Who’s Tracking Your Adult Entertainment?By: Richard Beaumont | Friday, December 13, 2013 | Tagged: Cookiepedia, Cookie Audit | Leave Comment
We’ve been collecting online tracking data via Cookiepedia for three years now, and without even trying very hard we have amassed data on 11 million cookies from 300,000 websites.
Following on from our number crunching to produce the global who’s tracking you stats, we have taken a sample of sites from one market segment, to see how it compares with the global average.
Our first chosen segment is: pornography. Why? We had a feeling the figures might be revealing of course, but we were also driven by our page stats. The most popular page views on Cookiepedia have consistently been for pornography domains, or cookies on them.
Maybe people are particularly worried about tracking on these sites, or it could be that we rank highly in search results in this area. Either way, we decided it was worth a look.
We identified the 10 obvious pornography sites that appeared most often in Cookiepedia’s page view analytics. We then set off our automated cookie audit service to scan up to 100 publicly available pages of each site (let us be clear - all browsing was strictly computer simulated).
So what did we find?
The average number of cookies was 41 per site, which is higher than the overall average of 36, but not much.
However, 65% are third party tracking cookies – which is much higher than the overall site average of 42%.
The devil though is really in the detail, and in this case the detail is – who owns those tracking domains?
Many of them were familiar – including the biggest brands like Google and Twitter. Google is particularly interesting because their cookies have recently been shown to be used by the NSA and GCHQ to track people for the purpose of digging up dirt about them. Indeed not long ago we heard that the NSA had considered using public shaming techniques of people it didn’t like, by exposing their use of online pornography. Did they use Google cookies to help identify those visits?
At least Google, Twitter and other mainstream tracking companies are known and bound by law to offer some level of privacy protection. What we also uncovered was a significant number of tracker domains on these sites that had clearly set out to hide themselves.
There were two ways they did this. One was to have domain names that are just random strings of letters and numbers, like ghr4f9d.com (this is not a real one but is an example of the naming style). Given that there is no content when you actually visit such domains, this gives no clue as to what their purpose might be.
Another way is to use domain registration services that enable ownership to remain secret. On the sites we looked at, we found domains registered by services in Russia, Panama, Hong Kong and the US, where the ownership was being kept deliberately hidden.
There may be completely legitimate reasons for this, and these domains may not be using the data they collect in unexpected ways, but who can know? If ownership is unknown, you have no idea what laws the owners are bound by.
Of course, this is exactly the kind of hidden tracking activity that the cookie law was meant to uncover. If websites were expected to disclose their tracking cookies as a matter of routine, people would quickly become wise to the fact that unknown, possibly unregulated organisations were watching them, precisely when they might want to be at their most private.