from the facial-recognition dept.
Pornhub has begun to use machine learning to automatically tag videos:
Artificial intelligence has proven to be a dab hand at recognizing what's going on in photos and videos, but the datasets it's usually trained on are pretty genteel. Not so for Pornhub, which announced today that it's using machine learning to automatically catalog its videos.
The site is starting small, deploying facial recognition software that will detect 10,000 individual porn stars and tag them in footage. (Usually this information is provided by uploaders and viewers, who will still play a part by verifying the software's choices.) It plans to scan all 5 million of its videos "within the next year," and then move onto more complicated territory: using the software to identify the specific categories videos belong to, like "public" and "blonde."
In a press statement, Pornhub VP Corey Price said the company was joining the trend of firms using AI to "expedite antiquated processes." However, the speed at which PornHub's AI processes the data doesn't seem like it would be an improvement on its current crowdsourced system. While in beta the machine learning software apparently scanned some 50,000 videos in a month. At this rate it would take nearly a decade to scan the entire site, but presumably improvements are being made.
Meanwhile, a security firm has warned that millions of Pornhub users were targeted by "malvertising" for more than a year:
Millions of Pornhub users were targeted with a malvertising attack that sought to trick them into installing malware on their PCs, according to infosec firm Proofpoint.
By the time the attack was uncovered, it had been active "for more than a year", Proofpoint said, having already "exposed millions of potential victims in the US, Canada, the UK, and Australia" to malware by pretending to be software updates to popular browsers.
Although Pornhub, the world's largest pornography site with 26bn yearly visits according to data from ranking firm Alexa, and its advertising network have shut down the infection pathway, the attack is still ongoing on other sites.
Related: BugReplay - Finding How Ads Get Past the Blockers
Linux Use on Pornhub Surged 14% in 2016
Malvertising Campaign Finds a Way Around Ad Blockers
Pornhub's Newest Videos Can Reach Out and Touch You
[Ed Note: This reads a little like a Soylvertisement, but the concept that the blog is talking about regarding using WebSocket to send the advertising (and the tool he uses to see the traffic) is interesting. The "How It Works" section of the blog article (not posted here) is worth a read.]
Pornhub Bypasses Ad Blockers With WebSockets
(NSFW level: medium)
We tried to find the most PG page on MindGeek's network to use as an example- it wasn't easy.
When I was building the prototype for BugReplay, I was evaluating different methods of capturing and analyzing network traffic from Chrome. One of the first things I saw that looked promising was the chrome.webRequest API.
From the docs: "Use the chrome.webRequest API to observe and analyze traffic and to intercept, block, or modify requests in-flight."
That seemed to be exactly what I needed.
After experimenting with the Chrome webRequest API, I quickly realized there was a big problem. It didn't allow me to analyze any WebSocket traffic, something I really wanted to support.
As I was searching the web trying to see if I was misreading the documentation or was looking in the wrong spot, I found a relevant bug report from 2012: "chrome.webRequest.onBeforeRequest doesn't intercept WebSocket requests." In the bug report, users were complaining that without the ability to block WebSockets, websites could get around ad blockers fairly easily. If WebSocket data was not visible to Chrome extensions via the webRequest API, they could not be blocked without some heavy duty hacks.
Initially, the risks to ad blockers seemed theoretical; the examples of sites that were employing this technique were very obscure. Then in August 2016, an employee of the company that owns Pornhub.com (MindGeek) started arguing against adding the WebSocket blocking capabilities to the Chrome API. Pornhub is the 63rd most visited site on the Internet according to Alexa. I checked out a few of MindGeek's sites and sure enough, I could see ads coming through even though I had Adblock Plus on. The ads on Pornhub are marked 'By Traffic Junky,' which is an ad network owned by MindGeek.
In the screenshot below, you can see a banner at the top of the page announcing that the site is aware that the user is using an Ad Blocker, with an invitation to subscribe to a premium ads free version of the site. On the right side of the page you can see an advertisement.
-- submitted from IRC
Submitted via IRC for TheMightyBuzzard
Pornhub is one of the pre-eminent porn sites on the web. Each year Pornhub releases a year in review post with anonymous details about the site's users. More and more Linux users are visiting Pornhub, Linux saw an impressive 14% increase in traffic share in 2016.
[...] While Windows continues to dominate when it comes to which operating system users count on to watch Pornhub (about 80% of desktop users), Mac OS and Linux are on the rise, with Mac OS up 8% in traffic share and Linux up an impressive 14%.
Moving onto mobile. The playing field is pretty even here, with Android and Apple iOS almost at par with one another. Android leading with 3% more users on Pornhub than Apple iOS (47% of Pornhub's mobile users). Android's mobile market share has increase by 5% over the last year.
Look, it wasn't all me. I swear.
Ad blockers, our last hope against the onslaught of malvertising campaigns, appear to have fallen, as today, Malwarebytes published new research detailing a malvertising campaign that successfully bypasses ad blockers to deliver their malicious payload.
This malvertising campaign is named RoughTed based on the initial malicious domain at which it was found back in March 2017, but Jérôme Segura, the Malwarebytes security researcher who came across it, says there are clues to show that RoughTed has been active for over a year.
The campaign is very complex and well designed (from a crook's standpoint), as it leverages multiple tricks of the trade, most of which have allowed it to grow undetected in the shadows for so much time.
The word that describes RoughTed the best is "diversity." The operators of this malvertising campaign not only feature traffic from different types of sources, but also include different user fingerprinting techniques, and very different malicious payloads.
The future of sex could be pretty interactive, but it's starting with men.
Top porn streaming company Pornhub announced a new channel of interactive videos that will work with the latest generation of connected male sex toys. The videos, according Pornhub, will work with the Fleshlight Launch and Kiiroo Onyx, featuring "an eclectic mix of content, offering an assortment of themes and appealing to various target audiences."
Sex toys and content geared to women are arriving later on, working with OhMiBod, We-Vibe, Lovense Lush and Kiiroo Pearl, but Pornhub didn't confirm when.
The new interactive channel will also work with VR eventually, combining the synced content with immersive video.
Pornhub will be deleting "deepfakes" — AI-generated videos that realistically edit new faces onto pornographic actors — under its rules against nonconsensual porn, following in the footsteps of platforms like Discord and Gfycat. "We do not tolerate any nonconsensual content on the site and we remove all said content as soon as we are made aware of it," the company told Motherboard, which first reported on the deepfakes porn phenomenon last year. Pornhub says that nonconsensual content includes "revenge porn, deepfakes, or anything published without a person's consent or permission."
Update: The infamous subreddit itself, /r/deepfakes, has been banned by Reddit. /r/CelebFakes and /r/CelebrityFakes have also been banned for their non-AI porn fakery (they had existed for over 7 years). Other subreddits like /r/fakeapp (technical support for the software) and /r/SFWdeepfakes remain intact. Reported at Motherboard, The Verge, and TechCrunch.
Motherboard also reported on some users (primarily on a new subreddit, /r/deepfakeservice) offering to accept commissions to create deepfakes porn. This is seen as more likely to result in a lawsuit: