What do you do if you discovered that your favorite website, YouPorn, is secretly gathering information about your Internet use? If you were California residents David Pitner and Jared Reagan, it seems you would sue the website in federal court and accuse it of violating your privacy, thereby announcing to the world that you are an avid porn watcher. (Privacy FAIL! Pitner and Reagan are not alone in their interests — according to the lawsuit, YouPorn ranks #61 in website popularity [other sources place it in the mid-70s…so now we’re no longer impressed] — but they are alone in having announced it to the world…until more individuals join the potential class action, that is.)
Let’s rewind. What exactly did YouPorn do and how did the plaintiffs figure it out? According to a recent study conducted by the Department of Computer Science and Engineering at the University of California, San Diego, YouPorn is one of 46 major websites that is engaged in “history sniffing” — a technical term that sounds just about as salacious as “YouPorn” itself, which is probably why some people prefer “history hijacking.” As you may have noticed when surfing the Web, links corresponding to URLs that you’ve visited before render differently than URLs you’ve never visited. According to UCSD’s study, history hijacking attacks occur when a site inserts invisible links into its web page and has Java Script inspect the links’ properties to determine whether the user has visited that URL — they will appear purple if the site has been visited and blue if they haven’t. Out of the Alexa global top 50,000 websites, the study discovered at least 46 (and possibly as many as 63) occurrences of history sniffing, on websites covering a wide range of topics from sports to finance to news to…whatever YouPorn is about.
If Plaintiffs can get over the hurdle of certifying this case as a class action and getting other plaintiffs to come forward, they will have to prove that YouPorn’s practices violate at least one of the statutes on which they rely — the Computer Fraud and Abuse Act (federal law); California’s Computer Crime law (Penal Code § 502); the Consumer Legal Remedies Act (Civil Code § 750) and the Unfair Competition Law (Business and Professions Code § 17200). Sound like too tough a legal path to brave in light of the ignominy of outing one’s own Internet habits by joining the class? Not necessarily — as Pitner and Reagan’s hometown Orange County Register reports, “media measurement service” Quantcast recently announced a preliminary $2.4 million settlement with users who allege it engaged in similar activity. In the meantime, this lawsuit may inspire other websites called out by UCSD as history-sniffers to change their practices to avoid being slapped with lawsuits themselves (especially where would-be plaintiffs need only confess a love of online stock market tips in order to join the class). In fact, YouPorn has already reportedly halted its illicit sniffing activities (“illicit sniffing activities” — now there’s a phrase I thought I’d never get to write).
For its part, the Federal Trade Commission has issued a 122-page report (click here for some light Winter Break reading) recommending that web browsers add “do not track” technology so that consumers can opt out of having their Web activity tracked. Earlier this month, David Vladeck, director of the Federal Trade Commission’s Bureau of Consumer Protection, announced that the FTC has been meeting with browser companies to make sure the history sniffing flaw is addressed. But while these steps against history sniffing may ultimately wipe out that particular practice, our regular readers already know that your online privacy only goes so far. And as the New York Times has reported, advances in new-and-improved ways to invade your privacy always seem to outpace advances in regulation of your privacy.
So, next time you’re perusing your favorite websites, ask yourself if you’d be embarrassed to announce to the world that you’ve visited it. Just one more benefit of Law Law Land — you can safely admit to being a fan!
Also, we won’t sniff you. We promise.