sites.

The bottom line, the groups emphasize, is that adult site operators can deliver a more private and secure experience to users while protecting traffic online. The groups plan to conduct a series of webinars and outreach events to reach their large network of members.

Adult site operators typically shy away from HTTPS because they may host third-party elements, including ads, that often include trackers that don’t work with HTTPS. If ads are delivered over HTTP, the site can’t be considered secure. Another reason to be hesitant: SEO challenges during HTTPS transition.

“I could imagine that it’s going to become something where in order to do business in this industry, you have to have HTTPS up and running,” FSC Communications Director Mike Stabile told Wired. “If you’re leaving yourself exposed, you’re leaving a lot of people in your network exposed — advertisers, billing providers, members. The pressure’s going to come from a critical mass of vendors and partners.”

Stabile noted that privacy concerns are a big deal for users if breaches occur.

“It’s one thing if your credit card information is stolen from something like Nordstrom,” Stabile said. “When you’re dealing with an adult company, it says a lot about you. It’s tremendously exposing, especially if you’re closeted or in a community that’s going to frown upon that.”

Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology, said that his group and the FSC are available to help with an HTTPS transition.

“If you are an adult website operator who has questions we can answer, please don’t hesitate to reach out to us or the folks at FSC,” Hall said. “If you are a sysadmin at a top-100 adult site, allow us to help you navigate the switch to a more secure web for your users.”

Hall said that the short version of the argument is as follows:

  • Without HTTPS, ISPs and governments can spy on what users are doing;
  • Using HTTPS prevents malicious actors from injecting malware into adult site traffic;
  • Site operators already need HTTPS to do payments if adult sites accept money;
  • Without HTTPS, ISPs can strip out ads/referrals and add their own;
  • Without HTTPS, sites cannot utilize HTTP/2 for optimal performance;
  • Without HTTPS, sites can’t use the latest web features that require HTTPS, like geolocation; and,
  • Without HTTPS, sites can’t know if users receive important resources like terms of service and privacy policy without modification.

Hall noted that as Google’s transparency report have exposed, adult websites are moving too slowly to HTTPS.

“The few adult websites in the top-100 that scored well in Google’s metrics were cam sites,” he said. “That seemed intuitive; all the other top-100 adult sites were focused on one-way broadcast of adult videos, images, etc., rather than two-way real-time communication, which could be exceedingly more sensitive than passive consumption of adult content.”

View paper on HTTPS authored by Center for Democracy and Technology