Outrage as NHS allows Facebook tracking of website users
Research shows NHS Choices passes browser information to Facebook
Online identity experts have expressed outrage that an NHS website is allowing Facebook to track users on one of its sites, where information such as which pages they have visited can be harvested by the social network.
Research from online privacy company Garlik discovered that the NHS had integrated the NHS Choices site with the Facebook Connect platform, in order to allow easier sharing and the use of the "Like" button on its pages.
However, that also allows Facebook to track users across the site, where citizens are encouraged to research potentially embarrassing ailments.
The NHS is sharing this information out liberally and the users don’t know it and can’t opt out of sharing even if they did
“What right has the NHS to share any information about the browsing of NHS Choices with Facebook?” asked Mischa Tuffield, the Garlik software developer that made the discovery. “The NHS is sharing this information out liberally and the users don’t know it and can’t opt out of sharing even if they did.”
The researcher also found that the NHS has associations with three other tracking companies – including Google - but could only prove that Facebook was actively receiving user data.
“So a young mother is logged on to Facebook talking to friends and is also looking for some advice about depression on NHS Choices and bingo – although she doesn’t know it – Facebook now knows she has looked at this page,” Tuffield said.
Incredibly, the spokesperson put the onus on web users, saying they should log out of social networks before accessing the NHS Choices website.
"People should log out of Facebook properly, not just close the window, to ensure no inadvertent data transfer," the spokesperson said.
To make matters worse, according to Tuffield, the information given out regarding logging off is inaccurate.
Unless a user has cleared cookie information from their browser, Tuffield said, the cookie would still be active and let Facebook track users across pages with its 'Like' button built in.
"If you have ever visited and logged into www.facebook.com from your browser, they will drop a cookie on you," Tuffield said. "Regardless of whether you are logged in or logged out, every page with the iframe based implementation of the 'Like' button will see this cookie."
"This is not common behaviour for your average website, to be frank," Tuffield said. "I think that your average web user has no idea what a cookie is and they can't be expected to delete their cookies before turning up to the NHS website."
We are waiting for Facebook to come back to us on whether NHS Choices users can be traced by the social network even when they are not logged in.