Published in News

US Health Companies spy on users

by on24 February 2015
US Health Companies spy on users


Stop saying you are sick online

US sites which offer medical advice are tracking queries, sending the sensitive data to third party corporations, even shipping the information directly to the insurance brokers who monitor credit scores.

Tim Libert, a researcher at the University of Pennsylvania, custom-built software called webXray to analyze the top 50 search results for nearly 2,000 common diseases (over 80,000 pages total). He found the results startling: a full 91 percent of the pages made what are known as third-party requests to outside companies. The highly ranked "Cold Sores Topic Overview WebMD" link, passrd your request for information about the disease along to one or many other corporations.

According to Libert's research, which is published in the the Communications of the ACM, about 70 percent of the time, the data transmitted "contained information exposing specific conditions, treatments, and diseases."

Other issues are connected to the fact that sites like the Centers for Disease Control has installed Google Analytics to measure its traffic stats, and has, for some reason, included AddThis code which allows Facebook and Twitter sharing, the CDC also sends a third party request to each of those companies.

Apparently the request looks something like this—http://www.cdc.gov/std/herpes/STDFact-Herpes.htm—and makes explicit to those third party corporations in its HTTP referrer string that your search was about herpes.

The vast majority of health sites, from the for-profit WebMD.com to the government-run CDC.gov, are loaded with tracking elements that are sending records of your health inquiries to the likes of web giants like Google, Facebook, and Pinterest, and data brokers like Experian and Acxiom.
Companies receiving the requests can use other data mining techniques to identify you and your illness.

According to Motherboard the CDC example is notable because it's a government site which should be free of a profit motive.

Profit health sites are often much worse. WebMD, for instance, is the 106th most-visited site in the US, according to Alexa, and figures prominently in search results for most commonly searched diseases. It sends third party requests to a whopping 34 separate domains, including the data brokers Experian and Acxiom.

"WebMD is basically calling up everybody in town and telling them that's what you're looking at," Libert said. Seeing as how there's a good chance that's a sensitive disease, users would likely not be pleased.

Rate this item
(2 votes)
More in this category: « Intel to abandon silicon PrivDog privacy software is a Bad dog »
back to top

Most popular

Latest comments