YouPorn Sued for Browser History Sniffing; Stops Practice

This morning I filed an in-depth look at the paper that named YouPorn as the top culprit for “history hijacking” and why they were singled out – it wasn’t because they’re a porn site. I’m a fan of YouPorn for a number of reasons, and while I am upset about the snooping I am also not surprised. Now they are being sued for it. As I point out in the article, practices like this are sadly normal in online advertising, and while YouPorn was the only porn site doing it, lots of other sites still are.

And it sucks that sites like Wired and open source site OSDir are not a) transparent about spying on visitors, nor are being held accountable for not disclosing what they’re doing in privacy policies to readers. This is the kind of behavior that has the FTC getting involved (in this country) to the point of proposing lawmakers create an online “opt-out” for tracking similar to the “do not call” registry. This, too, is in my article, because you probably had not heard about it…

Please click Lawsuit Filed Over Browser History Privacy Scandal That Includes YouPorn, Wired, PerezHilton:

With YouPorn in the #61 spot for global Internet visits, you no longer need to pretend you’ve never checked it out. But do you know who’s been checking you out when you come to visit?

YouPorn is facing a lawsuit over browser sniffing. The FTC is asking lawmakers for tracking opt-out tools for surfers, and a whole bunch of big sites have been caught peeping their users’ private history. You’d think that people would be practicing a lot more “safer surfing” precautions these days.

Back in October, an insanely sexy report was filed by UCSD researchers called An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications (.PDF). Their paper confirmed that 46 websites used browser (history) sniffing to see which sites users visited before they arrived, and noted 326 sites they deemed “suspicious” in history tracking practices.

“Our study shows that popular Web 2.0 applications like mashups, aggregators, and sophisticated ad targeting are rife with different kinds of privacy-violating flows,” the researchers wrote.

The top 46 in the browser history sniffing expose were using a browser exploit that relied on the browser telling the site which color to use for visited links, based on visitors’ history. Visit one of the 46 meant activating a script that ran to get your browser to tell them were you’d been, and visitors are none the wiser. Not surprisingly, the trail led mostly to ad networks: 22 used sniffing code from Interclick and 14 used scripts from Meaningtool.

Among the 46 noted in the study included StraightDope, OSDir.com, Newsmax, investor site Morningstar, NamePros, ESPN car racing site ESPNF1, Charter.net (a cable-television provider Charter Communications portal), and YouPorn, among others. The report especially noted that other sites, such as YouTube and Microsoft, were found to be performing covert behavior sniffing; Wired.com, PerezHilton, Technorati and TheSun.co.UK were also found to do so with TYNT. (…read more, zdnet.com)

Photo by TeamRockStarImages. Gorgeous model and glorious art direction: Velocity.

Update: This article, when it hit ZDNet’s front page and newsletter today, went nuts in my inbox. But I was not the only person to write about this; Wall Street Journal, Forbes, cNet and other respected sources covered it in bits and pieces. I got hit from rude PR flacks, anxious emails from media companies mentioned in the study’s list, and at least one (polite) email from the CEO of one of the behavior-monitoring data gathering companies.

The all suggested “corrections” to the story, but were hard pressed for corrections when I asked what was inaccurate. Nothing was inaccurate (except a typo I fixed on the word “JavaScript.”) Everyone in this article is very, very nervous about the way this study made them look. I’m running quotes from companies as they come in, and may do a follow-up article on what one company described to me in an email as “industry standard anonymous practices.” Now that is interesting.

But here’s the thing. Clearly I did something very different in this article than the other news outlets to get this much attention from the subjects. What was it? I have a theory. In all the other coverage, the concentration is on YouPorn and the noise is about the fact that it’s a porn company being naughty. With me as a journalist, that issue is merely an aside. Notable, but not the main event. Does not freak me out or make me need to crack jokes – or target YouPorn. I pulled that element out of the way and put the rest in context. I think – I think – that’s what made this different than the other coverage. Everyone is equally presented and they get the same tough questions as the porn company. I removed the assumption that porn is naturally guilty of bad behavior and levied the same issues at YouPorn at everyone else. YouPorn did do something different with their JavaScript, but so did a photography company also cited in the study. Did you hear about them?

Anyway: it adds more weight to my theory that things become a lot more interesting when we remove the OMG SEX from discussions. I prefer to save the OMG SEX for our entertainment and enjoyment, where it belongs.

I’ll get back to that now :)