Meta captures everything from the information you give it when you sign up for accounts, to what you click on or like, who you befriend online and what kind of phone, computer or tablet you use to access its products
Meta captures everything from the information you give it when you sign up for accounts, to what you click on or like, who you befriend online and what kind of phone, computer or tablet you use to access its products
Not that I’m ever going to use the app, but I’d like to point out as to why the collection of this specific dataset is particularly dangerous.
Threads scrapes Health and Fitness information. Why is this a problem? Because Meta is already illegally scraping hospital websites for your records. Speaking as a data analyst, it doesn’t take much (like one line of code in some cases) to match your Threads account to your hospital records in a database. To assume Meta isn’t attempting to do so as we speak is naive - there’s simply too much money to be made.
In an age where we’ve had to start underground railroads to help women across state lines to keep the right to choose, combined with the push from the far right to criminalize helping them, this sets up a frightening scenario:
Meta finds that you’ve scheduled an abortion through the hospital across state lines. With Threads on your phone, they can now track you as you travel to that appointment. It only takes one more step, or a law like this one tailored towards abortion, to notify law enforcement to pick you up enroute.
Combined with Meta’s overall right-leaning politics, it just doesn’t make sense to make yourself vulnerable to them, especially if you’re a member of a minority population or have any sort of health condition. There’s simply too much potential for abuse, and Meta has shown itself more than willing to abuse its users.
Sorry, but this is just bad web design from the hospitals. This pixel tool doesn’t magically appear on websites without being put there deliberately. Literally any tracking tool can capture this stuff on any page that a developer puts it on. This is 100% the fault of the programmer at the hospital (or the admin that made them do it) that decided to put tracking cookies on sensitive pages.
The hospital administrators decided it was more important to get their precious reports on usage from Meta’s portal than protecting their patients.
I’m pissed that I’ve had to defend Meta here, but this one isn’t on them.
If I leave my door unlocked while I’m gone, and you come in and steal my laptop, it’s still theft. Yes, I’m an idiot, but you’re still a criminal.
That being said, I fully agree with you that the hospitals should bear equal fault - the lack of protections around patient records is criminal, and I’d really like to see those whose records were exposed sue both the hospitals at fault and Meta, or better yet, a criminal case from the FTC and the Department of Health.
Not likely, I know, but I’m a dreamer.
Not trying to be a hater, but that analogy isn’t quite right. The web designers didn’t leave their door unlocked. They invited Meta in, put their laptop in Meta’s hands, and then said “Please take this. Enjoy.” They weren’t idiots. They chose to give Meta that data deliberately.
Medical institutions need to be held to account as much as Meta does for everything they do. I agree with that completely.
So now you got me digging into this because I take an absurd amount of pride in my analogies, and it looks like the Meta Pixel tech they embedded was basically like the standard Google Analytics tracking tag on most websites. The hospitals were stupid to install it on their password protected pages, but they were also misled in the fact that Meta’s Pixel took far more data than a standard tracking tag, claimed they weren’t tracking sensitive data when they were, then claimed to filter the data even though their engineers admitted they couldn’t:
So, to perfect the analogy, this would be like a hotel installing security cameras in their rooms, and then finding out the company that makes the cameras and runs the network is selling porn starring its customers. Not only that, now that the porn is in their system, it can’t be adequately filtered or removed.
The hotel is stupid and liable, but the security company is just flat out vile.
Ok, I’m done. Have an upvote for putting up with that ;)
Someone on my Mastodon feed put this best: People who aren’t tech saavy STILL deserve privacy, security and safety.
Hospitals are full of people who understand medicine, not tech. Because that’s what they are. Administrators don’t even know what to ask to hire a good tech person, and when a tech person gets in there any change they make has a danger of disrupting livesaving systems so they can’t do anything anyway. It sucks, but HIPAA still says those records are private and you’re not supposed to be looking at them without having a good reason to. The hospitals are liable for not protecting them properly, but Meta is still in the wrong and still breaking the law by scarping for them.
Ultimately, this is everyone’s fault but the patients and the patients are the people who are wronged by it.
Can’t say I disagree with your take.
Shit fuck shit fuck
IKR? It’s like 1984 and the Handsmaid’s Tale got together and are talking about having kids…