Health sites let ads track visitors without telling them

Cartoon medical personnel are combined with all-seeing eyes.

Enlarge (credit: Aurich Lawson / Ars Technica)

abuse victims and kids. Add to that list the customers of several digital-medicine and genetic-testing companies, whose sites used ad-tracking tools that could have exposed information about people’s health status.

In a recent study from researchers at Duke University and the patient privacy-focused group the Light Collective, 10 patient advocates who are active in the hereditary cancer community and cancer support groups on Facebook—including three who are Facebook group admins—downloaded and analyzed their data from the platform’s “Off Facebook Activity” feature in September and October. The tool shows what information third parties are sharing with Facebook and its parent company Meta about your activity on other apps and websites. Along with the retail and media sites that typically show up in these reports, the researchers found that several genetic-testing and digital-medicine companies had shared customer information with the social media giant for ad targeting.

Further analysis of those websites—using tracker identification tools like the Electronic Frontier Foundation’s Privacy Badger and The Markup’s Blacklight—revealed which ad tech modules the companies had embedded on their sites. The researchers then checked the companies’ privacy policies to see whether they permitted and disclosed this type of cross-site tracking and the flow of data to Facebook that can result. In three of the five cases, the companies’ policies did not have clear language about third-party tools that might be used to retarget or reidentify users across the web for marketing.

Read 18 remaining paragraphs | Comments