I cannot believe anyone in these comments is defending Facebook on this.
Should the hospitals have been better so this sensitive data doesn't get to Facebook? Yes.
But we cannot excuse the privacy invasive practices of Facebook and Google (I would be shocked if google was not also getting this data somehow).
And this is not just hospital data, it is certain sensitive apps (I really don't need or want Facebook to know every time I open Grindr), nearly every single thing we do these companies find a way to find out because they weasel their way in by offering some helpful feature that a developer would want to use.
It is a bit sad to see the smartest engineers in the world all working towards implementing and maintaining the largest spying apparatus in history.
We should be focusing on learning from and highlighting people who are working to make the world a better place - and not focusing on employees from these companies. Any online news aggregator could institute a policy to not promote products or services of these companies. Unfortunately, many startups are operating with the hope that these companies acquire them, and so they're all to happy to continue extending this spying apparatus even further into other domains.
> It is a bit sad to see the smartest engineers in the world all working towards implementing and maintaining the largest spying apparatus in history.
It is inevitable when society promotes "fiduciary duty" and "I got mine" as apex values for corporates and individuals, respectively. Unfettered selfishness cannot get to a globally optimal solution, despite what any free market zealots may tell you.
The collective good is out of fashion - it has been for a long time, TBH, but now it is unapologetically so.
I have turned off I think hundreds of ad targeting switches in Facebook, Google, Windows, and LinkedIn, and despite the incessant passive-aggressive warnings about how ads will be "less relevant", I don't find them to be worse.
I hope you're not one of the weirdos who likes to contradict people and say we are all fooling ourselves and the algorithm knows all.
This post is 45 minutes old and is almost now on page 2 of hacker news. Shit like this has become the norm! We don't think about it anymore. That is a huge problem. We cannot allow this to be the normal!
Ultimately we are the ones that built these tools. Use them.
I know the post rank isn't everything, but people just seem to not care anymore. We should be the ones that care the most because we actually understand (at least more of it) that this is happening in the first place and how it works. But also the dangers of things like this being moved to server side and completely hidden if nothing is done.
>Once in a while I get annoyed about the fact that I have no real privacy. Nowhere I can go and not be registered. I know that, somewhere, everything I do, think and dream of is recorded. I just hope that nobody will use it against me.
Mostly because government's don't do shit to stop them, and even when they do, facebook makes millions from that data, and is then fined a few percents of the money earned.
Fines for a single act like this, should be multiple times higher than whatever posible income they could get by gathering data like this.
It saddens me that we need the government to step in on cases like this.
Why has invading users privacy become normal? While Facebook and Google are the largest, it has become common that smaller companies are doing this to pad their bottom line.
As developers we should be pushing back on this. Not using these tools from Facebook and Google that just grow their grip on the web. The tools that invade user privacy in completely invisible ways.
I'm not sure if the developers pushing back is the answer.... it's like a mcdonalds burger-flipper pushing back on mcdonalds shitty meat.
I usually don't believe in regulation, but here is an obvious case for regulation... Does company/app legitimately need data X for the app/service to work? No? Then it's not allowed to collect, store and resell that data. If it does, it should be fined way more, than the data is worth. Did they collect the data for one thing (eg. location data for playing pokemon go) and are using it for another (ad targeting)... agian, a huge fine.
> It saddens me that we need the government to step in on cases like this.
Every time I see this I chuckle. The first public companies ever created had just two lines of business: selling drugs and selling slaves.
The only reason they ever stopped, was because government stepped in. The expectation that developers can do something is delusional, you need men with guns- I suppose some vigilante citizen militia could also work though.
I've had so many clients insist that Google Analytics is absolutely necessary for their site or app since they need the to know as much as possible about who is visiting.
In most cases these same clients never even look at the analytics as the dashboard is too confusing and generating reports too cumbersome.
Can you elaborate on this? It's a patient portal. The patient is logged in, so you know who's visiting. They're visiting pages on your site tied to their own accounts, so you know as much as you can about what they're doing. Why do they need Google involved on this? I don't even understand the concept the clients are trying to convey. It's like someone saying, "I need to go to the store to get milk," but you open their refrigerator and it's full of gallon jugs of milk. What am I not understanding?
IP/location, device used to access, browser used, time spent on the site, other demographics and interests data that may not be part of their user profile but is available thanks to Google tracking cookies, etc.
Most (all?) of which could be developed on their own of course, but that costs more than a one liner to set up Google Analytics.
And again, none of this info was ever actually used. They just felt very strongly that they needed it to better understand their users and improve the experience at some far off future date.
I'm guess I'm just surprised that the product owner (or whoever tends to fill that role in this space) isn't intimately aware of the privacy concerns. There's an entire market of HIPAA-compliant data storage/processing/etc. If there isn't a HIPAA-compliant web metrics solution, I guess that's my million-dollar idea (free for the taking, I have zero interest in building it myself).
Because they are for-profit businesses and as such have a strong incentive to spend in ads and for these ads to be as effective as possible. FB and Google are just giving them the means to do so; we should be asking why it is that hospitals are allowed to have these strong economic incentives to begin with.
Hospitals advertise, just like any other business. I’ve ran campaigns (not Facebook) for maternity wards, cancer centers, rehab, etc. You need to track conversions and exclude current customers, so you need to place trackers in a lot of different places. And you give clear instruction to the marketing guy to not grab any pii, but they might do it anyway.
It's probably an element of the Electronic Health Records system they use. EHR systems are massive and complex, and the health care facilities are barely aware of all the functions and features. I'd say this is a failure of oversight on the EHR providers.
I work at Epic. This is not true. Hospitals have the ability to customize the portal we offer and add in what they want. We're not shipping with Meta Pixel enabled. They added this and didn't understand the full consequences (I hope). When we learned and understood the consequences, we called every customer to share what we know and investigate if they're impacted.
I can't speak to why the consequences weren't more obvious. I don't know. I do know that Epic cares deeply about this and I know that it pisses me off that this happens. But the tech people at hospitals are people and make mistakes. They're likely driven by the business needs and don't have time to fully vet everything.
I think this is a consequence of the American health system and want to implement these products to increase profitability.
A number of pharmacies in Sweden also sent a bunch of data (IIRC for example contents of shopping carts) to facebook via the pixel. All of them are now under investigation by our data protection agency.
I'll probably get downvoted but this article seems highly sensationalized. It blames Facebook, while the blame should be on the hospitals who, for whatever reason, have the FB pixel code in locations where it shouldn't be.
The blame should fall squarely on the company providing the electronic health records system, and any regulatory agencies (like the FDA) that are supposed to be overseeing them. The hospitals buy these systems, which are massive and complex, they don't create them in-house. I would not expect them to have the expertise to do so.
Come on. This is a tool that has a legitimate purpose - if you buy advertising on FB, you use pixel trackers to find out if it was effective. Did the ad you showed the user lead to them doing the thing you want - buying a shirt, signing up for a newsletter, or in this case, making an appointment? They shouldn't be optimizing on medical search terms, but this is a problem with usage, not the tool.
I disagree. Exposing your users (including non-FB users who visit your website directly) to FB stalking isn’t a good enough justification (and in breach of the GDPR).
You can track advertising effectiveness yourself by having all your ads point to a unique URL with some query parameter (“campaign_id=123”) which preserves the privacy of everyone. FB can stalk their users on their own properties but at least non-FB users are protected from it.
When I search whoisdomain "w55c.net" I find it is owned by Roku, Inc. 150 Winchester Circle Los Gatos, CA.
Am I doing this wrong or is the tracking pixel in my local hospital sending data to ... Roku... the company that make the little streaming box I have hooked up to my TV.
You’re probably correct. Your hospital is probably running an advertising campaign through roku and wants to track how successful it is, and exclude serving ads to existing patients (customers).
> “We do not have an adequate level of control and explainability over how our systems use data, and thus we can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose.’ ” Facebook engineers on the ad and business product team wrote in a 2021 privacy overview that was leaked to Vice.
To be fair, the majority of those gstatic connections are for things like fonts. When you are actually logged in there,s only one (for a font), and that is cached by the browser (because you've received it already).
Worryingly, I saw requests (that ublock stopped) to https://exponea.com/, dc.services.visualstudio.com/v2/track, and googletagmanager, _and_ if I book an appointment it sends the details of the booking to the analytics service... that's pretty horiffic.
I think the principal is that any page with my medical details on it should not load 3rd party JS from external sources. Regardless of its reported function, it's just not ok.
That's a bit of a stretch of an interpretation - you can serve fonts via Google as long as you obtain permission, and it being illegal doesn't mean you're going to get put in jail. The case this came from finedthe company €100.
> The ruling directs the website to stop providing IP addresses to Google and threatens the site operator with a fine of €250,000 for each violation, or up to six months in prison, for continued improper use of Google Fonts.
Hopefully, it's not actually written as dumb as it sounds:
Okay, so we don't serve fonts from google-ish domains. We know server from freefontswithtracking.com a wholly owned subsidiary of Alphabet! See, no longer serving fonts from Googs. /s
The trouble with this argument - and I write this as someone who is generally a strong proponent of privacy safeguards - is that the logical conclusion is the end of the WWW as we know it.
Balkanisation has been a concern for some time mostly because of government regulations in different jurisdictions that conflict.
However if a site can't import any externally hosted resources without getting explicit consent first then that breaks CDNs, payment services that require you to use their versions of scripts for security and/or regulatory reasons, services that host content where providing locally hosted alternatives might not be practical such as video or audio files or mapping data, and the list goes on.
Some reasonable middle ground is clearly needed here. Perhaps there could be some reasonable standard for privacy that those external services can meaningfully promise to maintain and then some sort of safe harbour provision where importing resources from privacy-respecting sources is acceptable. Of course that only works if services that promise to respect privacy and then don't will be hit with meaningful sanctions but the same is true of any obligations under GDPR and other privacy laws today.
CDNs are already broken unfortunately. Both Firefox and Chrome use per-site caches [0].
> payment services that require you to use their versions of scripts for security, services that host content where providing locally hosted alternatives might not be practical such as video or audio files or mapping data, and the list goes on.
That's reasonable, and the GDPR doens't stop you from doing that, but it does mean that you must tell the user that you're loading it from a third party, ask permission to do so, and list the data that you're sharing with that party in exchange for them providing those resources.
CDNs are already broken unfortunately. Both Firefox and Chrome use per-site caches [0].
But many sites serve their own resources via a CDN for performance and resilience reasons. The major CDNs have the capability to record a lot of history about where systems reachable at a certain IP address have been visiting online. And of course it's impossible for a site that works that way to ask your permission before doing so because it has no way to communicate with you first. The same is true for other services like DNS.
That's reasonable, and the GDPR doens't stop you from doing that, but it does mean that you must tell the user that you're loading it from a third party, ask permission to do so, and list the data that you're sharing with that party in exchange for them providing those resources.
Which is the problem. The logical end result would be like the "cookie consent" junk but much worse. Do we really want a WWW where every service someone encounters needs explicit permission to do its job even if that job is simply to send some generic information to the IP address that requested it? Are we all going to have to download the DNS records for the entire Internet to our local systems every few minutes as well? What about other things we do online that necessarily involving remote servers, like sending an email? Does every system involved in forwarding a message I send to a dozen friends now have to contact me (how?!) and obtain my permission before forwarding the message to the next link in the chain?
There ought to be some reasonable limits to protect privacy. I don't think a website for a medical facility should automatically use Google Maps to show a route from a patient's home address to their facility. But in that case the information request on the user's behalf is much more specific. It's not just the user at 127.0.0.1 visiting some (unknown) site that uses a popular web font for its text and the user's browser then fetches the relevant data from Google Fonts without asking first.
Oracle just spent $28B Cerner[1], one of the two largest providers of electronic patient medical records systems. I happen to know personally that at least one of the hospitals mentioned uses Cerner and has used it since the 90s. This sharing of sensitive medical information thing is just going to get worse, unless Congress and the FDA step up strongly.
I meant in terms of oversight and enforcement. We know that multiple administrations have sought to shrink, or even cripple, federal regulatory agencies. Just because there are laws on the books doesn't mean there's sufficient regulatory power or money to ensure they are followed. An after-the-fact prosecution isn't good enough. Any healthcare provider will tell you that prevention is far preferable to any treatment needed once the patient is sick.
Does anyone know how to tell the FB "pixel" to stop sending the query string to Facebook?
Facebook now alerts you if you're sending what looks like PII to them in the query string, e.g. parameters named "first_name", but after extensive Googling I couldn't find any way to tell the FB code to strip off the query string before sending conversion events back to the mothership.
It's not exactly easy, but with Google Analytics it's at least possible to redact the URL before it gets attached to the transmitted event.
The only thing I could think of was to do for Facebook was to use a redirect (or the History API) to strip the query off the URL before loading the FB pixel, but this will break any other embeds that are relying on query params for e.g. form-filling.
I set up a DNS entry in my hosts file for all facebook/meta domains (https://github.com/jmdugan/blocklists/blob/master/corporatio...) to be blocked (routed to 0.0.0.0). The effectively blocks any data from the "pixel" because when it tries to send it, the request fails.
> The Meta Pixel “hashed” those personal details—obscuring them through a form of cryptography—before sending them to Facebook. But that hashing doesn’t prevent Facebook from using the data. In fact, Meta explicitly uses the hashed information to link pixel data to Facebook profiles.
Anyone know what they are talking about? (and getting wrong in some way one way or another).
> Former regulators, health data security experts, and privacy advocates who reviewed The Markup’s findings said the hospitals in question may have violated the federal Health Insurance Portability and Accountability Act (HIPAA). The law prohibits covered entities like hospitals from sharing personally identifiable health information with third parties like Facebook, except when an individual has expressly consented in advance or under certain contracts.
> Neither the hospitals nor Meta said they had such contracts in place, and The Markup found no evidence that the hospitals or Meta were otherwise obtaining patients’ express consent.
You really think that HIPAA prohibits distributing any data at all, providing it has a fig leaf of being deidentified?
I mean, aside from Facebook, how do you think people do medical research? Data sets are available to the public.
Decades ago, somebody showed that deidentification was completely meaningless because with just a few data points almost everybody can be relinked.
You are probably the only person in your zip code, with your gender, and your birthdate (including the year).
Distributing that information with any medical record you ever had is not prevented by anything I know of. As long as your name and SSN is not with it.
illegal for hospitals to expose/sell this information. not illegal for FB to receive it. the moment hospitals/providers start selling it there will be some business out there trying to aggregate and data mine it. be it FB or google or amazon, the key thing is hospitals are break the law by exposing it even if they do it for some really silly instrumentation benefits.
Should the hospitals have been better so this sensitive data doesn't get to Facebook? Yes.
But we cannot excuse the privacy invasive practices of Facebook and Google (I would be shocked if google was not also getting this data somehow).
And this is not just hospital data, it is certain sensitive apps (I really don't need or want Facebook to know every time I open Grindr), nearly every single thing we do these companies find a way to find out because they weasel their way in by offering some helpful feature that a developer would want to use.