So yesterday, just before the State of the Union speech, a poorly detailed story was released about how Healthcare.gov is sharing visitor data with various 3rd party services.
What is happening is that Healthcare.gov uses a quick and dirty parameter search (age, zip code, certain status) for the initial search for health insurance plans. That URL with the personalized parameters can be passed as a referrer URL to the external services (analytics, testing, image serving, etc.) the Web site uses.
I looked at Healthcare.gov last night and saw the same behavior. As a long time online marketer, I can confirm this behavior is NOT unique to healthcare.gov and THIS URL REFERRING BEHAVIOR CAN AND DOES happen elsewhere on nearly every modern Web site. In fact, I’ve written about it extensively on this very site.
Aside from the status parameters used in the particular site search, any webmaster can see what you searched for on a Web site site, and what your IP address is and other client information.
Where the pearl clutching should happen (Note to journalists: There are places to look *hint* *hint*) as there are some legitimate questions as to why certain 3rd party services are being used on the site or why the search is executed the way it is and/or URL parameters aren’t obscured (I’d have to think the site creators were afraid of a site performance hit on the latter).
Update: A few days after the brouhaha, Healthcare.gov started obscuring the URL parameters. As of this writing, Zip Code is still intact in the URL, but your IP address gives webmasters that information anyway. Here’s a screenshot of the new URL.