Swedish Public Healthcare Portal is sending your symptoms to Google

Because of pure sloppiness in web design, the Swedish Public Healthcare portal is sending every single symptom and medication search to Google.

The Swedish Public Healthcare portal 1177 — named so for historical reasons, since that is the Swedish “Dial-a-Nurse” phone number — is sending all your searches for embarrassing symptoms and sensitive medications to Google. Not as part of the search, ironically enough; it’s being sent to Google as part of Google Analytics, as seen in the screenshot below:

We can see in the screenshot above that somebody has searched for “embarrassing symptoms”. With the Ghostery plug-in turned off, a call is made to Google Analytics (the ga.js script), to the host ssl.google-analytics.com highlighted in the screenshot above, which sends the data embarrassing symptoms in cleartext (the third highlight) as part of the Referer field.

This happens even when you’re browsing over HTTPS/SSL, because of how bad this design is.

This is when we need to go back and review just how atrociously bad the understanding is with authorities for the most basic of information hygiene. They seem to get that they can’t use Google to actually search for the symptoms, since that would be intrusive, but then somebody bolts on Google Analytics to send all your symptoms and medications to Google anyway.

This is so bad, I really don’t know how to articulate my feelings of despair and anger. This would be insanely bad enough if it were a random incompetent and insignificant company. However, it is not; this is with the Swedish Healthcare Authorities. So at the same time, the people who did this to the population are the same people who are making laws about the Internet, and they obviously don’t understand the very basics of information hygiene.

They are basically behaving like two drunken elephants named Dunning and Kruger who are clumsily trumpeting about in a porcelain factory.

Privacy remains your own responsibility.