The popular NHS Choices health website has been exposed automatically ‘tracking’ all Facebook users that visit, according to new research. The study, from Garlik has lead the online identify theft and fraud firm experts to call for third party tracking to be banned from all Government websites, particularly those carrying information on personal and sensitive topics such as health and benefits.
Research by Garlik staff on the NHS Choices website demonstrated that personally identifiable information on visitors is automatically sent to Facebook, even if a user is not logged in to Facebook, or does not click the Facebook ‘Like’ button.
Conducted last week by Garlik’s Mischa Tuffield, Information Systems Developer, and Steve Harris, Chief Technology Officer, the research observed the movement of traffic between a user’s internet browser and the website, uncovering that the Facebook ‘Like’ button on the site, even if not clicked, instigates an exchange of data that includes the web address visited and the Facebook ID of the user – without the user’s permission being requested.
This means that NHS Choices is proactively informing Facebook of the pages visited by those seeking perhaps very private and sensitive health advice.
“Governments exist to serve citizens and the country, not act as outposts for private third parties to harvest information about visitors surfing habits. Garlik believes that all third party tracking of the kind described above should be removed from Government websites, especially those that deal with personal and sensitive issues.”
Garlik’s research did find that the NHS Choices web pages also interact with www.google-analytics.com, statse.webtrendslive.com, addthiscdn.com.
Specific tests were not carried out on the interactions with these sites, and there is no evidence to suggest that tracking is taking place through them in the same way as described above.
A more detailed explanation of how the research was conducted, including technical information can be seen at www.garlik.com/blog.