I already posted this once before, but I guess it's no fault to repeat it. There always is a chance to get a "spy" tool installed on your system, either worm/virus-like or as a hidden trojan feature as described above. However, there is a serious chance that they will get you even without the need to transfer any program to your computer (and the risk to get detected). This is how it works: Most web pages have banner ads, and all of them try to place a cookie. This way they can place an ID code on your machine, and store it on their home server with your IP address. Worried? Few people only, because you think your IP number is temporary anyway. But, they can already track you by the cookie ID, they don't know who you are, but they will know when you're back somewhere, and they can store every page URL with one of their banners that you visit (with date, time, and your current IP address). Now the really frightening perspective. There are only few banner ad companies, and they started to buy eCommerce companies. Those companies have customer ID cookies of their own, and they store it (with date, time, and your current IP address) as well. And if you ever buy anything from them, they get your name, street address and credit card number. If a banner ad company buys one, it takes less than a few hours to synchronize both databases. And if you ever placed an order, and visited a different page with a banner during the same session, you will have the same IP address (!!), and they can easily link their already stored history of your visited pages with your real identity. Remember, it only takes one match, once in your entire surfing past, and they can link everything! And all of this without a virus, worm, trojan to be smuggled into your system before! What can you do? Well,... (very little) The only cure is to avoid cookies whenever possible, and the software companies did their best to make life difficult. If I get it right (please correct me if I'm wrong), both IE and NN on PC only offer "accept"/"ask"/"reject" as global options. Accepting all will expose you, rejecting all will stop 99% of all websites working, and asking will ask EVERY 4 seconds during the entire session. On Mac it looks slightly better, because IE has a very nice cookies option panel, where we can set individual options for separate websites, like accepting cookies for www.poserforum.net and www.renderosity.com, but rejecting everything else (and it only asks once for every new site). Even better, you can view and delete individual cookies. It's in versions 4.5 and 5, but I never saw this in the PC versions - does anyone know if it is planned for the forthcoming 5.5? Even better will be iCab, which will be sold to users, but offers massive protection of all sorts, for example it can accept cookies, tell the server it has been permanently accepted, but deletes it either at session end, or even immediately! Unfortunately, it is not yet finished (much lacking JavaScript so far) and will be Mac only. A free full working beta is available from: http://www.iCab.de Hopefully, some other company will soon start do something similar for the PC - it should be worth to pay a small amount of money to get a proper piece of software that protects you, instead of letting the ad companies pay the "free" browser to expose you.