The title of the original article is a little misleading. It's _website_ visitor tracking and it looks like it's really just advertising analytics... That's maybe bad but it's also the same as like... 98% of all other websites.
That's really pretty much everything, google knows you may think you have breast cancer -- email, gender, age, visit pages, etc. Certain sites and information classes/types are not just like the rest of 98%.
The title is totally misleading. It very much implies that hospitals are giving data about visitors to the hospital, which would be incredibly egregious.
Tracking website visitors is bad, but is something I 100% expect. If others aren't expecting this, that's a serious problem. People should absolutely be warned when it happens (or, better, laws should exist to prevent it from happening).
But web visitor tracking is not nearly as sensitive as tracking visitors to the hospitals (or any other health care provider premises) themselves.
I avoid the data leakage for sensitive things like health care by never using websites related to those things. I know that people often forget this, but at least in the US, using a website to interact with health care providers is not actually mandatory.
> I avoid the data leakage for sensitive things like health care by never using websites related to those things. I know that people often forget this, but at least in the US, using a website to interact with health care providers is not actually mandatory.
It is not mandatory but is made extremely onerous. I can get on the web site, authenticate while tracked, enter my request, or I can call an automated maze, get repeatedly dropped, talked to a ChatGPT knock-off, get dropped again, and maybe I get a human to answer my request. Then, I get an email asking if I am satisified with the service.
Interesting. I have to admit, I've never had a problem talking to doctor's offices or the hospitals in my area by phone. No onerous phone trees (just a simple initial menu), no voice robots, and usually only a short wait to talk to a human.
I need to stop complaining about my hospital. Apparently, this is one area where they're above the grade. But even if my phone experience was like yours, I'd still use the phone instead of the web site due to privacy concerns.
In the end, as with all privacy/security issues, there's an inherent tradeoff between convenience and security. Everyone has a different place on that spectrum where they're most comfortable. But at least we can choose how much of a tradeoff we're willing to engage in.
Imagine you stated online that you don't like the fact that your Uber ride data is being sold to Facebook. Then imagine someone said, "If you don't like theZuck or Googs knowing where whereabouts and who you are visiting, just walk when you need to go somewhere." Hopefully you'll realize why you are being down-voted.
Just because you think it is okay to continue to feed the beast is not my issue. I can spare the -4 points to engage the discussion.
I also don't use Uber because I don't support their history even if they might no longer behave that way now. You don't have to walk just because you don't use Uber. There are other ways to get around. The fact that you feel this way just means to me that you've drunk too much of the Kool-aid.
Society has become lazy/complacent with the status quo, and does not want to put forth the effort to fight for the rights that they so freely complain about on web forums. Yes, things can be more convenient if you are willing to accept the true costs. Things can be more difficult when you choose to not accept the true costs. Just because they are more difficult does not mean it is impossible.
Your reply is not only a non sequitur, the claims you make about me are factually wrong. I have never had a facebook account, nor instagram, nor twitter, and I've never taken an uber. But you claim I've overdosed on the kool-aid.
My point was you are very cavalier about how easy it is for people avoid what is structurally difficult to avoid. For instance, rather than going to the website to look up information, one should go to the hospital and ask someone in person.
You should also have some empathy for people who have no idea that a hospital might sell their information.
About 98% of hospitals has committed some form of medical malpractice. The major problem is when people start accepting this as acceptable behavior. There are multiple places where sharing information with advertisers should be greatly restricted, including hospital, lawyers, priests and so on. Government institutions like police emergency information centers should also avoid sharing data with advertisers, especially if that information get transported over the border.
Yes, people do bad decisions all the time. Hospitals are not perfect and mistakes happens. They should however not continue doing mistakes that harms patients.
How many of these websites remember to completely disable analytics on the sensitive logged-in portions of the site? Completely disable doesn’t mean “an intern once logged in to the analytics provider’s config page and asked them to, pretty please, not log certain pages, and no one ever re-checks that config.” The analytics script should straight-up not be present on the sensitive URLs.
(Frankly, the script should not be present at all on the sensitive origin. Ever heard of fetch or service workers or any other same-origin mechanism of collecting data?)
