info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
You scheduled an abortion. Planned Parenthood's website could tell Facebook.
0 views
Skip to first unread message
Circus Party
Jun 29, 2022, 7:58:36 PM6/29/22
to
The Supreme Court’s decision last week overturning the nationwide
right to an abortion in the United States may have sent worried people
flooding to Planned Parenthood’s website to learn about nearby clinics
or schedule services.
But if they used the organization’s online scheduling tool, it appears
Planned Parenthood could share people’s location — and, in some cases,
even the method of abortion they selected — with big tech companies.
An investigation by Lockdown Privacy, the maker of an app that blocks
online tracking, found that Planned Parenthood’s web scheduler can
share information with a variety of third parties, including Google,
Facebook, TikTok and Hotjar, a tracking tool that says it helps
companies understand how customers behave. These outside companies
receive data including IP addresses, approximate Zip codes and service
selections, which privacy experts worry could be valuable to state
governments looking to prosecute abortions.
Big Tech silent on data collection as workers call for post-Roe action
In a video shared with The Washington Post, Lockdown founder Johnny
Lin visited the Planned Parenthood website, opened the scheduling
tool, input a Zip code and selected “surgical abortion” as a service.
As he clicked around, a development tool let him see how data such as
his IP address was being shared with Google, Facebook and many other
third-party companies. Only the companies would know for sure how they
use our data, but any data sitting on servers is vulnerable to
potential cyberattacks or government subpoenas. In a criminal abortion
case, an IP address would be pertinent because with the help of
internet service providers, law enforcement can trace IP addresses
back to individuals.
“This was absolutely shocking,” said Lin. “We’ve analyzed and reviewed
the tracking behaviors of hundreds of apps and websites, and it’s rare
to see this degree of carelessness with sensitive health data.”
Planned Parenthood spokeswoman Lauren Kokum said the organization uses
trackers for its marketing efforts. She did not respond to questions
about whether the organization plans to remove the marketing analytics
from its scheduling page given new state-level abortion bans, or why
trackers were running on the scheduling page in the first place.
“Marketing is a necessary part of Planned Parenthood’s work to reach
people who are seeking sexual and reproductive health care, education,
and information,” she said.
The Supreme Court’s decision Friday in Dobbs v. Jackson Women’s Health
Organization sparked fresh concern over the troves of digital data
that companies collect every time we open an app, surf the web or
carry our phones with us on a trip. In states where abortion becomes
criminalized, will law enforcement turn to digital data from text
messages, period apps and other sources as evidence of a crime, people
have asked? Others have wondered what big data collectors like
Facebook and Google would do if state governments served them
subpoenas demanding they hand over their data.
Facebook, Google and TikTok declined to comment on how precisely they
would respond to governments’ requests for data surrounding abortion.
Hotjar did not respond to a request for comment.
Data shared with Google
IP address
Site visited
Behavior on the site
Reason for visiting site (e.g., “abortion”)
User’s selected method of abortion (e.g., surgical abortion/in-clinic)
Browser time zone
Name of the Planned Parenthood Health Center for appointment
User’s current Zip code estimation based on IP address
User’s closest affiliate based on Zip code
Time stamp
Whether the user came from a search engine, a link or typed the URL
directly
Client ID (According to Google’s documentation, “This pseudonymously
identifies a particular user, device, or browser instance. For the
web, this is generally stored as a first-party cookie with a two-year
expiration.”)
Browser language
Data shared with Facebook
IP address
Site visited
Behavior on the site
Time stamp
Unique Facebook browser ID
Data shared with TikTok
IP address
Site visited
Behavior on the site
Phone type
Operating system and version
Browser and version
Time stamp
Source: Lockdown Privacy
“Advertisers should not send sensitive information about people
through our business tools,” said Andy Stone, a spokesman for Meta,
the company that owns Facebook. “Doing so is against our policies and
we educate advertisers on properly setting up business tools to
prevent this from occurring. When businesses do this, our filtering
mechanism is designed to prevent potentially sensitive data it detects
from entering our ads system. Based on our review, that happened
here.”
Russell Ketchum, the director of Google Analytics, said organizations
that use Google’s analytics product can delete their data at any time,
adding that the latest version of its analytics tool, Google Analytics
4, automatically discards IP addresses.
As an organization that has long provided sensitive health-care
services, Planned Parenthood should know better than to run
third-party analytics on a scheduling page used by people in states
with current or impending abortion bans, said Cooper Quintin, senior
staff technologist at the privacy advocacy organization Electronic
Frontier Foundation.
“It’s really irresponsible of Planned Parenthood to be creating more
data about the visitors to the website and more trails of evidence
about the people that are seeking their services,” he said. “Planned
Parenthood needs to — right now, right this second — minimize the
amount of data that they are sharing with any outside party and
minimize the amount of data that they are keeping.”
https://www.washingtonpost.com/technology/2022/06/29/planned-parenthood-privacy/
right to an abortion in the United States may have sent worried people
flooding to Planned Parenthood’s website to learn about nearby clinics
or schedule services.
But if they used the organization’s online scheduling tool, it appears
Planned Parenthood could share people’s location — and, in some cases,
even the method of abortion they selected — with big tech companies.
An investigation by Lockdown Privacy, the maker of an app that blocks
online tracking, found that Planned Parenthood’s web scheduler can
share information with a variety of third parties, including Google,
Facebook, TikTok and Hotjar, a tracking tool that says it helps
companies understand how customers behave. These outside companies
receive data including IP addresses, approximate Zip codes and service
selections, which privacy experts worry could be valuable to state
governments looking to prosecute abortions.
Big Tech silent on data collection as workers call for post-Roe action
In a video shared with The Washington Post, Lockdown founder Johnny
Lin visited the Planned Parenthood website, opened the scheduling
tool, input a Zip code and selected “surgical abortion” as a service.
As he clicked around, a development tool let him see how data such as
his IP address was being shared with Google, Facebook and many other
third-party companies. Only the companies would know for sure how they
use our data, but any data sitting on servers is vulnerable to
potential cyberattacks or government subpoenas. In a criminal abortion
case, an IP address would be pertinent because with the help of
internet service providers, law enforcement can trace IP addresses
back to individuals.
“This was absolutely shocking,” said Lin. “We’ve analyzed and reviewed
the tracking behaviors of hundreds of apps and websites, and it’s rare
to see this degree of carelessness with sensitive health data.”
Planned Parenthood spokeswoman Lauren Kokum said the organization uses
trackers for its marketing efforts. She did not respond to questions
about whether the organization plans to remove the marketing analytics
from its scheduling page given new state-level abortion bans, or why
trackers were running on the scheduling page in the first place.
“Marketing is a necessary part of Planned Parenthood’s work to reach
people who are seeking sexual and reproductive health care, education,
and information,” she said.
The Supreme Court’s decision Friday in Dobbs v. Jackson Women’s Health
Organization sparked fresh concern over the troves of digital data
that companies collect every time we open an app, surf the web or
carry our phones with us on a trip. In states where abortion becomes
criminalized, will law enforcement turn to digital data from text
messages, period apps and other sources as evidence of a crime, people
have asked? Others have wondered what big data collectors like
Facebook and Google would do if state governments served them
subpoenas demanding they hand over their data.
Facebook, Google and TikTok declined to comment on how precisely they
would respond to governments’ requests for data surrounding abortion.
Hotjar did not respond to a request for comment.
Data shared with Google
IP address
Site visited
Behavior on the site
Reason for visiting site (e.g., “abortion”)
User’s selected method of abortion (e.g., surgical abortion/in-clinic)
Browser time zone
Name of the Planned Parenthood Health Center for appointment
User’s current Zip code estimation based on IP address
User’s closest affiliate based on Zip code
Time stamp
Whether the user came from a search engine, a link or typed the URL
directly
Client ID (According to Google’s documentation, “This pseudonymously
identifies a particular user, device, or browser instance. For the
web, this is generally stored as a first-party cookie with a two-year
expiration.”)
Browser language
Data shared with Facebook
IP address
Site visited
Behavior on the site
Time stamp
Unique Facebook browser ID
Data shared with TikTok
IP address
Site visited
Behavior on the site
Phone type
Operating system and version
Browser and version
Time stamp
Source: Lockdown Privacy
“Advertisers should not send sensitive information about people
through our business tools,” said Andy Stone, a spokesman for Meta,
the company that owns Facebook. “Doing so is against our policies and
we educate advertisers on properly setting up business tools to
prevent this from occurring. When businesses do this, our filtering
mechanism is designed to prevent potentially sensitive data it detects
from entering our ads system. Based on our review, that happened
here.”
Russell Ketchum, the director of Google Analytics, said organizations
that use Google’s analytics product can delete their data at any time,
adding that the latest version of its analytics tool, Google Analytics
4, automatically discards IP addresses.
As an organization that has long provided sensitive health-care
services, Planned Parenthood should know better than to run
third-party analytics on a scheduling page used by people in states
with current or impending abortion bans, said Cooper Quintin, senior
staff technologist at the privacy advocacy organization Electronic
Frontier Foundation.
“It’s really irresponsible of Planned Parenthood to be creating more
data about the visitors to the website and more trails of evidence
about the people that are seeking their services,” he said. “Planned
Parenthood needs to — right now, right this second — minimize the
amount of data that they are sharing with any outside party and
minimize the amount of data that they are keeping.”
https://www.washingtonpost.com/technology/2022/06/29/planned-parenthood-privacy/
0 new messages