The Markup Profile picture
Sep 22, 2020 12 tweets 5 min read Read on X
🧵New investigation: Do you know who’s informed when you visit government websites? Sites for abortion providers? Those serving LGBTQ people? We found online tracking is common, even where privacy would seem paramount. themarkup.org/blacklight/202…
2/ We spent 18 months developing Blacklight, a one-of-a-kind instant privacy inspection tool. It’s free for anyone to use: themarkup.org/blacklight
👉 Enter any URL
👉 Hit “scan site”
👉See the results of seven different privacy tests
👉😱
3/ Using Blacklight, we found more than 100 sites serving undocumented immigrants, domestic and sexual abuse survivors, sex workers, and LGBTQ people sent data about their visitors to advertising companies. themarkup.org/blacklight/202…
4/ Some website operators told us they didn’t know about the trackers—or what advertisers and marketers did with the data they collected. Operators can unknowingly load trackers through add-ons like social share buttons or comment sections that install with a few easy clicks. "It turns it on and you're like, 'cool, that worked.' B
5/ One of the more invasive techniques Blacklight tests for, key logging, captures information users type before they hit send.
6/ We found @MayoClinic using key logging on forms for appointments and clinical trials. The site didn’t disclose this tracking, and didn’t respond to multiple requests for comment.
7/ Even some government sites used invasive tracking methods. The U.S. Mint and Small Business Association sites loaded trackers called canvas fingerprinting, which can track people who block cookies. Neither disclosed this tracking.
8/ The Arizona Department of Child Safety’s website linked to the state’s privacy policy, which said it didn’t load cookies to track users. Blacklight found that the agency did. After we asked about it, the agency changed the disclosure.
9/ Building a tracker-free website is possible but can be time-intensive and costly. Websites for @ProtonMail, conservative think tank @AEI, a Bitcoin wiki forum, @getlantern, and of course, themarkup.org all came up clean in Blacklight scans. Screenshot of a Blacklight scan for themarkup.org, showing z
10/ Try using Blacklight throughout the day before you visit websites to find out how you might be tracked. Surprised at what you find? Take a screenshot of results and tag us on social 🔦 themarkup.org/blacklight
11/ Read the full investigation by @suryamattu and @ASankin here: themarkup.org/blacklight/202…
And see how they conducted this investigation in our Show Your Work piece: themarkup.org/blacklight/202…
12/ Finally, join us this Thursday at 7 p.m. ET to celebrate the launch of Blacklight through art and a conversation about tracking. Sign up for a reminder: themarkup.org/events/introdu… /end

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with The Markup

The Markup Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @themarkup

Dec 2, 2022
NEW: @HHSgov released updated guidance about user tracking on hospital websites.

It, unsurprisingly, confirms that HIPAA rules apply within patient portals.

But it also confirms that HIPAA rules can apply BEFORE login. This is a big deal—let’s dig in: Screenshot of the hhs.gov website that reads in bold:  Use o
There’s been disagreement as to whether HIPAA applies on hospital pages where visitors might not all be active patients.

But @HHSgov has now said that yes, HIPAA does apply on appointment pages, login pages, and pages with info on specific health conditions.
An @HHSgov example: You visit a page with info on health conditions—like pregnancy or miscarriage.

Sharing your IP address from that page with a third party would be disclosing protected health info and HIPAA applies.

Get the full picture: hhs.gov/hipaa/for-prof… Screenshot of hhs.gov website that reads: Tracking technolog
Read 5 tweets
Nov 22, 2022
NEW: Major tax filing companies, like H&R Block and TaxAct, have been sending your information to Facebook as you file your taxes online.

The penalties for disclosing data without consent could be steep. themarkup.org/pixel-hunt/202…
We’re not talking just names and email addresses being sent to Facebook.

The personal information @varlogsimon, @angiewaller, and @colinlecher found included:
• Income
• Filing Status
• Refund amount
• Health savings account usage
• Dependents’ college scholarship amount
Take TaxAct: When we went through the site’s filing process, the information below went straight to Facebook. (The data in these screenshots is not from real people.)

TaxAct boasts around 3,000,000 users. Screenshot of Taxact.com showing the page one sees after filScreenshot of the code inspection view of TaxAct.com showing
Read 8 tweets
Oct 19, 2022
NEW: In cities across the U.S., four major internet providers are charging the same price for drastically different speeds.

And the worst deals were disproportionately offered to lower-income and least-White neighborhoods, @LeonYin and @ASankin found. mrkup.org/broadband
Take New Orleans: Shirley Neville, who lives in a middle-class, largely Black neighborhood, said her @ATT connection left her struggling to join video meetings.

Meanwhile in a mostly White, upper-income neighborhood, @ATT offered speeds almost 400x faster—for the same price. Graphic that reads "Sh...
Across Kansas City, @ATT gave the worst deals to historically redlined areas.

We found the same pattern in every city in our analysis where digitized historic redlining maps were available—22 in all. Chart that depicts resident...
Read 9 tweets
Oct 17, 2022
The “connected vehicle data” industry is a growing, largely unregulated ecosystem of businesses that seek to monetize your car data.

Let’s walk through the types of players in it.
Car manufacturers, also known as OEMs (original equipment manufacturers): Illustration of a car surro...
Vehicle data hubs: Illustration of a black pot...
Read 8 tweets
Jul 27, 2022
So you’re about to get in your car and go about your day.

Unbeknownst to you, your moves are being captured.

Here’s what happens next:
If your car came with built-in internet connection, dozens of sensors then emit data to your car’s computers.

You’ve unlocked the door; you’re in the driver’s seat; the temperature is 86° F; the sunroof is open; you’ve pressed the ignition; a trip has started from X location.
Your car’s internal computers then process these data points and transmit them to the manufacturer’s servers.
Read 6 tweets
Jun 16, 2022
NEW: Some of the country’s top hospitals have been sending sensitive patient information to Facebook.

These hospitals may have violated HIPAA, experts say. themarkup.org/pixel-hunt/202…
When we clicked a button to schedule an appointment at the following hospitals, Facebook was sent a packet of data that included details like our IP addresses, selected doctors’ names, and more. Johns Hopkins Hospital [UCLA Reagan Medical Center]  [New Yo[Johns Hopkins Bayview Medical Center] [Jefferson Health - T
Even data from password-protected patient portals made its way into Facebook’s hands.

We found seven health systems sending data as sensitive as medication names, appointment details, and descriptions of allergic reactions.

Most have since removed the tracking. Table that shares whether a hospital removed a tracking pixe
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(