this post was submitted on 11 Apr 2024
319 points (99.4% liked)

Technology

58303 readers
10 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 
  • Academics at the University of Pennsylvania analyzed a nationally representative sample of 100 non-federal acute care hospitals – essentially traditional hospitals with emergency departments – and their findings were that 96 percent of their websites transmitted user data to third parties.
  • Not all sites had privacy policies and of those that did, only 56% disclosed specific third parties receiving data.
  • Google and Meta (through Facebook Pixel) were on nearly every site and received the most data. Adobe, Verizon, Oracle, Microsoft, Amazon also received data.
  • Common data shared included IP addresses, browser info, pages visited, referring site.
  • Sharing data poses privacy risks for visitors and legal/regulatory risks for hospitals if policies don't comply with laws.
  • A class action lawsuit against Mass General Brigham and Dana-Farber resulted in an $18.4M settlement over sharing patient data.
  • Researcher calls for hospitals to collaborate with computer science departments to design more private websites. Also recommends privacy tools to block third party tracking.

But in the meantime, and in lieu of any federal data privacy law in the US, protecting personal information falls to the individual. And for that, Friedman recommends browser-based tools Ghostery and Privacy Badger, which identify and block transfers to third-party domains. "It impacts your browsing experience almost none," he explained. "It's free. And you will be shocked at how much tracking is actually happening, and how much data is actually flowing to third parties."

Note: Although Friedman recommends Ghostery and Privacy Badger, uBlock Origin is generally considered a better privacy-enhancing browser extension. Additionally, there exist multiple approaches for adblocking and tracker blocking beyond the browser extension model.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 7 points 7 months ago (2 children)

The bad part is that even if you block everything on the client side with ad/tracker blocking extensions, there's nothing stopping them from collecting data on the server side.

[–] [email protected] 3 points 7 months ago (1 children)

That would be a violation of HIPAA.

[–] [email protected] 2 points 7 months ago (1 children)

I was referring to the website. This article goes in a lot more detail about how it works.

I'm pretty sure they are consulting lawyers to see how much data they can sell to third parties without breaking the law.

[–] [email protected] 2 points 7 months ago

For non-medical data, sure. That’s not an uncommon form of data collection. It’s a complete violation of HIPAA to use something like that on medical databases.

[–] [email protected] 1 points 7 months ago (1 children)

Please explain. How can google, Facebook, and such get data out of a hospital web server directly? That would be hacking.

[–] [email protected] 3 points 7 months ago

Typically trackers are implemented client side because it's more convenient. It's closer to the user, it can collect more data, and there is only one programming language it needs to support, Javascript.

But the disadvantage is that it can be blocked by the users. Data collection and user tracking can also be done on the server side. There are many analytics packages that support it, including Google Analytics. This is much easier to hide from the users. Here is an article I found on the topic.

It's not hacking because the website developers integrate it willingly.