DoubleClick and RealNetworks are not the only sites accused of tracking users' activities across the Web. Amazon.com is embroiled in a similar controversy involving Alexa Internet, a software firm that the e-tailing giant purchased in June 1999. Amazon plans to use Alexa's software in its ZBubbles shopping service. The free software's menu bar sits on top of your browser as you surf, suggesting similar sites to visit and letting you share information with other shoppers. But it also captures the Web address of each page you view - and, according to security expert Richard Smith (see "Private eyes"), these URLs can contain a wide variety of personally identifying information.
For example, when you use a search engine like AltaVista, the URL for the results page contains a text string including the terms you searched for. Depending on how the Web site's search engine works, a URL could contain your name or e-mail address, too, as well as the titles of books you may have bought, flights you may have booked, and health conditions you may have researched - all of which, Smith says, get sent up the wire to Alexa. (Smith uncovered a similar problem having to do with DoubleClick cookies. A recent example involved Intuit, whose Quicken Web site was inadvertently forwarding users' financial information to DoubleClick. Intuit quickly plugged the leak, and DoubleClick says it didn't store this information; but DoubleClick did not provide details of what exactly is stored in its profiles.) According to Dia Cheney, director of corporate communications for Alexa, the company stores its users' Web trails anonymously and keeps this data separate from personally identifiable information, such as e-mail addresses, that users may have provided when they registered the software.