By now everyone has heard how the Internet brings remote corners of the world to the desktop computer, enabling users to drop in on groups as diverse as the National Rifle Association and the American Museum of Fly Fishing, to shop for cars, books and wine or to consult the summer timetable of the French national railway. Less well-known, however, is the quantity of information that flows the other way—from consumer to marketing company, patient to insurance company, employee to boss.

Often without their knowledge, let alone their permission, people surfing the Internet reveal minute facts about themselves with every click of the mouse. "One of the first rules for people moving around online is to understand who is watching," says Lori Fena, executive director of the Electronic Frontier Foundation, a nonprofit group focusing on ethics and civil liberties in cyberspace. Fena, 35, recently spoke with staff correspondent Ron Arias from her office in San Francisco about how privacy is being invaded in this brave new world.

How do users reveal information about themselves on the Internet?

Two ways—voluntarily and involuntarily. Let's say a single, 30-year-old woman wants to check out adventure-travel information. She goes to a travel site on the World Wide Web. It asks her to register, then steps her through questions that enable the company to tailor a vacation for her. The more the site knows about her, the Web page explains, the better it can serve her. She reveals that she's a legal secretary, lives in Boston, likes to hike and listen to bluegrass, is a diabetic but is otherwise in good physical condition, likes to read mysteries and travel in the tropics. The site may ask her for added information—her income, education, homeowner status, even credit card data—to make the profile more complete.

Can such information be misused?

Unfortunately, yes. Many of the health sites, for instance, have support groups in which you can share information about therapies and cures. But you must be careful to check the site's privacy policy. If your participation in the site is not kept confidential, a marketer could match up your name to your home address through a name search and a telephone number or e-mail address, and you'll start receiving brochures from clinics, pharmaceutical firms, even shady medical hucksters.

How do Internet users provide information involuntarily?

Imagine that you went to a shopping mall and somebody attached a TV camera to you and monitored every stop you made: where you went, how long you looked at an item, what you bought. In the real world we wouldn't put up with that. But it can happen on the Internet.

Take the case of a public official in Washington State who was given an Internet account as one of the perks of his office. He used the Web both for political use and personal browsing. What he didn't know was that his Web activity, including some 130 visits to recreational sex sites, was being monitored by the server he was logged onto. To his embarrassment his Internet usage was made public in the local press. If you were using an AIDS or breast-cancer Web site, each visit could be recorded—unless the site has a posted privacy policy—and possibly hinder you when applying for a job or for health insurance.

But is this legal? Is an insurance company permitted to snoop as we surf the net?

In a word, yes. Unfortunately, in the U.S., we don't have a broad-based privacy policy, and there are no laws preventing the monitoring of Internet usage. The industry is trying to build in safeguards, like TRUSTe, a set of online symbols that makes it easier for the consumer to know what data is being collected. But our studies show that just having industry guidelines is not enough. Laws enforcing Internet privacy are needed, and one is being proposed in Congress.

How does an Internet spy operate?

Experts in data mining typically combine information offered either voluntarily or unwittingly with public records from the motor-vehicles database, the marriage database, birth records as well as property records and mailing lists. And they end up with a pretty complete profile of you.

What about children on the Internet? Are they at risk?

We need to educate kids, especially about things like creating home pages on the World Wide Web. Some schools are teaching kids to put up their own pages so they can publish their poems, stories and artwork. Parents should make sure there isn't a way for predators, by looking at a site, to be able to contact the child.

Is it dangerous to shop online?

Your credit card is probably just as safe online as it is when you hand it to a waiter or buy from a catalog company. Most online shopping services have installed secure servers, units that encode the information you give the company so that it would be useless in the wrong hands.

How about banking on the Net?

At an ATM all that is needed is your card and PIN number to drain an account. But online banks have taken more stringent precautions to secure your account.

We're at the forefront of a new age. I envision a time when privacy practices will be used around the world. Users should be notified and allowed to give consent for the use of data. We should all be playing by the same rules.