"The Obama administration says HealthCare.gov's connections to data firms were intended to help improve the consumer experience."

is the site's Privacy statement that states:

Personal info my butt. And it isn't the gov't site compromising the info it's that a 3rd party under contract for support might (maybe, just might) have ahole that when combined with other information on your PC, might be a way to get your info.

Oh bullshit.

Just another stealth attack on the program.

They wanted all the contracting out and now they're saying that's a weak spot...well, quit contracting out...duh.

"The scope of what is disclosed or how it might be used was not immediately clear, but it can include age, income, ZIP code, whether a person smokes, and if a person is pregnant. It can include a computer's Internet address, which can identify a person's name or address when combined with other information collected by sophisticated online marketing or advertising firms."

Oh, and cookies are an essential part of that but the gov't site didn't do those, the 3rd party MAY have done it.

As I thought about it...on this site right here, if you click an add link, just what happens?

The exact same thing.

You really think there wasn't an iron-clad service level agreement and privacy agreement signed prior to the gov't contracted, said 3rd party?

You really think the gov't has no idea that the healthcare.cov site is generating the URL links and providing your personal information into the query string of the request?

Fact: A third part cannot place tracking ads on the hosted healthcare.gov web site without their knowledge. Impossible. And, All modern browsers protect against cross-site scripting attacks.

Do you even understand how the HTTP protocol works, because it seems that you flat out fault the advertisers for this breach of data, and that is simply a flat out lie.

Since you don't believe the gov't was involved, and is not being paid for generating requests for tracking ads to third party sites... can I interest you in buying a bridge I have for sale?

I know exactly how HTTP works.

The holes pointed out in this article are ones that MIGHT be in the 3rd party site that is hopped to from the gov't site. When the gov't site does the passoff it includes the info listed in my comment (you might note that the quote from the gov't spokesperson says no ID info is passed -- and if somebody can figure out which of the non-smoking men at my age in my zip code is me, they're a lot smarter than my internet provider)

And then to imply that I can be tracked from that IP address? What that marketer will find out is that somehow the zip code for central Indiana got moved to New Jersey.

BTW, clear your cookies.

the site ignores the HTTP "Do Not Track" request header.

FAIL!

and edit your hosts file (there is no place like 127.0.0.1) or put access restriction right on your router.

That is about the only way they won't be able to track you, be it 3rd party or gov't.

Agent mike will tell, tho. Agent mike knows when you're good or bad...

Well, I'll wait for the dust to clear but there is a way to collect useful data that doesn't identify individuals. And there is a way to make that voluntary, and to make it so people can choose what level of info they are comfortable sharing, if they choose to share at all.

I think we might have a case where nothing nefarious is going on but it's "just" a matter of there being too much compartmentalization, and some higher ups swimming in unfamiliar waters.

Issues like this is have long ago been addressed by companies like Microsoft, Google, the Mozilla project, Steam, and so on. You tell people up front, you lay it all out, and you give them choices.

Sigh, this might cost us some good will with geeks and privacy advocates who are undecided about voting our way. But if we address it head on we can quickly put it behind us.