- Jan 8, 2011
- 22,361
Health insurance information is sent by HealthCare.gov to advertising companies that track data from websites for marketing purposes.
Among the details passed to third parties there is a person’s zip code, financial status, whether the user is a smoker, age, parental status, or if they are pregnant.
Data is sent through the referrer header
The report comes from the Associated Press and it has been confirmed by tests carried out by the Electronic Frontier Foundation (EFF).
It appears that at the receiving end of HealthCare.gov’s data are companies like Google, Twitter, Yahoo and Akamai. However, EFF has discovered that there are 14 domains getting the information from the US government’s health insurance website, even if the Do Not Track header is turned on in the user’s web browser.
“The information is sent via the referrer header, which contains the URL of the page requesting a third party resource. The referrer header is an essential part of the HTTP protocol, and is sent for every request that is made on the web,” EFF’s Cooper Quintin writes in a blog post.
Attackers could steal the data from advertisers
Apart from the obvious privacy breach, there is also a security risk users of the website are unnecessarily exposed to.
..
Among the details passed to third parties there is a person’s zip code, financial status, whether the user is a smoker, age, parental status, or if they are pregnant.
Data is sent through the referrer header
The report comes from the Associated Press and it has been confirmed by tests carried out by the Electronic Frontier Foundation (EFF).
It appears that at the receiving end of HealthCare.gov’s data are companies like Google, Twitter, Yahoo and Akamai. However, EFF has discovered that there are 14 domains getting the information from the US government’s health insurance website, even if the Do Not Track header is turned on in the user’s web browser.
“The information is sent via the referrer header, which contains the URL of the page requesting a third party resource. The referrer header is an essential part of the HTTP protocol, and is sent for every request that is made on the web,” EFF’s Cooper Quintin writes in a blog post.
Attackers could steal the data from advertisers
Apart from the obvious privacy breach, there is also a security risk users of the website are unnecessarily exposed to.
..