NHS Choices response to Facebook security issue is outrageous says Imperva

(PresseBox) ( Lonodon, )
Yet another social networking 'feature' of Facebook - this time apparently allowing Facebook users to be tracked when visiting sites, regardless of whether they clicked "Like". This feature hit headlines due to privacy violations the feature raises when visiting the NHS Choices Web site.

According to data security specialist Imperva, although the feature raises concerns about social networking sites' ability to track their users on third-party sites, what is really outrageous about the saga is the response of NHS mandarins to the problem.

"The NHS page has included a script that is hosted on Facebook's server. When the browser is retrieving the script it delivers all Facebook related cookies from the browser up to Facebook. These are correlated to the Facebook identity of the individual accessing the NHS site." said Amichai Shulman, Imperva's chief technology officer.

Then, he says, when this is combined with information from the "Referer " header (which contains information about the actual pages visited), it allows Facebook to track NHS visits of Facebook users even without clicking the 'Like' button or being logged in.

But, says Shulman, when MP Tom Watson reportedly raised the security issue, back came the outrageous reply that the onus is on users to monitor their privacy on Facebook. Against this backdrop, that the NHS' bald statement that, when users sign up to Facebook they agree the service can gather information on their Web usage, simply does not hold up.

"It is outrageous that the NHS has put sole responsibility on the user while it is actually them who are the ones which are providing confidential information. Organisations need to take on some responsibility of privacy and security themselves rather than blaming it all on the users" concluded Shulman

For more on the NHS Choices/Facebook Web site privacy saga: http://bit.ly/g4wwVd

For more on Imperva: www.imperva.com
The publisher indicated in each case is solely responsible for the press releases above, the event or job offer displayed, and the image and sound material used (see company info when clicking on image/message title or company info right column). As a rule, the publisher is also the author of the press releases and the attached image, sound and information material.
The use of information published here for personal information and editorial processing is generally free of charge. Please clarify any copyright issues with the stated publisher before further use. In the event of publication, please send a specimen copy to service@pressebox.de.