As an organization, we are very aware that some of the sites people visit using our browser would humiliate them if someone could draw a link between who they are and where they visited. This isn't restricted to porn, but that's certainly the most widely known category of site that falls under this heading. We consider this carefully every time we do anything with any user data ever, whether a crash report or the TLD+1 proposal described above.
EDIT: Don't forget that the DNS resolution for porn sites can be deanonymized and resold by your internet provider - there's nothing we can do to protect you from DNS being a cleartext, sniffable, mitm'able protocol.
EDIT: Don't forget that the DNS resolution for porn sites can be deanonymized and resold by your internet provider - there's nothing we can do to protect you from DNS being a cleartext, sniffable, mitm'able protocol.