The biggest profilers on the Internet are companies whose sites you may never have visited - networks like DoubleClick and Engage Technologies, which deliver banner ads to thousands of Web pages and may collect information about you without your knowledge.
These firms use tracking cookies to determine which banner ads you see when you access a Web page. Here's how it works: the first time you view a page with a DoubleClick banner ad on it, the ad deposits a cookie on your hard disk. Then any time you view another page containing a DoubleClick ad, the cookie on your hard drive sends the URL of that page back to the ad agency's server; thus begins a detailed clickstream - a history of some of the places you've visited on the Net. Currently, this clickstream isn't matched to your individual identity. Instead, each cookie contains a globally unique identifier (GUID), which lets the ad server track your movements without identifying your actual name or e-mail address.
In this way, DoubleClick has amassed information on the surfing habits of 100 million users, while Engage boasts a database of 52 million profiles. (If you want to opt out of DoubleClick's cookies, visit www.privacychoices.org).
Last year, DoubleClick quietly revealed that it planned to link the names of surfers, their e-mail addresses, and other personal information about them to their clickstreams.
According to senior vice president Jonathon Shapiro, DoubleClick's intention was merely to target ads to specific users. "The whole goal here is to make advertising work by getting the right message to the right user at the right time," he says.
The reaction from consumers and privacy advocates was swift and vociferous. EPIC filed a complaint with the US Federal Trade Commission, alleging that DoubleClick was "engaging in unfair and deceptive trade practices by tracking the online activities of Internet users."