Handling site privacy properly requires you to think like users and realize their worries go far beyond cookies and P3P.

Users must now worry about a host of other privacy-related technologies. For example, Web bugs or beacons are clear pixel GIF images used with cookies for user tracking. JavaScript also is being used to attempt to profile users more closely.

Scripts can be used to profile technology such as screen resolution, browser type, language and plug-in availability, and are often used to build suitable Web pages for users. However, scripts can also be used to track mouse movements or create ad windows or spy windows that continue to pester users long after they have left a site. In some cases, scripts or downloaded software may modify browser settings by changing the user's home page, adding a proxy server or modifying DNS so traffic may be altered or modified.

Probably the most dangerous privacy-related technologies are spyware or adware programs, which are often installed in conjunction with other software such as file-sharing programs. These programs monitor user activity for profiling purposes or trigger pop-up advertisements based upon browsing patterns.

Despite supposed disclosure of their activities, these programs are not far from Trojan horse programs. Many end users are completely unaware of the existence of such programs. Those who know about them are burdened with purging the software using tools such as Ad-Aware and using application firewalls to closely monitor their PC's traffic.

While it would seem that many of these technology "dirty tricks" are regulated to the seedy parts of the Web, such innovations are making their way to more mainstream marketing departments. Many reputable companies have booked advertisements on adware-based networks either knowingly or unknowingly. A few companies have even resorted to forms of hijacking.

For example, if you have installed AOL or Netscape software recently you may find that your Internet Explorer preferences have been modified to add an AOL server to the list of trusted sites, giving them carte blanche in potential browser add-on installation and cookie use. You can put a spin on it any way you like, but browser hijack tactics and spyware simply take advantage of those who don't look very closely at details or are not extremely technical or security savvy.

Web administrators would be wise not to engage in too much trickery for monitoring lest they incur significant end user wrath once discovered.

Originally published on Network World, Published: September 30, 2002.