The popular NHS Choices health website has been exposed automatically ‘tracking’ all Facebook users that visit, according to new research.
The study, from Garlik has lead the online identify theft and fraud firm experts to call for third party tracking to be banned from all Government websites, particularly those carrying information on personal and sensitive topics such as health and benefits.
Research by Garlik staff on the NHS Choices website demonstrated that personally identifiable information on visitors is automatically sent to Facebook, even if a user is not logged in to Facebook, or does not click the Facebook ‘Like’ button.
Conducted last week by Garlik’s Mischa Tuffield, Information Systems Developer, and Steve Harris, Chief Technology Officer, the research observed the movement of traffic between a user’s internet browser and the website, uncovering that the Facebook ‘Like’ button on the site, even if not clicked, instigates an exchange of data that includes the web address visited and the Facebook ID of the user – without the user’s permission being requested.
This means that NHS Choices is proactively informing Facebook of the pages visited by those seeking perhaps very private and sensitive health advice.
Commenting on the study’s findings Andy Thomas Garlik’s managing director said: “The fundamental issue here is that the NHS believes it is acceptable to share information about users’ browsing habits with third parties. This appears to have been a conscious decision, and the NHS believes that a statement buried away in a privacy policy makes it OK. NHS Choices has either wilfully decided that sharing the pages visited by all Facebook users with Facebook is acceptable, or has implemented the technology without understanding how it works.
“Governments exist to serve citizens and the country, not act as outposts for private third parties to harvest information about visitors surfing habits. Garlik believes that all third party tracking of the kind described above should be removed from Government websites, especially those that deal with personal and sensitive issues.”
Garlik’s research did find that the NHS Choices web pages also interact with www.google-analytics.com, statse.webtrendslive.com, addthiscdn.com.
Specific tests were not carried out on the interactions with these sites, and there is no evidence to suggest that tracking is taking place through them in the same way as described above.
A more detailed explanation of how the research was conducted, including technical information can be seen at www.garlik.com/blog.
One Comment
Comments are closed.
Nick
A quick look at AddThis’ privacy policy reveals they monetise their product through behavourial targeting. Although this is Non-Personally Identifiable Information I’m sure users would be somewhat surprised if they started to received adverts about their ailments on third-party websites.