Some of the most detailed, revealing, and damaging sources of personal information on the Internet are Internet users themselves. If you want to buy a t-shirt or a compact disc on the Web, you need to give that web merchant a name and address where the merchandise will be shipped. As the vast majority of the purchases made on the Web are made with credit cards, you’ll probably also need to give a credit card number. And because there is a lot of fraud on the Internet, you probably won’t get your merchandise without a lot of hassle unless you provide the name and the billing address for the credit card used to pay for the order.

Most web merchants go beyond the minimal information needed to satisfy online orders. For example, a merchant might ask for your email address and a few phone numbers, to allow the merchant to contact you in the event of a mishap. Many merchants set up accounts for their customers so that this information doesn’t need to be entered time and again. These accounts require usernames and passwords. These accounts can be used to track a person’s purchases over time. Some merchants go further, and ask their customers to provide the city of their birth, or their mother’s maiden names, so that if a consumer forgets his password, another question can be asked (see Figure 8-1 and Figure 8-2).

Figure 8-1. By far, the greatest kind of personal information ...