Our increasing dependence on the Internet decreases our chances of maintaining privacy. But with a little care, you can still use the Web without revealing your e-mail address or personal identity--right? Alas, the most recent discovery by independent security analyst Richard M. Smith challenges that assumption.

Today, many Web sites place cookies on your hard disk to profile your interests and deliver customized information. In theory, cookies identify only the PC, not the person using it.

However, as Smith discovered, a loophole in both Internet Explorer and Netscape Navigator makes it surprisingly easy to match e-mail addresses and cookies, thereby linking a unique identifier to a nameless profile. When you view an e-mail message sent in HTML format, your e-mail software uses a browser to display it. Any graphic in the HTML message must be loaded from the originating server, and any cookie previously deposited by that server will be transmitted back to the site when the graphic is fetched. That fetch request can also transmit your e-mail address. By sending out junk e-mail with graphics, advertisers can match e-mail addresses with previously issued cookies.

So far, no one appears to have tried this trick. And if privacy advocates have their way, no one will: Smith has joined with eight privacy and consumer groups in asking the Federal Trade Commission to require that software makers close the loophole.

Microsoft and Netscape told us they were investigating the issue, but neither had announced a patch. In an e-mail to PC World, a Microsoft spokesperson said the company had confirmed Smith's theory, but "it does not appear this is a problem that technology alone can solve. The solution may lie in appropriate regulation [of Web companies]."

For the time being, the surest way to protect your anonymity is to instruct your browser not to accept cookies and delete existing cookies from your hard drive. But if you reject cookies, you may not be able to access your favorite Web sites. For more on tossing your cookies, see "Guard Your Online Privacy: Web Privacy."

If you use Windows 95 or 98 to access an NT network, a snoop with physical access to your PC can snag your password. The old Windows for Workgroups stored users' network passwords in system memory after each log-in. Part of this habit was carried over to Windows 95 and 98 (but not Win 98 Second Edition). By issuing certain commands, an intruder can learn your password. You can download the 148KB patch for Windows 95 and the 161KB patch for Windows 98 from Microsoft.