Adult Website Scorecard
CircuitSwan decided to do a quick, and very basic, scorecard on websites where the primary purpose is to post nude photos or videos.
Sites will either be ranked:
-Needs Improvement - This site does not follow basic security protocols and should be avoided as it will put you as a model or a consumer at risk.
-Average - This site follows basic security protocols and as a model or a consumer you should only need to follow normal caution.
- Good - This site follows basic security protocols, has a vulnerability disclosure program, and is known to be responsive to concerns by models and/or consumers.
Ratings
XTube (owned by PornHub) - Average
| Test | Date | Score | Link/Notes |
|---|---|---|---|
| Scrub EXIF automatically | 2021-01-10 | Pass | Doing random spotchecks on images no EXIF was found |
| Encryption (https) | 2021-01-01 | Yes | They use, and force, https for login and uploads |
| https://observatory.mozilla.org/ | 2021-01-01 | F | https://observatory.mozilla.org/analyze/www.xtube.com - No immidiate concerns, room for improvement. Watch out for XSS. |
| https://www.immuniweb.com/websec/ | 2021-01-01 | C | https://www.immuniweb.com/websec/?id=4iPzkV0w - No immidiate concerns, room for improvement. |
| https://www.immuniweb.com/ssl/ | 2021-01-01 | A+ | https://www.immuniweb.com/ssl/?id=qLkwj7wE |
| https://internet.nl/ | 2021-01-01 | 45% | https://internet.nl/site/www.xtube.com/1073480/ - No immidiate concerns, room for improvement. |
| https://www.ssllabs.com/ssltest/ | 2021-01-01 | A | https://www.ssllabs.com/ssltest/analyze.html?d=www.xtube.com |
| Privacy Policy | 2021-01-01 | Yes | https://www.xtube.com/legal/privacy |
| Vulnerability Disclosure Program | 2021-01-01 | Fail | No, or at least not easy to find. Findings on https://www.openbugbounty.org/reports/137853/ mostly seem resolved - and https://hackerone.com/pornhub?type=team doesn't seem to include xtube |
| /.well-known/security.txt | 2021-01-10 | Fail | Not Found |
OnlyFans - Average
| Test | Date | Score | Link/Notes |
|---|---|---|---|
| Scrub EXIF automatically | 2021-01-10 | Pass | Doing random spotchecks on images no EXIF was found. |
| Encryption (https) | 2021-01-10 | Yes | They use, and force, https for login and uploads |
| https://observatory.mozilla.org/ | 2021-01-10 | B- | https://observatory.mozilla.org/analyze/onlyfans.com - No immidiate concerns, room for improvement. Watch out for XSS. |
| https://www.immuniweb.com/websec/ | 2021-01-10 | A | https://www.immuniweb.com/websec/?id=tR2aBSWf - No immidiate concerns, room for improvement. |
| https://www.immuniweb.com/ssl/ | 2021-01-10 | A+ | https://www.immuniweb.com/ssl/?id=ydzbi5mZ |
| https://internet.nl/ | 2021-01-01 | 52% | https://internet.nl/site/onlyfans.com/1080769/ - No immidiate concerns, room for improvement. |
| https://www.ssllabs.com/ssltest/ | 2021-01-01 | A+ | https://www.ssllabs.com/ssltest/analyze.html?d=onlyfans.com |
| Privacy Policy | 2021-01-01 | Yes | https://onlyfans.com/privacy |
| Vulnerability Disclosure Program | 2021-01-01 | Fail | No, or at least not easy to find. Findings on https://www.openbugbounty.org/reports/842568/ |
| /.well-known/security.txt | 2021-01-10 | Fail | Not Found |