Porn Sites XXX pushes porn sites with a decent privacy rating
As of June, we are going to include privacy ratings into our rankings. That means, that we are going to push sites that have excellent privacy ratings and will punish sites that give a shit about it. Sounds good, right? That’s because it is!
If you wonder how we are doing this, check out our approach below.
General Approach
The porn site privacy rating scale ranges from A (fully trustworthy) to F (multiple risky leaks and/or highly vulnerable).
For the site ratings, we consider privacy and vulnerability risk. Privacy risk mostly depends on the number of domains/companies called in 3rd-Party-requests. Multiple requests to the same domain are counted only once, requests to sub-domains are mostly included in the respective domain as well. Not considered in the rating result are (1) domains that are harmless/whitelisted (e.g. JQuery or icon websites without identifier which may leak the visited website) (2) domains that belong to the same company as the website itself (e.g. content-delivery-servers) and (3) cookies. Some analysis led to the conclusion that 3rd party requests play a much more important role than cookies, most probably because cookies are anyway often blocked.
Other 3rd-party-domains that are requested during a page visit are checked against blacklists. If a domain is considered dangerous (e.g. tracking, data brokers) then it gets weighted accordingly. Domains that we couldn’t classify via blacklists, but which do get requests many different websites are considered as hidden trackers. Ad domains and other unclassified domains are considered medium risk. Also, we try to assign domains to companies; different domains belonging to the same Corporation are considered in the scoring with a reduced weight of 10%.
If a website ends with an overall good or trustworthy rating then we validate the results manually, e.g. by reviewing the Privacy-Policy of the website or reviewing the results and by performing additional checks.
Risk Rating Points
Currently, 3rd party requests considering the above rules are rated as follows:
- Data Brokers: 8 Points
- Tracking: 6 Points
- Not classified but suspicious: 6 points
- Ads: 4 points
- other not classified sites: 4 points
- low-risk companies: 2 points
“low-risk companies” are the large corporates Ap*l. (never involved in practice), Am*z, G. and M.s.; Names are abbreviated for the sake of our ranking. Those companies are frequently present, and we don’t see them as unproblematic. However, almost every page relies on their services, all of them know a lot about us, and we don’t expect them to leak data by intend. Whitelisting was not an option, but we decided to draw a bottom line by assigning a score of 2 points + 0.2 Points for each additional request.
In parallel to the privacy score, a vulnerability score is calculated. Each request which is not SSL-encrypted gets a score of 8. Websites that do not enforce SSL get a score of 25. Finally, the worse out of privacy score and vulnerability score applies to the overall security rating. The scale is then built based on the sum of the above 3rd-party-involvements with a reduced weight to inner-company-ratings.
Rating Grade
Ratings and thresholds are as follows:
- A: 0 Points, no 3rd party requests
- B: up to 2.4 points, means in practice one low-risk-company and up to 3 domains
- C: less than 6 points, so no tracking and no data broker
- D: up to 14 points and no data broker
- E: up to 24 points and no data broker
- F: more than 24 points
As you can see, it is quite easy to get a bad rating. But the rating also depends on the progress in our manual analysis work. And this work is easier if the involved 3rd party domains can be assigned to a purpose and/or company. In other words: transparency helps.
We did validation checks and saw that the volatility of the scoring is very high. So far, we were not able to identify any pattern/relationship between privacy behavior and other features of websites. However, some analysis using average ratings showed a right-skewed (~Poisson) distribution in relation to the popularity of the websites. On average, websites having an Alexa rank below 500 and above 5 Million had the lowest number of 3rd party requests. Websites ranked between 1.000 and 10.000 have the worst total score, and starting from an Alexa rank of ~10.000 the average score slowly improves.
However, the good rating for the top sites may be related to the fact that many of them belong to Mindgeek, which has its own ad network. ¯\_(ツ)_/¯
The Safest Way to Surf In Privacy
While we want to feature sites with a high privacy rating, you can also use a VPN to hide your ass on the internet.
For this, we feature NordVPN and VPNHub. They are very reliable VPN networks with cheap prices.