Social Media Sites Got Information from Ad Trackers on US State Health Insurance Sites (gizmodo.com)
- Reference: 0183165294
- News link: https://slashdot.org/story/26/05/09/052205/social-media-sites-got-information-from-ad-trackers-on-us-state-health-insurance-sites
- Source link: https://gizmodo.com/meta-and-tiktok-are-getting-your-data-from-state-healthcare-sites-report-2000754335
> Per the report, seven million Americans bought their health insurance through state exchanges in 2026, and many of them may have had personal information shared with companies, including Meta, TikTok, Snap, Google, Nextdoor, and LinkedIn, among others. Some of the data collected and shared with those companies included ZIP codes, a person's sex and citizenship status, and race.
>
> In addition to potentially sensitive biographical details about a person, the trackers also may reveal additional details about their life based on the sites they visit. For instance, Bloomberg found trackers on Medicaid-related web pages in Rhode Island, which could reveal information about a person's financial status and need for assistance. In Maryland, a Spanish-language page titled "Good News for Noncitizen Pregnant Marylanders" and a page designed to help DACA recipients navigate their healthcare options were found to be transmitting data to Big Tech firms...
>
> Per Bloomberg, several states have already removed some trackers from their exchange websites following the report.
Thanks to Slashdot reader [3]JoeyRox for sharing the news.
[1] https://gizmodo.com/meta-and-tiktok-are-getting-your-data-from-state-healthcare-sites-report-2000754335
[2] https://www.bloomberg.com/features/2026-healthcare-advertising-trackers-privacy/
[3] https://www.slashdot.org/~JoeyRox
Why? (Score:5, Interesting)
While I appreciate that some of the government run sites removed the problematic trackers quickly, IĆ¢(TM)d really like to know the reason why it was ever there in the first place and the full story of how it got there.
Re:Why? (Score:4, Insightful)
A lot of the automated "site-builder" tools include these trackers by default. Some of the trackers (like the Google one) are useful for site-operators to track metrics (# of individual visitors vs repeat visitors, referring source, etc.)
If you build your own site from scratch, and know how to code, you probably would not include them in anything sensitive like this. But if you are just a guy who's boss said "Make it so" and searched for "how to build a website", well... here we are.
Re: Why? (Score:1)
> A lot of the automated "site-builder" tools include these trackers by default. Some of the trackers (like the Google one) are useful for site-operators to track metrics (# of individual visitors vs repeat visitors, referring source, etc.)
A reasonable explanation/theory, but based on the ab-so-lute-ly ludicrous money spent to create these federally-funded websites, why were they relying on, as you describe them , "automated site builder tools"?
The time and cost involved reminded of the story around the build-out of Xerox PARC - they started with nothing, had to invent their workstations and invent a means to network those machines, then design and build the physical servers the sites ran on...
Bottom line, including tools to capture metrics a
Another reason to use Brave+Ublock Origin (Score:1)
NO ADS EVER. I don't like them they violate your privacy and attempt to drain your wallet!
Re: (Score:2)
That's fine when you're interacting with informational websites where it doesn't really matter if the site works as intended. I've found that half the storefronts and interactive sites don't. For something like an insurance enrollment, I would not expect it to function without disabling Ublock or Noscript.
In many ways Government = Church (Score:2)
Only difference is who gets the money paid for the indulgences.
That's small stuff (Score:3, Insightful)
The real invasion of privacy -- aside from traffic cams, three letter agencies hoovering up everything that passes through fiber, parallel construction, abuse of the interstate commerce law, permanent emergency bills -- Nevermind. Another invasion of privacy is id.me, wherein to access government services people are forced to send their identity to an unaccountable non-government third party operating under rules not restricted by the constitution.
Re:That's small stuff (Score:4, Insightful)
> people are forced to send their identity to an unaccountable non-government third party
Forced to? I use the US Mail for all dealings with the government. As far as they know, I have no Internet. If they mandate that, they can pay for the service and buy me a nice (top of the line) laptop.
Re: (Score:2)
> No, you will simply cease to exist.
Whoo hoo! No more income taxes.
Re: (Score:2)
If they don't know where I'm getting it, how can they cut me off?
Re: (Score:2)
It can get mandated. If I remember right, I had to sign up for ID.me in order to make the required payments to the IRS for with-holding for the company. At least I think it was that. Something with the gov required it though, and so I did as required.
Re: (Score:2)
Note that not signing up for your IRS online account (and others, like social security) comes with its own risk - it makes it easier for a someone else to claim that account, and then redirect the payments and correspondence to to themselves.
Yes, there are checks and safeguards to try to prevent this, but
a) Authentication is a very hard problem to solve.
b) Much of the privileged data used for this authentication was just given to Palantir et. al. by the DOGE assholes.
Re: That's small stuff (Score:1)
As this story is about healthcare exchanges, you might have a hard time finding a printed application form.
I don't think they support a model where:
- you send in your demographic info,
- they send you a list of choices based on your information,
- you mail them your selection from the list provided,
- they send you a confirmation letter in the mail.
I don't think the open-enrollment window is long enough to facilitate that interaction.
tell your browser to send a don't track signal (Score:3)
also, use NoScript:
[1]https://noscript.net/ [noscript.net]
[2]https://noscript.net/getit/ [noscript.net]
[1] https://noscript.net/
[2] https://noscript.net/getit/
Used to be illegal to release medical info then ca (Score:2)
HIPPA SCHMIPPA
Re: (Score:2)
It's still illegal. Enforcement, however, has always been a problem.
Re: Used to be illegal to release medical info the (Score:1)
I think you're being a bit aggressive in your HIPPA explaination.
They aren't sharing specific, identity-revealing medical information about anyone.
Knowing that a user visited a website for pregnant, low-income DACA participants doesn't confirm the user is pregnant, low-income, or enrolled in DACA.
It's like saying by observing someone walk into an abortion clinic that violates HIPPA because now I know they are pregnant. I can prove no such thing from that visit - they could work at the clinic, they could be
Is anyone surprised? (Score:1)
When the tech firms got involved with creating these sites in the first place, it wasn't out of the goodness of their CEOs' (non-existent) hearts...
Bitches (Score:2)
It was about getting a government contract, to which could have been added stipulations about data collection, but they weren't.
After a few decades of that, the tech companies get to thinking the government is their bitch, and then we get into the situation we have now.
I do think people subconsciously recognize this. They want to get the bitches that fold, out of government. They saw Trump as "not anyone's bitch" (incorrect, btw) and that was a big plus. Hillary and Kamala were perceived as - if I may use t