You're prowling the online aisles of FredsFurniture.Com, looking for a new bookshelf. It's your first visit, and you haven't bought anything yet. But Fred may already know more about you than you think.
He knows what Web browser you're using, and he may know where you live, the company you work for and even your e-mail address -- before you've done anything but click.
No big deal, you say? Well, in the not-too-distant future, Fred might also know your name, age, Social Security number and occupation, how much you make, what kind of car you drive and how much you spent on clothes last year.
That's the chilling scenario privacy advocates predict when they argue that the Internet is turning into a commercial version of Big Brother. The reality isn't quite so scary, but there's no doubt that when you travel online, you're never alone.
In survey after survey, consumers rank privacy as one of their chief concerns when they surf the World Wide Web -- with some reason.
Aside from asking for a credit card when you make a purchase, most online merchants collect personal or demographic information -- or try to. Your name and address are commodities that can be traded -- the wampum of the digital age. Companies offer free Internet service and computers in exchange for the details of your life.
Responding to public pressure, many Web sites post privacy policies, but far fewer tell you what they're doing with your data, or how you can prevent it from being cataloged or sold. The problem, according to privacy advocates, is what happens when someone can connect your Web trail with the data you've left behind elsewhere -- when you register your car, apply for a loan or order a dress from a catalog over the phone.
Is there a horror story here, waiting to happen?
Not so far, according to Beth Givens, director of the Privacy Rights Clearinghouse in San Diego.
"People look at the Internet as being the big bogyman of privacy. But the majority of privacy rights abuses we see are violations in the physical world," she says.
Traditional complaints about identity theft and junk mail top the list of problems that Givens and other advocates hear most often.
The Internet privacy issues making headlines are more embarrassing than threatening. For example, when ABC News conducted an online chat last month with William E. Kennard, chairman of the Federal Communications Commission, Web producers took the unusual step of revealing each participant's Internet Protocol address. This unique number, assigned to every online computer, can provide clues to a user's identity.
During the chat, a guest who identified himself as "Mark from DC" grilled the FCC chairman mercilessly. By tracing the IP address, a reporter later found that "Mark from DC" was a Justice Department employee.
Online bookseller Amazon.com is under fire for using customers' IP addresses to create "purchase circles," lists of best sellers among employees of companies, nonprofit groups and government agencies.
Some companies complained that this disclosure could tip off competitors to corporate secrets -- or corporate angst.
For example, on Microsoft's top 10 list last week was this: "The Inmates Are Running the Asylum: Why High Tech Products Drive Us Crazy and How To Restore the Sanity."
But critics see a far more sinister future.
"Privacy problems are similar to environmental problems," notes Philip Agre, editor of the book "Technology and Privacy: The New Landscape." "By the time there are dead bodies, it will be too late."
The danger, critics say, lies in the Internet's ability to record your every move online.
"If I get in my car and go to the mall, there's nobody following me and noting every window I look in and item I pick up. But online, they can," says David Sobel, general counsel to the Electronic Privacy Information Center in Washington.
Online businesses have legitimate reasons for knowing who you are. It can help nab hackers, prevent credit card fraud and create a more useful Web site.
For example, when Solveig Singleton created a Y2K Web site, she had no idea how to track visitors' comings and goings.
"It was almost like being a store owner and wearing a blindfold and earmuffs all the time," says Singleton, an analyst at the Cato Institute in Washington.
When she learned how to analyze traffic patterns, she noticed that visitors were overlooking a critical menu, prompting her to redesign the page.
Many Web sites go a step further and tag visitors with "cookies." These tiny text files, stored on the visitor's hard drive, contain an identification number and other information that make them easier for Web site operators to track.
On the whole, cookies make the Web a friendlier place. They allow Amazon.com to greet you by name when you log on and save you from retyping your password on a secure Web site such as E*Trade. Thanks to cookies, Yahoo! can display news and weather from your hometown when you visit.
But their clandestine delivery and mysterious workings irritate consumers and privacy activists. "It's like this little alien colony that a Web site has set up inside your computer," says Agre.
If Webmasters kept all this information to themselves, it wouldn't matter much.
"The problem [arises] when sales to third parties start to come into the picture," says Sobel. "How do you prevent that online transaction from turning into unsolicited telephone calls or junk mail?"
That's why privacy advocates take a dim view of a proposed merger between DoubleClick Inc. and Abacus Direct Corp., two giant information collectors.
As the largest supplier of Web-based advertising, DoubleClick transmits pop-up ad banners to more than 9,300 Web sites and -- using cookies -- has amassed a vast database of online consumer behavior.
Abacus Direct has assembled a digital storehouse of off-line consumer behavior by collecting detailed purchase information from more than 1,100 catalog retailers.
The fear: By combining databases, the companies could make the connection between a computer, its owner and his online and off-line behavior. While it's a difficult job, it's not impossible. DoubleClick counters that the merger would benefit consumers annoyed by irrelevant banners because it allows Web merchants to tailor ads to their interests. For example, a visitor on the Travelocity Web site who inquires about flights from Baltimore to San Francisco might be shown ads for Bay area hotels.
The company says that it has no plans to link the two databases unless consumers request it and that both companies offer consumers the option of removing themselves from the system.
Even those who try to remain anonymous could fall victim to technology. For example, in the spring, programmers discovered that Microsoft obtained a unique hardware ID number from the computer of each user who registered Windows 98 or Microsoft Office online.
Intel also came under fire when the public learned that its new Pentium III processors offered Web operators a similar serial number.
Any online marketer with access to this information could easily identify visitors. But Intel and Microsoft denied any intention to gather or keep such databases, and provided users with software to disable the ID features.
After the Federal Trade Commission scolded it for collecting personal information from children and for other privacy violations last year, the online industry says it's trying to prove to lawmakers that it can regulate itself.
There's more at stake than a desire to avoid regulation. Jupiter Communications estimates that online merchants could lose as much as $18 billion in sales in 2002 if consumers aren't confiddent that their personal information is safe.
But many privacy advocates think self-regulation won't cut it. "We need laws," says Jason Catlett, president of the for-profit anti-marketing firm Junkbusters. Otherwise, he says, "we are going to a surveillance society where huge secret profiles are being kept about everybody who's online."
NEXT WEEK: How to safeguard your privacy.