Tracy Blackburn, of Gainesville, Fla., is a busy mom who likes the convenience of shopping over the Internet.
Recently, she got online to compare interest rates on home improvement loans. She was careful not to enter her name or address on any of the sites she viewed.
So, she was surprised days later to open her mailbox at home and find a solicitation from a company whose Web site she had visited. That company had been able to connect her "anonymous" Web searches to her name and home address.
Blackburn is one of a growing number of Americans who are coming to grips with the lack of privacy on the Internet.
"There is no technical limitation to what we could do," says James Green, of 24/7 Media. With a little persistence, Green says, someone could probably obtain your Social Security number, find out where you work for, even how much you're paid.
24/7 Media sells online advertising, and also compiles personal data on people who visit sites and sells it to advertisers. "Our philosophy is that if you are enjoying the content on my Web site, then you have to give me enough information so that I can sell your profile to an advertiser," says 24/7 Media CEO David Moore.
24/7 Media says it gathers and slls data only with customer consent, but many others track and trade your every click on the Internet without you ever knowing it.
"You can do some wild and crazy things on the Internet. We don't do this, I'm only telling you what's possible," says Green. "First of all, you can launch applications without the person knowing that they're run on your computer."
That means, he points out, that "they can go and look at anything that is on your computer and report it back" to their computers.
This can be a difficult process, Green points out, since each computer user stores files in individual ways but, he says, private files, even bank statements, are potentially vulnerable.
Nobody admits to actually doing that.
However, most Web sites are silently collecting basic data, using the now familiar technology of "cookies."
A cookie is a piece of information that a Web site you visit stores in a file on your hard disk so that it can be recalled next time you visit the site. It may record the preferences you indicated or the information you entered -- items you shopped for, or your registration data, for example.
This process could be used, moreover, to track your movements across the Web and, over time, to build a profile based on what you do, what you buy, and where you go on the Internet.
The Internet's keystroke tracking capabilities can be used, for example, to target advertising to interests that you have demonstrated by your actions online.
Privacy advocate David Sobel, of the Electronic Privacy Information Center, demonstrates how it can all get very personal: Doing a search for information on "impotence" leads to a specific ad being generated for viagra.com.
"And that's no coincidence," says Deirdre Mulligan, also of the advocacy group. "A profile is being created from the moment you give the first clue about your interests. And there's nothing to stop sensitive Internet searches from eventually being matched up with real names by insurance companies or even employers."
The potential power, Mulligan says, is that it "does invite people to use data in ways that we would go 'yuck' to, certainly. You know, questions about people making decisions about who to hire and who to fire."
Says Sobel, "Let's say the research has to do with sexually transmitted diseases. I can see where there would be many employers who would see that information associated with a job applicant and make a decision they're not going to hire that individual."
The New York City-based Internet ad agency DoubleClick wanted to go the farthest yet in getting personal with Internet users. It announced plans to connect data gathered about people's Web-surfing habits with personal information on those people collected from non-Internet sources like credit reports, without the consumer's knowledge or consent.
That plan was stopped cold when the Electronic Privacy Information Center lodged a omplaint against DoubleClick with the Federal Trade Commission, and the FTC began an investigation.
DoubleClick says its mistake was going ahead with the plan "in the absence of industry guidelines." Now, the company is working with others in the industry to develop such privacy guidelines in an attempt to avert federal regulation.
[DoubleClick delivers the advertisements you see on CBS.com and CBSNews.com Web pages.]
Meantime, you can slow the erosion of your privacy by erasing that cookie file periodically. Go to your hard drive and type in the word "cookie" to search for the cookie file. (Each browser names and stores cookies a little differently.] Once you locate the file, click delete and watch those cookies crumble.
As for Tracy Blackburn, she still uses the Internet. But now, she knows how little there is standing between her privacy and someone who wants to invade it. "I feel that now anybody who is on the Internet, you take that risk," she says. "Technology has advanced so quickly that many people haven't even thought of how their privacy may be breached. Just be prepared that it could happen to you."