Few things are certain in the American healthcare system – except for the paperwork. The tedious ritual of signing forms authorizing new providers to access our medical history is the result of a rarity for Americans: thanks to the first amendment, we have few rights and little expectation of privacy, except when it comes to our medical records. Even doctors who have our best interests at heart must get permission to access our data under the Health Insurance Portability and Accountability Act (Hipaa).

So it was truly shocking to learn this week that a business partnership between Google and Ascension, a major hospital chain and health insurer, has resulted in the transfer of 50 million Americans’ most intimate medical records to the Silicon Valley company, without the knowledge or consent of those 50 million patients. Even more alarming, the records are not de-identified, and a whistleblower disclosed to the Guardian serious concerns about the program, including that individual staffers have downloaded patient records.

It took less than 48 hours for federal regulators to announce an investigation into the partnership. Google and Ascension both claim that they are fully compliant with Hipaa, but there are few reasons for the public to trust them. The combination of a data-hungry advertiser and a cost-cut-seeking health insurer is truly dystopian. The fact that a whistleblower was disturbed enough to risk their job is alarming.

One of the peculiarities of the backlash to big tech over the past few years has been the degree to which Google has remained unscathed despite engaging in behaviors similar to those that have left Facebook’s reputation in tatters. I tend to believe that this is because Google’s products are genuinely useful, making its surveillance of our online activities seem like a better bargain than Facebook’s monopoly on our personal relationships, which often feels more like a hostage situation than an equal trade-off.

But getting in bed with an industry that profits by denying healthcare – and doing so in a way that at the very least appears underhanded – could be a step too far for some customers.

Feature? Or bug?

A friend of mine recently sent me what she thought was a hot news tip. She’d been scrolling through Facebook on her phone when she was served an advertisement for “anti-pigmentation sunglasses” – big black shades that look like a hipper version of the throwaway glasses they give out at the eye doctor. The ad claimed that these sunglasses could reverse melasma, a type of facial hyper-pigmentation that frequently occurs during pregnancy.

My friend, a mother of three, does have melasma below her eyes, she told me, but no one knows because she covers it with foundation and has never posted a makeup-free photo on social media. “This might mean that Facebook is spying through the camera even when you’re just looking at it,” she said. “I know this sounds crazy, but they do a lot of crazy stuff.”

I rolled my eyes. The conspiracy theory that Facebook is listening to people’s conversations through their smartphones has been around for ages, providing tech reporters like myself ample opportunity to feel superior as we explain to friends and family that Facebook’s vast data collection makes such individualized eavesdropping wholly unnecessary. It’s much more likely that Facebook just knows that you’re a woman with kids, I texted, smugly.

Imagine my chagrin when, just 24 hours later, Facebook confirmed that a bug was activating iPhone cameras as users scrolled their feeds. The company says that the camera was only ever in “preview mode” and that it has seen no evidence of photos or videos being uploaded due to the bug.

But it’s too late for my friend. She’s more convinced than ever that Facebook is looking at her through her phone – and Facebook’s PR response isn’t exactly helping. I emailed the company asking for a definitive statement that Facebook does not use smartphone cameras or image analysis to derive ad targeting categories. Here is the response: “Facebook does not use your phone’s camera to inform ads or what you see in News Feed.”

What I’m reading …

An investigation into working conditions at Tesla’s Nevada Gigafactory, by USA Today’s Anjeanette Damon.

An actually uplifting tech story about Personals, a queer dating space on Instagram that is launching its own app, by my colleague Sam Levin.

Five GitHub employees have resigned over the company’s contract with US Immigrations and Customs Enforcement (Ice), according to a new report by Vice.

Valley of the LOLs

In case it’s not obvious from the title, Valley of the LOLs is a semi-regular section of this column where I hope to feature things on the internet that are – against all odds – good, or if not good, at least funny.

This week, I want to say thanks for this website, which features a rotating assortment of Sephora product reviews that mention crying. Sephora reviews are one of my favorite things on the internet to read when I’m feeling down (where else can you find a perfect narrative arc – “I had a problem, I sought a solution, I resolved my problem/my problem got worse” – in less than 200 words?) and this website really takes that experience to the next level.