Adult Website Scorecard

CircuitSwan decided to do a quick, and very basic, scorecard on websites where the primary purpose is to post nude photos or videos.

Sites will either be ranked:

-Needs Improvement - This site does not follow basic security protocols and should be avoided as it will put you as a model or a consumer at risk.

-Average - This site follows basic security protocols and as a model or a consumer you should only need to follow normal caution.

- Good - This site follows basic security protocols, has a vulnerability disclosure program, and is known to be responsive to concerns by models and/or consumers.

Ratings

XTube (owned by PornHub) - Average

TestDateScoreLink/Notes
Scrub EXIF automatically2021-01-10PassDoing random spotchecks on images no EXIF was found
Encryption (https)2021-01-01YesThey use, and force, https for login and uploads
https://observatory.mozilla.org/2021-01-01Fhttps://observatory.mozilla.org/analyze/www.xtube.com - No immidiate concerns, room for improvement. Watch out for XSS.
https://www.immuniweb.com/websec/2021-01-01Chttps://www.immuniweb.com/websec/?id=4iPzkV0w - No immidiate concerns, room for improvement.
https://www.immuniweb.com/ssl/2021-01-01A+https://www.immuniweb.com/ssl/?id=qLkwj7wE
https://internet.nl/2021-01-0145%https://internet.nl/site/www.xtube.com/1073480/ - No immidiate concerns, room for improvement.
https://www.ssllabs.com/ssltest/2021-01-01Ahttps://www.ssllabs.com/ssltest/analyze.html?d=www.xtube.com
Privacy Policy2021-01-01Yeshttps://www.xtube.com/legal/privacy
Vulnerability Disclosure Program2021-01-01FailNo, or at least not easy to find. Findings on https://www.openbugbounty.org/reports/137853/ mostly seem resolved - and https://hackerone.com/pornhub?type=team doesn't seem to include xtube
/.well-known/security.txt2021-01-10FailNot Found

OnlyFans - Average

TestDateScoreLink/Notes
Scrub EXIF automatically2021-01-10PassDoing random spotchecks on images no EXIF was found.
Encryption (https)2021-01-10YesThey use, and force, https for login and uploads
https://observatory.mozilla.org/2021-01-10B-https://observatory.mozilla.org/analyze/onlyfans.com - No immidiate concerns, room for improvement. Watch out for XSS.
https://www.immuniweb.com/websec/2021-01-10Ahttps://www.immuniweb.com/websec/?id=tR2aBSWf - No immidiate concerns, room for improvement.
https://www.immuniweb.com/ssl/2021-01-10A+https://www.immuniweb.com/ssl/?id=ydzbi5mZ
https://internet.nl/2021-01-0152%https://internet.nl/site/onlyfans.com/1080769/ - No immidiate concerns, room for improvement.
https://www.ssllabs.com/ssltest/2021-01-01A+https://www.ssllabs.com/ssltest/analyze.html?d=onlyfans.com
Privacy Policy2021-01-01Yeshttps://onlyfans.com/privacy
Vulnerability Disclosure Program2021-01-01FailNo, or at least not easy to find. Findings on https://www.openbugbounty.org/reports/842568/
/.well-known/security.txt2021-01-10FailNot Found