The dug into the privacy policies and tracking practices of the 50 most visited Web sites as listed by Quantcast. The researchers discovered that loopholes such as affiliate sharing and tracking code allowed for much more data sharing than you might expect.

Sites often reserve the right to share your data with affiliates, including entities owned by the same parent, or even outside contractors. But you probably don't know how many affiliates a site has. According to the researchers, News Corporation, the parent of MySpace and Photobucket, has 1578 affiliates; CBS (parent of Download.com) has 637 affiliates. Likewise, a site may not actively share data with an unrelated company, but it might let that company place a "Web bug" image or code on a site that can effectively track you.

Many sites do try to protect data such as e-mail addresses and personal information, and some restrict the data that Web bugs can collect. For example, the report's authors were careful to note that Google does not automatically aggregate the data that its many Google Analytics trackers gather, though it does offer incentives to share that info.

All of that aside, the fundamental issue is that many users don't want digital bloodhounds sniffing their tracks, even if those tracks are tied only to an IP address or some other numerical code. Right now, users have little say in what information is collected and what it can be used for.

While there's no one simple solution, you can take some steps with browser settings and add-ons to help retain your privacy--steps that don't require deleting all your cookies after every browsing session, which effectively throws the baby out with the bathwater by removing the cookies you may want (say, those that remember passwords or form data).