The Markup, now a part of CalMatters, uses investigative reporting, data analysis, and software engineering to challenge technology to serve the public good. Sign up for Klaxon, a newsletter that delivers our stories and tools directly to your inbox.
In April, The Markup and CalMatters found that Covered California, the state of California’s healthcare exchange, was sending the personal health information of its users to LinkedIn. The news triggered a class-action lawsuit and questions from federal lawmakers. In June, a Markup investigation further revealed that exchanges maintained by four other states have also leaked visitors’ sensitive health data.
Readers have asked: Is there anything I can do to stop my information from being leaked this way?
The answer is yes.
The trackers we found on health exchanges are extremely common and are used by the world’s most popular websites. We’ve found them on websites people use to prepare for college, do their taxes, get a mortgage, or report a mental health crisis. Good news is, you can block many, if not all of these trackers with just a few steps.
What’s happening with our health data?
The owners of the health exchange websites use services provided by tech companies like LinkedIn, Google and Snapchat to track user activity and to target advertising. To make this possible, website owners install and configure code provided by the tech companies on their pages. This code is called a “tracker.”
When you load a page, the tracker code runs, collecting data and sending it to the tech companies’ servers. This data can be anything from a profile of the device and browser you’re using to every word you type into a form. The tracker can also read and write cookies, which can follow you across multiple websites.
How can I protect my data from these trackers?
Because the data is being collected and sent by your browser, you can exercise some control over it. Here are the options we’ve tested that have successfully blocked the trackers:
1. Change your settings to block more trackers
Some browsers block many trackers by default, and are capable of blocking more.
- If you’re using Safari, using “Advanced Tracking and Fingerprinting Protection” will block the trackers we found.
- In desktop Firefox, upping your “Enhanced Tracking Protection” level from “Standard” to “Strict” will do the trick.
- In Chrome and other browsers, blocking third-party cookies won’t stop the trackers from sending your data, but it will make it harder to link that data to you.
2. Install a privacy-protecting browser extension
If you’re using a desktop browser, one straightforward solution is to install a privacy-protecting browser extension. We tested Privacy Badger and uBlock Origin Lite and confirmed that they both blocked the trackers from LinkedIn, Snapchat, and Google that we examined in our stories.
3. Switch to a new browser
Chrome and Safari, the browsers most people use, don’t stop all the trackers we found from sharing your data out of the box. If you don’t want to change your settings as suggested above, installing a new, privacy-focused browser is what we recommend. In our tests, the Brave and DuckDuckGo browsers blocked the trackers we profiled. (Full disclosure: DuckDuckGo has donated to The Markup.)
What doesn’t work to block these trackers?
Using a Virtual Private Network (VPN) will not block these trackers. VPN services are handy for obscuring your location, which is a key detail that data brokers use to identify individuals. Unfortunately a VPN won’t stop the trackers from reading and writing cookies and sharing details about your device, browser, and activity on the site. Also, VPNs can have their own issues with data sharing.
Browsing in “private” or “incognito” mode will not block these trackers. Using these modes will stop cookies from tracking you to other sites, but won’t protect you from having your location, device, browser and activity shared.
How else can I protect my personal data?
The steps we’ve recommended above go a long way towards allowing you to choose when and with whom you share your private information while you’re getting things done on the web. But a browser is not the only place your data is being harvested; tracking is everywhere from video game consoles to smart TVs. You can check out The Markup’s Gentle January series for bite-sized measures to shore up your defenses, and follow these guides to protect your data in multiple different places:
