Internet watchers have long been warning consumers about the privacy implications of tracking. Now, one researcher says simple online searches for health information could be much more harmful than previously thought.
Timothy Libert was a doctoral student at the University of Pennsylvania’s Annenberg School for Communication when he wrote his study last fall. Libert had developed a software tool he used to track Hypertext Transfer Protocol, or HTTP, activity between websites and third parties, including advertisers and data brokers.
He found that 91 percent of visits to websites triggered HTTP requests to third parties. Say you were looking for information on influenza and you clicked on “severity in winter” to learn more. The site you visited probably sent your request on to one or possibly several third-party sites interested in your searches.
Seventy percent of the third-party transmissions included information about specific symptoms, diseases or treatments. Libert designed his study to deliver results from all websites, not just health-centered ones.
Libert dug deep into the data and found that Google is the clear winner in third-party requests, collecting user information from 78 percent of pages searched; other leaders are comScore (38 percent) and Facebook (31 percent). He found data brokers Experian and Acxiom on thousands of pages as well.
While many of us still think the Internet can be searched anonymously, Consumer Affairs writer Truman Lewis says the interests people demonstrate through searching might be linked with their names. This could happen if the info is accidentally leaked, if hackers or other crooks get access to the data, or if data brokers collect the information and sell it.
Libert’s research found that a small fraction (3.24 percent) of the pages he analyzed used secure HTTP. The rest used non-encrypted HTTP connections “and thereby potentially transmitted sensitive information to third parties.”
Libert cited a critical U.S. Senate committee report on the data broker industry in 2013. One company was reportedly using “proprietary models” to create and sell lists of “domestic abuse victims,” “rape sufferers” and “HIV/AIDS patients.”
Advertisers like to assure us their data collections are anonymous. But ad tracking can discriminate in subtle ways. Sorting searchers into a category of high spenders on medical needs means those consumers likely will have less to spend on non-essential consumer goods; the trackers might consider them “undesirable” and be less likely to advertise special offers or prices to them.
The ad industry is investing serious money in computer modeling, the better to sort consumers into “buyer” and “other” categories.
Don’t look for existing law to change things. The Health Insurance Accountability and Portability Act contains strong language about the ways doctors and insurers handle your health information; those protections don’t apply to web searches.
Libert suggests that nonprofit entities — with nothing to gain from third-party exchanges — tighten systems so data leaks are avoided. For commercial concerns with a profit motive, regulators and legislators might see broad public support for applying rules about how various kinds of data may be used and how long they can and should be saved.
He also urges engineers to spend more time creating intelligent filters that keep sensitive data confidential.
Consumers might do well to use separate web browsers and email accounts with unique, strong passwords when investigating health issues.
Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s all-volunteer, nonprofit consumer organization. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer, ME 04412, visit http://necontact.wordpress.com or email firstname.lastname@example.org.