There's a widely held belief that the internet is anonymous. Most people think they can visit websites around the world, safe in the knowledge that no one can track what they're doing. They think they can join discussion groups and talk about personal issues such as alcoholism, infidelity or a sexual problem, without anyone knowing their real identity.
People assume that doing all these things - and more - is safe, private and beyond the reach of anyone who wants to find out what's been going on.
But it's all a myth. The internet may appear anonymous when you can wander into a chat room using a made up name, and say something as outrageous as you like, but, as in Hansel and Gretel, there's a trail of bits left behind you.
If you're concerned about privacy there are a couple of questions to ask: how visible is your trail, and how hard is it to follow?
It's an emotive subject, and best approached rationally. There is, for instance, little point becoming stressed over an ad agency tracking which of its clients' sites you visit online when you freely hand over a loyalty card in the supermarket each week.
Before you can understand how best to protect your privacy, it's helpful to know just what information you're generating when you connect to the net, and how easy this is to trace.
At the very lowest level, when you connect to a website it will receive a record of your IP address - the unique number that indicates which computer you're using. If you use an ISP like Demon, that gives you a fixed address, that's enough to pinpoint your account.
With a dynamic address, it'll pinpoint the modem line you connected to. Finding out which customer was using that line means matching up a time with the records from the computers that handle your login. On a busy system, that could mean finding one from tens of thousands of entries, but it can be done. This is how the police were able to track the source of the Love Bug virus to a dialup account used by a group of students in the Philippines.
Some systems, such as AOL, might share an IP address between more than one user. The same is true of some corporate gateways to the net; but even so, there will usually be a way to work back to a specific system, even if it involves trawling through pages of log files.
Recording which IP address accessed a site is a start, but it's not enough for many places on the net. They want to know more - such as whether you've visited before.
This is done using what are called cookies. There are many myths about cookies, which are best dispelled by looking at a site such as www.cookiecentral.com. A cookie is simply a piece of information that a website asks your browser to store on your PC. The same site can then request the cookie next time you visit. This allows it, for instance, to automatically fill in your login name on the AvantGo pages, or supply the weather reports you asked for on the MSN.co.uk home page.
What a cookie can't do is trawl your hard drive for your credit card number, neither can it tell a website anything it didn't already know about you. If you tell a site your name is Camilla instead of Charles, then that's what will be in the cookie that's stored on your computer.
So why do so many people get worked up about cookies? Because a few companies, most notably DoubleClick, have found a way round the fact that a server can only request cookies for its own site.
DoubleClick is an agency that supplies the ads that appear on many of the net's most popular sites. Using cookies, DoubleClick can uniquely identify you, allowing a profile of the type of sites you visit to be built up, and even supplying relevant adverts for you.
So how can it do this when cookies are unique to a site? It's simple - the DoubleClick adverts aren't on the site you visit. They're stored on DoubleClick's own servers, and your web browser dutifully fetches them from there. This means it has requested information from the DoubleClick server, and can therefore have a cookie sent, or passed back to, that server.
I am not a number
As long as none of the sites that you visit require you to register, you're just a number - a unique ID that lets people analyse trends, but which keeps your true identity private.
Register for a site, however, and information that you supply - such as name and address, age, nationality and so on - may be passed back to the advertising company. In the US, DoubleClick has caused a storm by buying a traditional marketing agency, stoking fears that comprehensive online and offline profiles about people could be built up.
If you're using a fixed net link, it doesn't even take registration to glean at least some information about you. Commonly available tools can turn an IP address into a real street address - or at least the address of a person who registered a particular domain, or had a certain range of addresses assigned to them. For example, the IP address 126.96.36.199 can be traced to 32-34 Broadwick Street, London, W1 - the home of the people who publish the website you're visiting now.
One way of hiding these sites is to go via a proxy, making the address that appears in the web server's logs that of the proxy server. Of course, all that's really doing is adding another link to the chain, since the proxy server will have a record of what you're asking it to do.
This is also what makes proxy servers a useful tool for those who want to see what you're up to. Even though you may not think your web requests are going through one, many internet service providers (ISPs) use so-called 'forced proxying'. This means that all web requests are routed via a transparent proxy. You don't need to change any settings in your browser, but the effect is the same. For an organisation or country that wants to control and monitor what people are seeing on the web, it's ideal.
More than the web
There's much more to the internet than the web, of course. Email is one of the most popular ways of communicating and, once again, everything from the sender of each message you receive to the destination of each message you send via your ISP's mail server, will appear in a log.
A trivial tweak of an alias file could forward a copy of all your incoming mail to someone else, and it's not much more work to intercept outgoing messages. If the Regulation of Investigatory Powers (RIP) Bill goes through in its current form later this year, all ISPs will have to provide a means to intercept email when a warrant is issued.
Depending on the type of network used, it may already be easy for other people to read your messages, and in some countries, businesses have no qualms about looking at the contents of email that their employees send or receive.
Besides email, just about any other connection-based service on the net can be logged, with a computer somewhere recording the time and source of each connection it receives. With access to the network your information is passing over, such as your ISP, it's theoretically possible to monitor each packet of data and examine its source, destination and contents.
And don't forget that anyone with access to your PC can track your movements when you're offline. Your web browser will record all the sites that you've visited in its history file, and some pages will be cached. It's not that hard to turn the history and cache files back into a list of sites or pages. People have already fallen foul of the law because of the traces left on their computer after they've visited certain sites.
Some recent security exploits have shown that it's possible to read a file on a PC if you know the path - something that's dismissed as not too likely by browser writers. But there's a safe bet, for instance, that if you use Netscape and accepted the default options, you'll have a file called C:/Program Files/Netscape/Users/default/netscape.hst (or cookies.txt) either of which could reveal information about your habits if read by someone else.
The truly paranoid might decide never to use the internet, so great are the opportunities for tracking what people do. The complacent, however, will fall back on the old adage that the innocent have nothing to fear.
As ever, the truth lies somewhere in between. You can take steps to protect yourself - to stop the marketing companies making your life into a data set for their analysis - by managing cookies properly, and you can prevent your partner knowing what websites you've visited using a service like anonymizer.com.
But while you can take comfort in knowing that the sheer volume of information generated across thousands of computers by the millions of net users makes it hard to single out one person for attention, rest assured that if an official agency really wants to know what you're up to, it can make a pretty good stab at finding out.
Privacy on the net isn't a complete myth, however, and the casual user can follow some of our quick tips on the right to increase it. Ultimately, privacy, and the lack of it, are very similar online. Both can be arranged, but you need to be pretty determined to achieve either.
Latest Tesla news: Tesla share price continues to fall after Saudi Arabia's sovereign wealth fund is linked to investment in rival
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
RTX 280 Ti will come with 11GB of fast GDDR6 video RAM with a 352-bit memory bus offering 616Gbps
The scale of jobs lost to automation will be at least as large as those in the first three industrial revolutions
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC