InfoconDB

Presented at Black Hat Europe 2019, Dec. 4, 2019, 3:40 p.m. (50 minutes).

According to the WHO, 25% of the European population suffer from depression or anxiety each year and depression accounts for up to 50% of chronic sick leaves. This means that every day, millions of people are looking for information about depression online - whether they are seeking help, support or trying to understand how best to support friends and family. At the same time, the current Internet business model heavily relies on targeted advertisement to generate money, tracking people around the web and syphoning their personal data to build accurate profile for the sole (official) purpose of showing you "better ads". See where all of this might go wrong?

Considering the sensitive aspect of the mental health-related websites it would seem reasonable to expect that the number and nature of the third parties they include is limited to the viable minimum. Unfortunately, Privacy International's research proved that to be quite wrong.

Based on an analysis of 136 popular depression-related websites in France, Germany, and the UK, we observed that a vast majority of these websites embed an impressive number of trackers, mostly for marketing purposes. You might hope that these trackers are at least enabling non-targeted advertisement, yet more than a quarter of the webpages scanned embed third parties who engage in programmatic advertising and Real Time Bidding (RTB). More concerning even, a small subset of these websites offer depression tests that share your answers and results directly or indirectly with third parties.

In this talk, we will highlight what type of third parties can be found on mental health-related websites, how frequently some trackers can be found, and what type of tracking they enable. We will then take you on a journey to see exactly what data is being shared with some of these third parties when you take a depression test, from RTB pre-bid requests to the answers you give.

Presenters:

Eliot Bendinelli - Technologist, Privacy International
Former web developer and UN officer, Eliot Bendinelli is responsible for technical research on Privacy International's data exploitation program and leads the organisation's work on AdTech and public engagement. He works on targeted political advertisement, security, and Digital ID systems. Eliot holds a MA in International Relations and Geopolitics from the IEP Science Po (Toulouse) and is a graduate from the IUT Lyon 1 University in Computer Science.
Frederike Kaltheuner - Tech Policy Fellow, Mozilla Foundation
Frederike Kaltheuner heads Privacy International's work on corporate exploitation. As a representative of Privacy International, Frederike has given expert evidence in the European Parliament, the Belgium Parliament and the UK House of Lords. She regularly speaks at international conferences and comments on the privacy implications of emerging technology in the British and international press. In 2016, she was a Transatlantic Digital Fellow on cybersecurity and platform regulation with the Global Public Policy Institute in Berlin and New America Foundation in D.C. Previously, she worked with the Centre for Internet and Human Rights, as a technology reporter and in the R&D department of an online newspaper. She holds an MSc in Internet Science the University of Oxford and a BA in Philosophy and Politics from Maastricht University and was a visiting scholar at the philosophy department of Bogazici University in Istanbul. From 2008 - 2013 she received a scholarship by the The German Academic Scholarship Foundation. In 2018, she co-authored a book on data justice with Nicolai publishing in Berlin.

Is Your Mental Health for Sale?

Presenters:

Links:

Similar Presentations: