Government health care website quietly sharing personal data
This discussion thread was locked as off-topic by Rhiannon12866 (a host of the Latest Breaking News forum).
Source: AP
Published: Today
WASHINGTON (AP) - The government's health insurance website is quietly sending consumers' personal data to private companies that specialize in advertising and analyzing Internet data for performance and marketing, The Associated Press has learned.
The scope of what is disclosed or how it might be used was not immediately clear, but it can include age, income, ZIP code, whether a person smokes, and if a person is pregnant. It can include a computer's Internet address, which can identify a person's name or address when combined with other information collected by sophisticated online marketing or advertising firms.
The Obama administration says HealthCare.gov's connections to data firms were intended to help improve the consumer experience. Officials said outside firms are barred from using the data to further their own business interests.
There is no evidence that personal information has been misused. But connections to dozens of third-party tech firms were documented by technology experts who analyzed HealthCare.gov and then confirmed by AP. A handful of the companies were also collecting highly specific information. That combination is raising concerns.
Read more: http://m.apnews.com/ap/db_289563/contentdetail.htm?contentguid=Py6rd7WO
HealthCare.gov Sends Personal Data to Dozens of Tracking Websites
January 20, 2015
The Associated Press reports that healthcare.govthe flagship site of the Affordable Care Act, where millions of Americans have signed up to receive health careis quietly sending personal health information to a number of third party websites. The information being sent includes one's zip code, income level, smoking status, pregnancy status and more.
EFF researchers have independently confirmed that healthcare.gov is sending personal health information to at least 14 third party domains, even if the user has enabled Do Not Track. The information is sent via the referrer header, which contains the URL of the page requesting a third party resource. The referrer header is an essential part of the HTTP protocol, and is sent for every request that is made on the web. The referrer header lets the requested resource know what URL the request came from. This would for example let a website know who else was linking to their pages. In this case however the referrer URL contains personal health information.
https://www.eff.org/deeplinks/2015/01/healthcare.gov-sends-personal-data
pangaia
(24,324 posts)"The Obama administration says HealthCare.gov's connections to data firms were intended to help improve the consumer experience."
840high
(17,196 posts)ChromeFoundry
(3,270 posts)is the site's Privacy statement that states:
I wonder how much doubleclick.net is paying the government to track your data every month. Where is the transparency?
Skittles
(153,164 posts)whereisjustice
(2,941 posts)seabeckind
(1,957 posts)Personal info my butt. And it isn't the gov't site compromising the info it's that a 3rd party under contract for support might (maybe, just might) have ahole that when combined with other information on your PC, might be a way to get your info.
Oh bullshit.
Just another stealth attack on the program.
They wanted all the contracting out and now they're saying that's a weak spot...well, quit contracting out...duh.
"The scope of what is disclosed or how it might be used was not immediately clear, but it can include age, income, ZIP code, whether a person smokes, and if a person is pregnant. It can include a computer's Internet address, which can identify a person's name or address when combined with other information collected by sophisticated online marketing or advertising firms."
Oh, and cookies are an essential part of that but the gov't site didn't do those, the 3rd party MAY have done it.
As I thought about it...on this site right here, if you click an add link, just what happens?
The exact same thing.
DeSwiss
(27,137 posts)ChromeFoundry
(3,270 posts)You really think there wasn't an iron-clad service level agreement and privacy agreement signed prior to the gov't contracted, said 3rd party?
You really think the gov't has no idea that the healthcare.cov site is generating the URL links and providing your personal information into the query string of the request?
Fact: A third part cannot place tracking ads on the hosted healthcare.gov web site without their knowledge. Impossible. And, All modern browsers protect against cross-site scripting attacks.
Do you even understand how the HTTP protocol works, because it seems that you flat out fault the advertisers for this breach of data, and that is simply a flat out lie.
Since you don't believe the gov't was involved, and is not being paid for generating requests for tracking ads to third party sites... can I interest you in buying a bridge I have for sale?
seabeckind
(1,957 posts)I know exactly how HTTP works.
The holes pointed out in this article are ones that MIGHT be in the 3rd party site that is hopped to from the gov't site. When the gov't site does the passoff it includes the info listed in my comment (you might note that the quote from the gov't spokesperson says no ID info is passed -- and if somebody can figure out which of the non-smoking men at my age in my zip code is me, they're a lot smarter than my internet provider)
And then to imply that I can be tracked from that IP address? What that marketer will find out is that somehow the zip code for central Indiana got moved to New Jersey.
BTW, clear your cookies.
ChromeFoundry
(3,270 posts)the site ignores the HTTP "Do Not Track" request header.
FAIL!
seabeckind
(1,957 posts)https://support.mozilla.org/en-US/kb/how-do-i-turn-do-not-track-feature
IOW, it is up to the recipient of the pass-off to not do the tracking. And I'm sure they will do it...
If you don't want to be tracked...don't leave tracks.
ChromeFoundry
(3,270 posts)and edit your hosts file (there is no place like 127.0.0.1) or put access restriction right on your router.
That is about the only way they won't be able to track you, be it 3rd party or gov't.
seabeckind
(1,957 posts)Agent mike will tell, tho. Agent mike knows when you're good or bad...
DeSwiss
(27,137 posts)Sucks, huh? Well, you'll get used to it.....
Babel_17
(5,400 posts)Well, I'll wait for the dust to clear but there is a way to collect useful data that doesn't identify individuals. And there is a way to make that voluntary, and to make it so people can choose what level of info they are comfortable sharing, if they choose to share at all.
I think we might have a case where nothing nefarious is going on but it's "just" a matter of there being too much compartmentalization, and some higher ups swimming in unfamiliar waters.
Issues like this is have long ago been addressed by companies like Microsoft, Google, the Mozilla project, Steam, and so on. You tell people up front, you lay it all out, and you give them choices.
Sigh, this might cost us some good will with geeks and privacy advocates who are undecided about voting our way. But if we address it head on we can quickly put it behind us.