- Joined
- Apr 8, 2014
- Messages
- 8,104
- Reaction score
- 7,799
- Points
- 113
http://spectator.org/blog/61562/healthcaregov-sells-your-personal-data-basically-everyone
EFF researchers have independently confirmed that healthcare.gov is sending personal health information to at least 14 third party domains, even if the user has enabled Do Not Track. The information is sent via the referrer header, which contains the URL of the page requesting a third party resource. The referrer header is an essential part of the HTTP protocol, and is sent for every request that is made on the web. The referrer header lets the requested resource know what URL the request came from. This would for example let a website know who else was linking to their pages. In this case however the referrer URL contains personal health information.
This is, of course, even scarier than a corporation collecting your data so that it can sell you things more effectively, though obviously that's still part of the equation. According to EFF, if you input, say, that you're in the early stages of a pregnancy, Healthcare.gov shares that directly with a data collection service, which will immediately update your ads. Worse than the embarrassing and potentially emotional consequences tied to that, is that many of these data collection companies create vast personal profiles, which now, thanks to the federally-mandated nature of the healthcare application process, can contain vast amounts of personal healthcare information, thus providing sites like Google (and, perhaps, the Federal government writ large) with a detailed personal profile. And some day, when you come up for evaluation in front of the Death Panels, they'll not only know that you're an alcoholic, but they'll know exactly which poison you prefer.
Hilariously, this kind of exposure to third party collection also makes Healthcare.gov more susceptible to outside attacks. But seeing as how the website is still only functioning intermittently, I suppose that concern is mitigated.
EFF researchers have independently confirmed that healthcare.gov is sending personal health information to at least 14 third party domains, even if the user has enabled Do Not Track. The information is sent via the referrer header, which contains the URL of the page requesting a third party resource. The referrer header is an essential part of the HTTP protocol, and is sent for every request that is made on the web. The referrer header lets the requested resource know what URL the request came from. This would for example let a website know who else was linking to their pages. In this case however the referrer URL contains personal health information.
This is, of course, even scarier than a corporation collecting your data so that it can sell you things more effectively, though obviously that's still part of the equation. According to EFF, if you input, say, that you're in the early stages of a pregnancy, Healthcare.gov shares that directly with a data collection service, which will immediately update your ads. Worse than the embarrassing and potentially emotional consequences tied to that, is that many of these data collection companies create vast personal profiles, which now, thanks to the federally-mandated nature of the healthcare application process, can contain vast amounts of personal healthcare information, thus providing sites like Google (and, perhaps, the Federal government writ large) with a detailed personal profile. And some day, when you come up for evaluation in front of the Death Panels, they'll not only know that you're an alcoholic, but they'll know exactly which poison you prefer.
Hilariously, this kind of exposure to third party collection also makes Healthcare.gov more susceptible to outside attacks. But seeing as how the website is still only functioning intermittently, I suppose that concern is mitigated.