Edit: Just to clarify, I’m a big fan of the ACA. It’s not as good as single payer, but so far half a million people have bought healthcare through healthcare.gov, and I doubt they would have done that if the health insurance there wasn’t a better deal than what they currently have. I have no problem with the law, but I have a massive problem with the healthcare.gov web site and the privacy violations it seems to be perpetrating.

A lot has been said about the atrocious performance of the Healthcare.gov ACA web site, so I thought I’d dig around under the hood a bit to see what’s going on there on a technical level. I can understand a rough rollout for a week or two. That’s expected. It’s been almost a month now, though, so it’s time to dig deeer. I found some surprises when I started looking around, to say the least.

If you want to know what healthcare.gov is built on you can find that information here, in an easy to read layout. Lets see… runs on Apache, uses Comodo SSL, hosted by Akami (mental note: Do not buy hosting from these guys), and it runs ads from…

Wait a second… WTF is it doing giving my data to ad networks?!?!?

OK, maybe it’s just some innocent traffic tracking. God knows they can use better user tracking so they can load balance and administer this web page better, right?

No. God damnit! Turns out there should be no expectation of privacy on healthcare.gov.

They are piping your data to the following ad networks:

Google AdSense Facebook Exchange FBX Resonate Insights Turn Undertone Doubleclick.net

That’s not even the people putting ads on the site, that’s just people they are giving your information to, telling them that you went to healthcare.gov! Once you give them your information I can only imagine all the places they send that. They probably sell your data from other pages to even more people!

Aside from the privacy issues with this, from a performance standpoint, this is eating their web server performance. Resources that could be spent on, I don’t know, delivering the web site reliably, are instead being used to make certain that these ad networks get every last bit of data your browser header will send them (which is quite a lot).

The analytics and tracking, the companies who actually give them data to use to administer the site with, they have 9 of those, at least two of which are Google.

They have widgits from Google, Facebook and Adobe. Twitter provides ‘Document Information’, along with Apple and Google.

If that isn’t enough, they are violating the GPL by outright stealing DataTables.net from Spry Media.

If you look at the code it’s full of commented out segments. That’s not a horrible thing if you are a freshman computer science major, but this is the government. Those commented out sections need to either have a purpose for the end user or they need to be cleaned up. Why isn’t this site polished?

This thing was written by underqualified lowest bidder types. I’ve seen middle schoolers on MySpace sling better hypertext than this.

Edit 2: Here are links to my two other blog posts on this subject.

Link to post on how to access their backend database without logging in (they made it public).

Link to post on how their privacy statement kind of allows this, but it conflicts with itself in multiple places.

Edit: Here is a screen cap of the builtwith.com analysis of healthcare.gov, in case things change. I took this tonight.