Monday, Oct. 12, 1998

Watch Your Tracks

By MICHAEL KRANTZ

Run a search on your PC's hard drive for the phrase "User Profile," and you'll find a long list of items like this: yahoo.comTRUE/FALSE 3262463 493 Y v=1&n=82iosk148jr9n." This gibberish is just one in a series of digital snapshots of my recent online travels: what websites I visited; what pages I viewed and for how long; what I bought, downloaded or printed. What's more, every site I visit can send programs called "cookies" down the phone line into my machine to snag this data and either use it to try to sell me something ("He spends time at E! Online? Let's spam him with that Titanic-for-$5 offer!") or sell my "profile" to some other marketer. Yikes.

For years, of course, everyone from insurance adjusters to credit-card companies has made money swapping consumer profiles like baseball cards. But the Web is bringing this great American pastime to new levels of invasive splendor. Ironically, one of the most attractive features of the Net--its ability to customize content instantly--morphs smoothly into one of its most sinister: the ability to monitor who you are and what you're doing online, even as you do it.

It's not just the embarrassment factor we're talking about here: the guy whose wife checks out his log and finds the porn sites he hit last night. Consider how much other personal data could become available as we conduct more and more of our lives in this (thus far) happily unregulated world--investing and paying our bills online, filling our prescriptions, etc.

How forthright have websites been about telling users what data they're unwittingly providing? Not very. Last spring the Federal Trade Commission studied 1,400 sites and found that only 14% had posted privacy statements of any kind (though 71 of the 100 busiest sites did so).

While a Senate committee last week approved legislation that would authorize the FTC to regulate the profiling of children, the agency seems willing to let the industry clean up its own act with regard to adults. Enter TRUSTe, a nonprofit group that has persuaded 270 of the Web's most popular sites to post and abide by statements telling what data they collect from visitors, how they use that data and how visitors can restrict that use. Web leaders such as America Online, Microsoft and Netscape plan an announcement this Wednesday to address privacy concerns.

Some, though, are skeptical that a voluntary system will work. "If anybody's going to make money off your identity," says Fred Davis, chief executive officer of the software start-up Lumeria, based in Berkeley, Calif., "it should be you." And, of course, Fred Davis. Due in early 1999, Lumeria's software will, among other things, help you control your data, keeping nosy marketers from grabbing your profile unless you let them. In fact, Davis thinks companies will eventually pay for the privilege ("Hey, visitor No. 85834: we see you bought Titanic last week. We'll give you 500 frequent-flyer miles to tell us your name, age and income!").

For now, here's how you can keep those pesky cookies away. If you use Microsoft's Internet Explorer, choose Internet Options under your View menu, click the Advanced tab, scroll down to the Cookies subsection and choose "Disable all cookie use." If you use Netscape Navigator, go to Edit Preferences under the Edit menu and choose Advanced, then "Turn all cookies off." But be warned: many sites won't let you in if your browser rejects cookies, and others will harass you with dialogue boxes urging you to accept one.

Krantz is a TIME technology writer. Josh Quittner returns next week. See time.com/personal for more about online privacy.