Advertisers provide an example of how public we really are on the Internet. DoubleClick, one of the most popular banner advertising services on the web, very nearly turned on a spookily-powerful feature in January of 2000. They very nearly let advertisers know the home address of each and every person who saw their banner ad. To explain how such a feature could have possibly been implemented technically, we'll need to delve a touch into how web pages work.Cookies
When a user downloads a web page off of the Internet, their web browser connects to the web server and transmits information about what web browser the user is currently running, the name of the page requested, what web page the user just surfed in from, what languages the user prefers to read (and in what order of preference), and also any information that the web server asked it to store: this last piece of information is called a "cookie."
The above steps are true not only for web pages but also for when an image, such as a banner ad, is requested. Websites wishing to participate in a banner network like DoubleClick put a link to an image that sits on the ad servers. The user's web browser, after downloading the web page with the banner ad on it, contacts the ad server to request the image and passes the ad server any cookies that the ad server has asked the user's browser to store. The server then spits back a random banner ad for your web browser to display. Since the same ad server serves banner ads for many sites, the ad server can store a uniquely identifying number on your computer, like 321823. The next time you're on any page that uses the same ad service, your computer will transmit 321823 back to the ad server. In this way, the server can keep track of not only how many unique page views a site has been getting, but also what sites each user has visited.
Cookies & Security Unlike what some people originally thought, cookies do not represent a security problem in and of themselves. The web server only is allowed to see the data that it asked the client to store: the web server therefore can't see any other information on the user's computer or even see other cookies. While it can provide more interesting ads to you, since the system can guess better what products you might be interested given the sites you've been visiting, it has weirded enough people out that they've turned off cookies on their system altogether. However, things rapidly get more insidious: if you "register" at any number of websites, they will provide their ad network with your personal information in exchange for a much higher advertising rate, given that advertisers are willing to pay a lot more when they know what kind of person they're advertising to. The ad server can now corroborate your personal details with your unique identifying number, meaning that they now know your name, address, phone, email, AND most of the websites that you've visited.
Thankfully, DoubleClick did not enable this feature due to popular protest. But the fact that the technology exists to so tightly monitor web users' activities has given many pause; the web is not as anonymous as it might at first seem.