The federal government has finally started encrypting data on users that visit two websites to seek information on medical services related to AIDS.

Until recently, the sites, one of which is AIDS.gov, did not take steps to protect the information, much of it sensitive and revealing (such as user location), according to a report in the Washington Post.

When visitors used search boxes to locate facilities that provided HIV services such as testing and treatment, their identities could have been exposed—anyone monitoring the communications could have viewed the unencrypted information. And government apps for AIDS.gov also gathered latitude and longitude data from users' phones, then transmitted that information. In addition, while AIDS.gov itself did not use a cookie, others like Facebook and Google which had widgets on its page were allowed to use cookies, which could have resulted in a user's identity being revealed.