All High Tech news websites have announced it between the end of March and beginning of April: “Pornhub And YouPorn Enable HTTPS Encryption So Your Private Time Can Truly Remain Private”. This is a misleading understanding of what https does: in fact, your browsing habits are not so private with https.

Pornhub Logo

Several blogs and news websites have relayed the news with this happy tone: now you are protected by https and can visit pornhub and youporn without worries as nobody will see your browsing habits. See some examples of news titles:

Why this is misleading?

End-to-end SSL encryption of HTTP traffic theoretically prevents anyone to read the content of the traffic which transits between the visitor computer or smartphone and the website servers.

It does not prevents anyone to read the address requested, which often contains information about the content requested by the customer. Take an example: open Google.com and type the following search: “pornhub https”.

The resulting HTTPS URL generated will be the following:

https://www.google.com/search?noj=1&biw=1366&bih=635&tbm=nws&q=pornhub+https&oq=pornhub+https

Nothing private here, if someone can access your browser history or if someone is sniffing on the network you are using, your search request is clearly visible. To use a comparison, your postman might not open your letters, but he surely knows who you are communicating with and that can be incriminating enough.

Why there is a flaw in the way it has been implemented

The same way, if you browse those websites categories or videos, it will be very easy for a man in the middle to read the URLs you are accessing and map them with the actual content you were viewing. This is simply because those URLs can be accessed again and the content “replayed”, and are not “One-Time-URLs”.

It might require a bit more work but it does not mean that “Your Private Time Can Truly Remain Private” as claimed by indiatimes.com. For this particular point, the communication of Pornhub is actually very dangerous:

“Here at Pornhub, with more than 70 million daily visitors, we wanted to continue our concerted effort to maximize the privacy of our users, ensuring that what they do on our platform remains strictly confidential,” – Pornhub vice president Corey Price said in a statement.

Imagine if people living in conservative countries – countries which are sometimes used to spy on their population – take this statement for granted, and later find themselves put into prison and accused of for improper behavior…

A simple piece of advice: assume that whatever you are doing on Internet is as private as whatever you would do in the street in broad daylight. You might think nobody is seeing you, while people might be actually looking.