You can select who sees your personal information on Facebook, but you can’t select all of the information that Facebook sees about you. A new study finds that: “91% of health-related pages relay the URL to third parties, often unbeknownst to the user, and in 70% of the cases, the URL contains sensitive information such as ‘HIV’ or ‘cancer’ which is sufficient to tip off these third parties that you have been searching for information related to a specific disease.”

That word of warning comes from Tim Libert, a researcher from the Annenberg School for Communication at the University of Pennsylvania, whose study shows how dismissive we tend to be when it comes to health privacy on the Internet.

It doesn’t matter whether you search for health-related topics using Google or supposed privacy-focused search engines like DuckDuckGo, Facebook is still likely to find out about it. That’s because websites like the CDC’s HIV information page contains “share” and “like” buttons for Facebook, and that’s all it takes to let the social media site know that you’ve visited the page, even if you never click either of those buttons. Sites like WebMD share information with as many as 34 different domains.

(P.S. Natural Society doesn’t share any of this information with anyone.)

Just because you searched for a disease and visited a site doesn’t mean the “Invisible Web” knows your name and address, but they do know you have an interest in that particular search query, which means social media sites might start bombarding you with targeted ads about, say, natural treatments for breast cancer. These websites are, in essence, using your health concerns to try and make money off of you.

Targeted ads aren’t dangerous or terribly invasive. It could even prove helpful if you’re looking for a book on Amazon about a certain health topic. But as the blog SciLogs points out, we don’t know what else the information is being used for.

This is particularly frightening if you consider that Experian –one of the websites found to share health searches with third-parties –  makes most of its money not by advertising, but by gathering personal data for credit reports, for example, and selling that information to clients. According to SciLogs, it makes sense that if Experian knows you’re looking at pages concerning a particular disease, the company will store the information in a personal data file about you.

So, how do you keep your personal health information private? Well, many websites, including WebMD, give you the choice to opt out of tracking and receiving information from the (undisclosed) sponsors, but few people take the time to read that far down the privacy agreement. Users are also unlikely to go through the hassle of actually opting out of tracking and receiving.

SciLogs suggests the best way to deal with this clear invasion of privacy is to make the “Invisible Web” more visible by mandating that health-related pages disclose all third-party requests in real time in the form of pop-ups (“Information about your visit to this page is now being sent to Amazon“) and asking for consent in each individual case.

This article originally appeared at Natural Society.

The Emergency Election Sale is now live! Get 30% to 60% off our most popular products today!