How successful is PornHub

A first-of-its-kind analysis of the online porn industry reveals the economics, and the vulnerabilities, of the shady world of online adult media.

If you want to know how the online adult industry works, you must become a part of that industry. That’s what five security researchers from The Technical University of Vienna, Eurecom and UC Santa Barbara did in an attempt to get a handle on how the adult industry makes money online. And they found that it’s exposing everyone who consumes its wares to previously unsuspected levels of malware.

Peddling Porn in the Name of Science

By setting up their own adult websites, the researchers, who will present their paper on June 7, 2010 at The Ninth Workshop on the Economics of Information Security at Harvard University, discovered that 43% of the clicks that arrived at their own adult website belonged to users whose browsers were vulnerable to a known exploit in either Adobe Flash or handling of the Microsoft Office or Adobe PDF document types.

Lead researcher Gilbert Wondracek and his colleagues spent a total of $160 to acquire 47,000 clicks from sellers of adult traffic, known in the industry as traffic brokers, of which 20,000 could have been exploited to build a botnet, according to the researchers. The researchers discovered that they easily could have leveraged their investment for a hefty profit by serving as the vector for a Pay-Per Install affiliate program, which in one instance offered $130 per 1,000 installs to drop malicious code (malware, adware etc.) onto exploited machines.

To assess how much malicious code is being injected into users’ browsers by adult websites, Wondracek et al. custom-built an automated web crawler to download the content of almost a half million URLs spread across thousands of adult websites. Incredibly, 3.23% of those pages “were found to trigger malicious behavior such as code execution, registry changes, or executable downloads,” five times the prevalence of malware discovered by previous research on the subject.

In a back of the envelope calculation, multiplying 3.23% by the percentage of internet users who view porn (42.7%) or even just the percentage of men who view porn while at work (20%), by the frequency with which porn is accessed, suggests that internet porn is a major vector for infection of vulnerable machines.

The Peculiar Economics of Online Porn

A likely explanation for the high rates of malware on adult websites is the almost total lack of policing or enforcement by the brokers who move traffic between adult websites. According to Wondracek et al.’s analysis of the economy of online porn sites, 9 out of 10 are “free” sites that host image or video galleries and make money by directing traffic to pay sites or even to one another. This traffic is monetized through traffic brokers - the majority of which do not even visit the sites in their affiliate networks, according to experiments conducted by the researchers.

Unlike online ad placements by Google and affiliate marketing schemes by Amazon, adult sites do not rely on code that resides on the sites sending them traffic that could help verify that traffic is generated by humans and not click bots. As a result, the researchers found that it would potentially be quite easy to defraud not only users, but the traffic brokers and for-pay porn sites that enable the vast ecosystem of free adult media sites. (No users or brokers were actually harmed in the course of this research, which was vetted by the legal department of the Technical University of Vienna.)

The intricacies of the elaborate system of traffic arbitrage that have grown up around the world of porn traffic direction on the web are way beyond the scope of this blog post, but it’s possible that the rest of the media world could learn a thing or two from the way that for-pay adult sites have created a seething ecosystem of traffic affiliates constantly skimming clicks and pennies off of one another.

On the other hand, it’s just as likely that these techniques wouldn’t work for traditional media, because users don’t appear to be as motivated to read news as to find porn. How else can we explain the fact that in the course of the experiment, users clicked many times on single links that were randomly directing them to anything but the media they were apparently after - a practice widespread among free porn sites?