etirabys said: well what’s the answer
etirabys said: (kind of joking, I don’t know how complicated this is and it seems like it’s hard to answer quickly based on the post, but if you have thoughts/opinions I do want to know)
so to do a proper analysis, i’d have to think about this harder and for a long period of time (which is why it was such an interesting question!), but, some off-the-cuff thoughts for “what is the most secure porn site?”:
* textual porn in-general is going to be easier to secure than video stuff, since video shit goes to some godforsaken insecure video codec somewhere, (at this point the asker clarified she was wondering about video stuff, so, i adapted my threat model accordingly)
* i have a rough assumption that a larger / more moneyed company will have more $$$ and thus more $$$ to pay for Proper Security People, so anything owned by MindGeek is “probably” “fine”
* (check out that website if you haven’t before—MindGeek owns like a billionty percent of the porn on the internet, but you’d never be able to tell it by looking at their Official Professional-Looking Website; they just talk about “industry-leading solutions” and “# of ad impressions” and shit lollollol)
* relevant bit to think about in your threat model: what country are you in, where are the servers, and who are you afraid of? if you’re e.g. a citizen of a non-US country, the US gov’t counts you as “more fair game for espionage than our average targets”, and thus maybe you want the servers to be located someplace that is Diplomatically Complicated for the US, etc)
* also another big ask: is the website funded via ads, or via cold hard cash? if there’s no ad network at all—doubtful in this day and age, but maybe—that honestly is going to improve security posture a lot, because they don’t have this mechanism for cowboy coder third parties to inject who-knows-what directly onto the webpage, you only have to trust the dudes serving you the porn. which is still a lot of trust! but strictly less trust than you had before
* this got me wondering if there’s mechanisms outside of “just go to a website” that are more secure nowadays—i remember when e.g. you would pay to get access to a private torrent tracker. torrenting is a bad example, in this case, since you’re implicitly trusting anyone you’re peering with, and you need a lot of peers for appreciable download speeds, but—supposing you could find a private server run by Someone You Trust, if those exist, it may not be the worst model
* this is all without getting into “what hygiene are you, the user, utilizing,” since there’s a big difference between Joe Blow Browsing Porn On His Company’s Network (stupid stupid stupid, don’t do it, you’ll get caught and best-case scenario have a really awkward conversation with your local IT crew), and like, Paranoid Jenny who’s only browsing sites in incognito mode, via a disposable VM on a VPS she rents in Luxembourg, or whatever
mostly it’s an interesting question because (1) i’d have to scope it more to give a good answer (threat modeling is everything), and (2) even if i scoped it better i’m not sure i have a good answer in the general case!!! it’s an interesting thought-experiment lol