🧵New investigation: Do you know who’s informed when you visit government websites? Sites for abortion providers? Those serving LGBTQ people? We found online tracking is common, even where privacy would seem paramount. themarkup.org/blacklight/202…
2/ We spent 18 months developing Blacklight, a one-of-a-kind instant privacy inspection tool. It’s free for anyone to use: themarkup.org/blacklight
👉 Enter any URL
👉 Hit “scan site”
👉See the results of seven different privacy tests
👉😱
3/ Using Blacklight, we found more than 100 sites serving undocumented immigrants, domestic and sexual abuse survivors, sex workers, and LGBTQ people sent data about their visitors to advertising companies. themarkup.org/blacklight/202…
4/ Some website operators told us they didn’t know about the trackers—or what advertisers and marketers did with the data they collected. Operators can unknowingly load trackers through add-ons like social share buttons or comment sections that install with a few easy clicks.
5/ One of the more invasive techniques Blacklight tests for, key logging, captures information users type before they hit send.
6/ We found @MayoClinic using key logging on forms for appointments and clinical trials. The site didn’t disclose this tracking, and didn’t respond to multiple requests for comment.
7/ Even some government sites used invasive tracking methods. The U.S. Mint and Small Business Association sites loaded trackers called canvas fingerprinting, which can track people who block cookies. Neither disclosed this tracking.
8/ The Arizona Department of Child Safety’s website linked to the state’s privacy policy, which said it didn’t load cookies to track users. Blacklight found that the agency did. After we asked about it, the agency changed the disclosure.
9/ Building a tracker-free website is possible but can be time-intensive and costly. Websites for @ProtonMail, conservative think tank @AEI, a Bitcoin wiki forum, @getlantern, and of course, themarkup.org all came up clean in Blacklight scans.
10/ Try using Blacklight throughout the day before you visit websites to find out how you might be tracked. Surprised at what you find? Take a screenshot of results and tag us on social 🔦 themarkup.org/blacklight
12/ Finally, join us this Thursday at 7 p.m. ET to celebrate the launch of Blacklight through art and a conversation about tracking. Sign up for a reminder: themarkup.org/events/introdu… /end
• • •
Missing some Tweet in this thread? You can try to
force a refresh
We’re not talking just names and email addresses being sent to Facebook.
The personal information @varlogsimon, @angiewaller, and @colinlecher found included:
• Income
• Filing Status
• Refund amount
• Health savings account usage
• Dependents’ college scholarship amount
Take TaxAct: When we went through the site’s filing process, the information below went straight to Facebook. (The data in these screenshots is not from real people.)
NEW: In cities across the U.S., four major internet providers are charging the same price for drastically different speeds.
And the worst deals were disproportionately offered to lower-income and least-White neighborhoods, @LeonYin and @ASankin found. mrkup.org/broadband
Take New Orleans: Shirley Neville, who lives in a middle-class, largely Black neighborhood, said her @ATT connection left her struggling to join video meetings.
Meanwhile in a mostly White, upper-income neighborhood, @ATT offered speeds almost 400x faster—for the same price.
Across Kansas City, @ATT gave the worst deals to historically redlined areas.
We found the same pattern in every city in our analysis where digitized historic redlining maps were available—22 in all.
So you’re about to get in your car and go about your day.
Unbeknownst to you, your moves are being captured.
Here’s what happens next:
If your car came with built-in internet connection, dozens of sensors then emit data to your car’s computers.
You’ve unlocked the door; you’re in the driver’s seat; the temperature is 86° F; the sunroof is open; you’ve pressed the ignition; a trip has started from X location.
Your car’s internal computers then process these data points and transmit them to the manufacturer’s servers.
When we clicked a button to schedule an appointment at the following hospitals, Facebook was sent a packet of data that included details like our IP addresses, selected doctors’ names, and more.
Even data from password-protected patient portals made its way into Facebook’s hands.
We found seven health systems sending data as sensitive as medication names, appointment details, and descriptions of allergic reactions.