199703: WWW.XXX


There is a persistent hubbub, and even some disputed federal legislation, about the presence of sexually-oriented material on the web. If Time can cover this issue for Joe Sikspak, can UNIX Review fail to cover the underlying issues? I think not.

So, purely as an academic exercise, I have done a bit of looking around. Although I'm not prepared to recommend any particular sites, I have found some issues that seem worthy of discussion. Notwithstanding any of the more outrageous claims that have been made on the topic, a few things are quite clear:

  • A lot of sexually-oriented material is available on the web.

  • Although some of it is very explicit, most of it is not.

  • Much of it is available for inspection by any interested party.

  • Controls on access, if present, frequently are ineffective.

  • There is a real conflict between privacy and access control.

What's out there?

If you have a taste for cheesecake, you are in luck. Most of the sites I have seen concentrate on images of females. Perhaps my San Francisco biases are showing, but I am surprised by the paucity of beefcake; very few sites carry pictures of males, per se.

Most of the images, in any event, would be quite at home between the covers of Playboy, or at least Club. Many of them, in fact, appear to have originated in magazines. (Adherence to copyright law, as discussed below, is not a strong feature of this sort of web site.)

A few sites, however, carry substantially more explicit material, catering to almost any imaginable taste. Most of these sites are protected from casual inspection, but a few "teaser" images are generally available, possibly with some obscuring of selected details.

Copyrights, etc.

Although some sites pay lip service to copyright law, nobody seems to worry about it very much. Some sites carry disclaimers such as:

All pictures labeled "SENT IN BY" were sent by viewers and it is their responsibility to ensure that all models are of legal age, non-copyrighted or free for display and consent to having their pictures displayed in this manner. I assume that these are true when pictures are submitted. If these facts are not true, please contact me. Images for [the site] were gathered from the Internet and are assumed to be in the public domain. If this is not the case, and you are the copyright owner, please contact me.

On the other hand, many of the pictures contain text which clearly identifies their origins. Some bulletin boards, in fact, appear to have decided that use of their pictures is a form of free advertising. In summary, copyright law appears to be a rather moot issue for most sexually-related web sites.

Access Controls

Although some sites have no access controls at all, most include some sort of "entrance" page, containing text such as:

The images on the following page contain nudity, and are intended for individuals 21 years of age or older. If you are not yet 21, or if images of nude women offend you, or if you are accessing these pages from a city, state or country where images of nude women are specifically prohibited by law, you must leave, NOW.

This sort of notice is not likely to stop any curious teenager, and I doubt that it would offer much of a legal shield, but it is very popular among operators of "open" sites. I assume that it provides some minimal form of "plausible deniability", making the site owners feel less vulnerable.

Many sites have opted to install more active controls. In these "closed" sites, the entrance page requires the user to present some sort of adult verification code. These codes are distributed by commercial services, generally in trade for credit card information.

UNIX Review gives me no budget for this sort of investigation, so I can't report on what one gets for his or her money. And, as discussed below, there are some privacy issues involved. The primary benefits of having an adult verification code, in any case, appear to be convenience, range of available material, and degree of organization.

In many cases, access controls are not well implemented. HTML was never intended as a secure system, so a naive administrator is unlikely to generate anything very robust. Hence, there is quite a bit of room for unauthorized exploration.

Let's assume that a site has a directory named "private/", used for storage of private images. Unless access is controlled by a proper CGI script, possession of the full URL for a file allows unimpeded access to the corresponding image. And, if the image URL is "private/123.jpg", most users will be able to guess other likely file names. Finally, if the directory hasn't got a default web page (e.g., index.html), a full directory listing is trivially available.

Privacy Issues

In most parts of the United States, it is quite possible to purchase printed versions of sexually-oriented material without leaving any sort of paper trail. Go to the local liquor store, pay cash, and walk out...

Web transactions, at best, are considerably less private. Each web access leaves the visited site with several pieces of information:

  • The (DNS or IP) identity of the user's machine.

  • The time and date of the access.

  • The identity of the requested URL.

If the user is surfing via a large Internst Service Provider (ISP) such as America Online, the machine identity does not give away much information. On the other hand, users must trust the ISP not to track their activity. If the user is using a smaller ISP or a home system, their identities may be more apparent.

There is also the possibility of a Java applet, Netscape cookie, or other technological marvel reporting on the user's identity. In summary, no web interaction is totally anonymous: some set of machine always knows who is accessing what.

The use of adult verification codes, of course, removes any hope of privacy. The subscriber has given an essentially unknown party his or her full personal identification (including a credit card number). S/he has then perused a number of easily identifiable images on web sites all over the world.

This is a rather public way to pursue one's fantasies; in these days of uncertain legal standards (and protections on privacy), I think I'd be cautious about leaving such a record.

Alternatives?

Unfortunately, although I am not happpy with the privacy implications of adult verification codes, I can't think of any better replacement to suggest. If site operators wish to keep minors from having access (to say nothing about the ability to collect revenues), some sort of confirmable identification seems to be needed.

The credit card number perform both functions, albeit in a somewhat insecure manner. Mere possession of a credit card number, after all, is no proof of one's age. A curious 16-year-old is quite capable of writing down the information from a credit card (or slip).

Financial tracking aside, however, the key problem is verifying one's adult status without revealing one's identity (and tastes). Without a mutually trusted intermediary, I see no easy solution to this dilemma

Advances are being made all the time in applications of cryptography. Perhaps some creative soul will come up with a solution. Meanwhile, there is a real conflict between these sites' need to control access and the users' desire for privacy.


This material was originally published in Rich Morin's column "The Internet Notebook" in UNIX
Review magazine (now known as Performance Computing magazine).

Send comments, inquiries, or trouble reports to webmaster@cfcl.com.

Copyright © 1993-1999 Rich Morin. All Rights Reserved.