Tech giants Google and Facebook could be tracking your visits to adult sites even when you set your browser to private or incognito mode, according to the authors of a recent study on privacy standards of porn websites.

The study, titled “Tracking sex: The Implications Of Widespread Sexual Data Leakage And Tracking On Porn Websites”, analysed 22,484 pornography websites and found that 93% leaked user data to third parties.

It found that Google (and its subsidiaries) had trackers on 74% of the porn sites, Facebook on 10% and Oracle on 24%.

A Google spokeswoman told The New York Times that it does not use the information to build advertising profiles.

“We don’t allow Google Ads on websites with adult content and we prohibit personalised advertising and advertising profiles based on a user’s sexual interests or related activities online. Additionally, tags for our ad services are never allowed to transmit personally identifiable information,” said the spokeswoman.

Facebook made a similar statement, while Oracle did not respond to the NYT.

Though it is not clear what the data is being used for, the authors warned that the collection of this type of data is more dangerous and can be used against a person. For instance, the data could be used to damage the reputation of a public figure.

“These risks are heightened for vulnerable populations whose porn usage might be classified as non-normative or contrary to their public life,” said the authors.

They added that the data presented a “unique and elevated risk" as 44.97% of porn site web addresses (or URLs) indicate the nature of the content, potentially revealing the person’s sexual preferences.

In an interview with the NYT, one of the authors, Elena Maris from Microsoft Research, said that the mechanism used for adult site tracking is similar to online stores, and it should be a huge red flag, as it’s much more specific and deeply personal.

The study could only extract the privacy policies of 3,856 sites (17% of the total) and found that they were written in an overly complex manner. It said it "might need a two-year college education to understand them".

There are also security concerns, as hackers have previously stolen email addresses, passwords, usernames, and credit card information from some of the sites.

"Porn sites currently operate with an unethical definition of sexual consent considering the sensitive sexual data they hold. We contend the overwhelming leakiness and sexual exposure revealed in our results mean porn sites ought to better account for user security as well as adopt policies based on affirmative consent," said the authors.

They said regulatory intervention could provide better protection, adding that the European Union’s GDPR (General Data Protection Regulation) for online tracking more closely matches norms for sexual consent by emphasising that consent must be affirmative and freely given.

The other authors of the study are Timothy Libert from Carnegie Mellon University and Jennifer Henrichsen from the University of Pennsylvania.