Free Adult Entertainment

Become A Free Member And Unlock Extra Content

Click Here Now To Become A Free Member

When it comes to joining an adult entertainment website, you choose the site based on your viewing preferences. If you like hardcore content, you tend to gravitate towards a website that is devoted to catering towards your needs. Twistys has dabbled in hardcore content from time to time but it's not why people sign up for a membership on their network.

I would say that Twistys is much like Playboy, in that, you will find beautiful girls being photographed by an outstanding group of photographers. The content at Twistys gets a little more raunchy than Playboy, so if you're tired of fantasizing about those gorgeous girls posing nude at Playboy, wishing they would go to the next level, rest assured Twistys is the place to go. If your looking for hardcore porn, look elsewhere, you won't find it here. Twistys is all about erotic, glamorous women posing for some of the top photographers in porn. My advice would be that if you are looking to watch videos of pornstars having sex, Twistys isn't the right site for you to join. They have that but it is not the main focus of content and it can easily be found elsewhere.

SECURITY

Everything these days on the web is all about security, "is this website secure, will I be hacked or will my private info be leaked online somewhere?" These questions are difficult to answer because most websites believe that if they disclose too much information, they could be opening the doors to hackers who might try to take advantage of this information. On the other hand, without proper disclosure of all security practices, no one will know what is going on behind the scenes and therefore a security expert cannot tell that website that what they are doing is wrong. A hacker could gain entry into the website because the door was left wide open, the website thought they'd be safe just because they didn't tell anyone that the door existed. Had a security expert known about the door, they would have immediately said, "shut that door!" So, how do you know if Twistys is safe and secure?

The first step is verifying that Twistys can be reached securely in your preferred web surfing device. I first begin by typing twistys.com into my web browser, immediately the URL changes to HTTPS, which means they do not allow regular HTTP traffic on their website. Taking the S out and trying to reach twistys.com without the S, redirects over to HTTPS, which means they do not allow non secure traffic on their website. Another note worthy advantage that Twistys is doing, is redirecting all traffic over to WWW. If you try to reach twistys.com without using the WWW, they will add the WWW in the URL. This might not seem like much of a security advantage but some security certificates can become invalidated if both mechanisms are not incorporated into the certificate. This can also help with SEO because Twistys has ensured that there is only one way to reach their website.


Let's test Twistys server at shodan, a website that can be used to find vulnerabilities on servers directly accessible from the internet. There are no noticeable attack vectors present on Twistys server. Let's hope it stays that way!



Here is a screenshot below from SSL Labs where they test how Twistys' Secure Sockets Layer (SSL) protocol is configured against their standard for encrypted network communication guidelines. SSL Labs confirms that Twistys certificate is valid and trusted, meaning that all supported browsers should show a secure connection with no broken padlock.

One problem I can see right off the bat, is that Twistys certificate supports a weak TLS_RSA_WITH_3DES_EDE_CBC_SHA Cipher Suite. It doesn't mean that Twistys isn't secure because of this, it simply means that if all of the other cipher suites in front of this one are not present in your browser, it will accept this one and thus say your connection is secure but since the cipher suite is outdated, the connection isn't very strong. If your browser supports 3DES, you should consider using a different browser or upgrading because you are vulnerable to a man in the middle attack when visiting Twistys. While it's only a fallback cipher suite, all the way on the bottom, Twistys should consider removing it all together because it's long been known to be untrustworthy. Note that in the handshake section, no 3DES keys were used, so it's pretty unlikely that any browsers still being used support 3DES.

The cipher suite preferred order from the server is important. The connection starts with the client, that's you, or rather your browser, saying "hello" in which the client advertises which cipher suites it supports in order of preference, as well as to the SSL/TLS protocol version the client is hoping to use. The server checks it's list, from top to bottom, if the client accepts the first cipher suite, then that is what is used. So it's always a good idea to reorder your preferred cipher suites from strongest to least secure. Twistys needs to work on it's list a little, the second cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, which is the strongest you can get, it should be number one, not number two. However, this isn't really a big deal because the first entry is TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 which is the second strongest cipher suite available and hasn't been broken as of yet.


There is much more to security than having a secure SSL certificate. For instance, how does the site store your information? Is it stored in plain text, which is readable by anyone or is it encrypted somehow? Let's start by taking a look at the join process, where I put in my username and password that I want to access the site with. I put in the username "jimmy" and the password as "password", Twistys didn't throw any errors or warnings that the password was completely insecure. I did not complete my request and so I do not know if they throw an error after the next step but my guess is, that is not the case. I also tried to signup with the username "7dWZ#QCeCgCA@pK" and the password "8RU#3VnFj5Q^3TE", which is pretty secure and Twistys accepted it. Once again, I did not complete the process so I do not know if probiller.com throws any errors about username and password. The good news is that you can use any combination of letters, numbers or special characters and Twistys doesn't care. There also doesn't appear to be a limit on the number of characters you can use, which is also a plus for Twistys.

I'll elaborate for a minute on password acceptability by websites. Sometimes websites limit how long a password can be to, let's say for example, 16 characters. This allows an attacker to be able to refine his cracking skills as he attempts to break your password. This also means that whatever means the website has of storing a password, it is able to count how many characters you are using, which means they are not hashing the password correctly, if at all. Yes, passwords should be hashed, not encrypted, there is a difference. The fact that Twistys does not throw up a flashing red warning sign and tell the user to use a shorter password is a fantastic plus in Twistys win column. I would love it if they would help the user pick a more secure password but sometimes that can confuse the user and might lead to no sales, which is probably why they don't do it.

Which leads to the question of how they are storing your information after you join their site. Simply put, unless someone from Twistys discloses that information to me, there is no way to know. There is one test that can work, ask Twistys to reset your password. On most websites, there is a Forgot Password link, which when you click it you will be sent an email, telling you how to reset your password. If you do this at Twistys and in your email is your password, old or new, in plain text for everyone to read, then that is how they are storing it, which is bad. I tried this but the forgot password link took me to Twistys Support page, which told me to try to use the forgot password link, which I had just done. I know you can change your password at Twistys because they let you do it from your account dashboard, as shown below.


Make note that you cannot change your username or email address. Use a valid email address when signing up for Twistys or you won't get any important information that is needed to not only access your account but cancel it too. Take the time when you join and get your information correct. Until I can talk to someone from Twistys about how they are storing your information, you'll just have to assume they can and will be compromised at any time. Use an email address you do not care about when signing up with Twistys. Also, make sure you don't use the same password that you use anywhere else. Expect that someone will steal your password and don't give the hacker a chance to break into any of your other, more important accounts, by giving Twistys any information that you don't have to, such as your personal email address or username you use on other forums or websites.

Please help me keep this website alive by using my affiliate links below when joining Twistys. Thank you for taking the time to read this review.

A thorough review of the Twistys Network consisting of security checks, content comparison and membership prices. Is Twistys secure? Does Twistys protect it's users' privacy? The twistys.com members area is put under a microscope!
This article is copyright Adult's Paradise. No use of this article is permitted.

  • Sexy Ads

Support Our Sponsors

Our Sponsors Help Keep This Website Free

Go To The Official Website Of First BGG