Private information of users who access the Internet is often unwittingly shared with Internet websites without the users' knowledge or approval. For example, although users can choose which sites they visit (“first-party” sites), in many cases third-party sites gather and aggregate information about the users across multiple first-party sites. Users have at best limited capability to control what information of theirs is gathered. Additionally, users do not have a good understanding of how much of their private information is collected, processed, and stored by such third-party websites, and then possibly shared with others.
Third-party aggregators can collect various pieces of personally identifiable information (“PII”) about a user across multiple sites, and users therefore need protection from inadvertently sharing their information with sites they do not explicitly visit. For example, PII leakage often occurs when users access Online Social Networking websites. (PII refers to any information that is identified by a user as information that the user does not want to share with an entity or entities.) Some websites have a legitimate need to obtain some of the pieces of PII—for example, an airline reservation website may need the passengers name, credit card number, and billing address. However, some sites and aggregators obtain more pieces of PII than they need or than what the user may be willing to share.
Internet users can protect their privacy using browser mechanisms or proxy servers. Websites that store information about users give guarantees regarding access to that information via privacy policies; however such policies may or may not be legally enforceable. Privacy mechanisms often are a pre-packaged, non-negotiable set of options—a user can have information about them stored for the session or permanently. However, they cannot select what portion of their pieces of private information should be stored, for how long, and by whom. The choice they are left with is unsatisfactory—in order to be sure that their private information is not directly handed over as a result of their visit to a website or to a third-party aggregator associated with the site, they have to avoid visiting the site altogether.