Imagine you're shopping at a mall. You browse different stores, make a few purchases and move on. Then, you notice that a man you don't know seems to be following you. You even catch a glimpse of him taking notes on what you're looking at and buying. The entire time you've been shopping, you've been spied on!

©iStockphoto/Angel Manuel Herrero
Good try, but a ski mask offers little protection from online scrutiny. See more images of the Web.

Many people fear that a similar thing is happening on the Web. They're worried that someone, usually the government, is recording and analyzing their Web browsing activity. They argue that these acts are an invasion of privacy. Are they right to be worried? Can the government keep track of all the Web sites everyone visits, and would it be able to act on that information?
It's easy to understand why some people are worried. The United States Patriot Act expands the government's ability to perform searches and install wiretaps. It doesn't seem like a big stretch to add tracking people's Internet activity to the list. These people fear that they'll be spied on whether they've done anything to justify it or not.
In some ways, fear about the government's ability to keep tabs on Web activities has reached the level of a conspiracy theory. In the most extreme version of the theory, the government is tracking not only Web site activity, but also is building a database of potential suspects for crimes ranging from corporate sabotage to terrorism. Other theories don't go that far, but still suggest the government is treating everyone like a suspect -- even if people aren't doing anything illegal or questionable.

Big Brother's BrowserPeople who worry that the government is tracking their Web activities sometimes use the adjective Orwellian. The word means invasive and totalitarian, and it's named after author George Orwell, who wrote the book "1984." In that novel, a government known as Big Brother controls nearly every aspect of citizens' lives.

How might the government track someone's activities on the Web? Find out in the next section.
Internet cookies aren't going to tell the government about every Web site you've visited. Some consumer news articles might give you the impression that Internet cookies broadcast everything you do on your computer to every Web site administrator connected to the Internet. The truth isn't quite so frightening.

Mandel Ngan/AFP/Getty Images
Texas Rep. Lamar Smith (far right) poses with other representatives and President Bush at the signing of an executive order intended to improve agency
information disclosure.

Internet cookies are small text files that Web sites store to your computer's hard drive -- they aren't computer programs. An Internet cookie gives a unique identifier relevant to a particular Web site to each computer that visits the site. The identifier lets Web sites tailor the browsing experience to your preferences. If you visit an international Web site that's available in many languages, you'd want to read it in a language you know. Using an Internet cookie, the Web site can remember this information. The next time you visit that site, you'll go straight to the appropriate version because the cookie on your hard drive told the site which language you prefer.
If you fill out an online form on a Web site, the site may store that information in the cookie on your hard drive. The personal information can't get into the cookie file unless you choose to provide that information. There's no way for the cookie to search your computer for identification information. In other words, if you're worried about personal information hitting the Web, just don't share it.
A small number of major Web companies provide most of the cookies on the Internet. These companies use the same format for all their cookies, so it's possible for these companies to see when a computer visits different Web sites that use their cookies. For example, Web advertising giant DoubleClick provides cookies for thousands of Web sites. DoubleClick can see if a computer visits different Web sites using their cookies, but it can't see if the computer visits a site that either uses a different Internet cookie or doesn't use cookies at all.

Tossing Your CookiesInternet cookies don't identify a user -- they identify a computer. The Web site stores the cookie on your hard drive, not on a server. The Web site doesn't know if a lot of people use one computer, and it won't recognize you if you use a different computer to visit the site later. If you're worried about cookies, check your browser's help file to see how to delete or block them.

Currently, the U.S. Congress is considering an act that would require Internet Service Providers (ISPs) to retain personal data for all its subscribers that the government could then use in investigations. The act is called H.R. 837: Internet Stopping Adults Facilitating the Exploitation of Today's Youth (SAFETY) of 2007 [source: GovTrack]. If this becomes law, ISPs will have to save personal information like names, postal addresses and Internet Protocol (IP) addresses for all its subscribers. While the government wouldn't be able to track a user's browsing in real time, it could request records from an ISP showing all Internet activities on a particular user's account. People who use public computer accounts (like a computer lab in a public library) would be harder to track.
Republican Rep. Lamar Smith of Texas introduced the bill on Feb. 6, 2007. On March 1, 2007, the Subcommittee on Crime, Terrorism and Homeland Security received the bill for deliberation. As of February 2008, the bill is still in the legislative process.
What's the government's policy on tracking Web activity? Find out in our next section -- if you dare. While it's not efficient to try to track a person's Web activities with cookies, it's still a concern for privacy advocates. A government Web page could hire a corporation like DoubleClick to provide Internet cookies. In theory, DoubleClick could search its database to see if the visitor had been to any other Web site that also used DoubleClick cookies. The government could try to gather information about a user by cross-referencing all the DoubleClick cookie sites he or she visits.

Scott J. Ferrell/Congressional Quarterly/Getty Images
Sens. George Allen and Ernest F. Hollings discuss Internet privacy bills at a Senate Commerce meeting.

Some Internet privacy advocates don't like the idea of a governmental agency keeping information files about Web site visitors. Whether the government intends to use that information for tracking purposes is beside the point. The advocates argue that the government shouldn't keep tabs on people using cookies at all.
It may come as a surprise to conspiracy theorists, but the government more or less agrees with this perspective. In 2003, the White House's Office of Management and Budget issued a memo regarding the federal government's Internet privacy policies. The memo said that all federal government sites must post their privacy policies on an easily accessible Web page. The memo also forbids the use of persistent cookies in most cases. These are Internet cookies that remain on your hard drive even after you close your browser program [source: Office of Management and Budget].
There are some exceptions to the rule. The memo says that a federal government Web site can use persistent cookies if:

• There is a "compelling need," although the memo doesn't define what makes a need compelling
• The agency provides a clear posting in the privacy policy that alerts the user that the site has persistent cookies
• The agency explains in the privacy policy how the information in the cookie will be used

Cookies that expire once the user closes his or her browser program are exempt from these rules. Web bugs, which are images one pixel wide by one pixel tall that have many of the same properties as persistent Internet cookies, are not explicitly addressed, meaning some agencies may consider them exempt.
Despite this memo, several people have reported the use of persistent cookies on governmental Web sites. For example, the New York Times reported in 2005 that the National Security Agency (NSA) used persistent Internet cookies on its Web site that wouldn't expire until 2035. An NSA spokesperson said that the inclusion of the persistent cookies was an accident caused by a software upgrade [source: New York Times].
Many of the exposé reports about government Web sites and persistent cookies seem to be due to such accidents. Some Web page development software includes persistent cookies as a standard option. If the Web administrator doesn't know about the option, he or she might create a Web page that includes persistent cookies without being aware of it. Considering the amount of work necessary to track someone using cookies, it's likely that most of these incidents are, in fact, accidents.