I had never visited theglobe.com, one of the handful of companies attempting to strike it rich by offering free home pages and other services to the general Web-going public. But they had somehow gotten their paws on my password — and, as soon became clear, passwords belonging to some 35,000 other Web users.

By its own admission, theglobe.com screwed up — a “co-branding” deal between it and the Web site for the magazine Advertising Age went awry. Vance Huntley, chief technical officer for theglobe.com, explained the mailing as the unintended result of the mass registration of Ad Age Interactive subscribers to a special section of theglobe.com’s Web site. (I’d registered for Ad Age a while back, and that’s where theglobe.com got my name and password.)

But even if this incident was nothing more than a blunder, it should still send a loud warning through cyberspace: In an era of frenzied consolidation and spaghetti-like cross-marketing deals, private passwords are less secret by the day.

What happened? According to representatives of Ad Age and theglobe.com, the heart of the business agreement was an arrangement in which theglobe.com hosts an interactive forum for Ad Age online subscribers –”Ad Age Interactions.”

“Ad Age had specifically come to theglobe.com so that we could create an Ad Age community area at our site, where registered members at Ad Age would receive all the functionalities of a community (chat, home pages, surveys, discussion forums, etc.),” says Esther Loewy, director of communications for theglobe.com.

Ad Age wanted to avoid inconveniencing its subscriber base by forcing them to re-register to enjoy the benefits of the new forum. So theglobe.com registered the entire 35,000-strong membership database en masse.

“We wanted to provide a seamless experience for our users,” says Brian Quinn, Eastern sales manager for Ad Age Interative. “We didn’t want to require them to come up with a new password.”

Normally, says Huntley, a standard, automated procedure is set into motion each time new users register at theglobe.com. New users are immediately e-mailed a confirmation of their registration, complete with the username and password they’ve selected. These confirmations also include pitches for new services — in particular, theglobe.com’s “HomePage Builder” service, “which makes it super easy to get your own HomePage up and running.”

Such confirmations are increasingly becoming standard practice for many Web sites that require registration — even though many privacy experts counsel against ever sending an unencrypted password through regular e-mail. In this case, apparently, no one stopped to think that the mass re-registration of Ad Age subscribers — which occurred without the knowledge or express permission of those subscribers — would trigger off a bulk e-mailing, alerting all those subscribers that their passwords had just migrated from one company to another.

“That was not our intent,” says Quinn. “The intent of that e-mail effort was to alert our AdAge.com users that their current password, or a close representation, could be used for entrance into our new co-branded online community, Ad Age’s Interactions.”

“It should be made very clear that Ad Age did not sell this list to theglobe.com for any promotional use on its own behalf,” says Quinn. “In fact, we have never previously made this list available to any outside marketer. As stated before, our intent was to create a more positive experience for our users.”

Unfortunately, the message from theglobe.com never mentioned Ad Age or the new Ad Age Interactions community. So instead of a seamless experience, the recipients of theglobe.com’s mailing received a jolt.

Theglobe.com’s Loewy conceded that “Ad Age should have notified their members of this promotional campaign prior to the campaign … they are sending out an e-mail today to all their members, explaining the deal.” But she also noted that Ad Age Interactive had run advertisements promoting the new Interactions site.

“We assumed that the month-long campaign was promoted sufficiently to Ad Age members so that they would be aware of their instant membership to theglobe.com when we sent out our usual welcoming e-mail to new members,” says Loewy.

Instead, Ad Age stepped right on a land mine, outraging a group of Web users who are particularly sophisticated in the arena of advertising and marketing. By early Monday evening, theglobe.com’s Huntley said that he’d received about half a dozen calls about the password spam. And he sympathizes with their concerns.

“I hate getting unsolicited mail of any kind,” he says, “and it has always been our policy to say, hey, you’re getting this mail because you typed your e-mail address into our Web site. This was an editorial oversight, but it has had bad repercussions. I think that it would have made a lot more sense to indicate to users what was going on. But alas, the mail has gone out.”

“The really annoying part of this from my perspective is that the members of Ad Age tend to be a fairly technically savvy crowd,” says Huntley. “We’ve been getting all kinds of interesting commentary.”

Judging by the e-mail I’ve received since first publishing this story, few people reacted warmly to the sight of their own password, in plain text, sent to them by a complete stranger.

“There’s kind of an implied sacredness to a password,” says Bob Little, the moderator of a mailing list inspired by Marshall McLuhan, and a recipient, Monday morning, of the message from theglobe.com. “But the fact is you have no control over this.”

“It’s incredibly devious, if you look at the way the e-mail is phrased,” says Little. “The essence of spamming is to make you feel that you might have actually wanted [the message] — the whole idea is to delay the finger from deleting it. So here comes this message. It does not say you’ve never dealt with us before. It says you’re now registered, here’s your user name and password — and it’s the same one that you’ve used before, maybe a dozen times. Your first thought is, when did I register for this? I think a lot of people might go through this. We knew right away we never did this, and we’re tired of people putting us on lists. It’s really gross.”

So is it likely to happen again? For Ad Age and theglobe.com, does this unpleasant incident get chalked up as just another learning experience?

“What we highlighted here is that we are not as sophisticated about it as other operations might be,” says Huntley. “Had this been the 20th time we’d done this, perhaps there would be standard operating procedure to deal with this eventuality. This is the first time we’ve had anyone call and complain about this kind of issue. I think there are other folks doing it a lot more and that they have procedures in place to deal with it.”

And there’s the real problem. How often is this kind of mass re-registration of subscribers going on in the Web world? In the offline universe, mailing lists get bought and sold with increasing frequency. But private passwords? Is such user information being traded between companies — and how often is it being used? Just think of one potentially disturbing possibility: Microsoft recently bought Firefly, the owners of a database far larger and more detailed than Advertising Age’s. Microsoft now has access to all Firefly user preferences, not to mention their passwords.

Of course, Microsoft is probably smart enough not to send a bulk e-mailing to all those users that included their passwords printed in plain text. And they shouldn’t. On the other hand, at least such blunders let us know what companies are up to with our information. Do you know where your password is tonight?

He moved toward the door, jingling his keys. “I’m not sure,” he said.

“I can see that.” Apparently he knew me better than I’d thought. “Look, all women snoop. It’s just a matter of when and how.” I went back to reading.

But he stood there, dirty sweatshirt in one hand, keys in the other. “Is that so? All women?”

“All of ‘em. Just a matter of when,” I said. I closed the book and poked my finger into Katherine Graham’s face, staring severely from the cover. “Even her, I’ll bet. Newspaper woman — they’re the worst. She’s snoopy by nature and by profession. I’d hazard a guess that no drawer went unrifled in the Graham household.”

“Well, this is news to me,” he said, uncertain but bored now. “Anyway, I’ll be back in five minutes.”

“In snooping time, that’s an eternity,” I told him. He shook his head and started to close the door. “Sort of like dog years,” I continued. “I can find those teenage wedding pictures you just sorta conveniently forgot to tell me about in no time at all.”

I pressed redial as I listened to him clomp down the stairs. “Continue with this terrible story,” I said when she answered. “He went to get a burrito. Who is this chick again?”

Harriet sighed. “She’s some kind of junior assistant in media. Young. Just out of college. She was crying in the bathroom so naturally I asked her what was wrong. She said she was cleaning out a closet in her apartment — she lives with her boyfriend, I guess — and she found his diary.”

“Journal,” I corrected her. “Not ‘diary.’ ‘Diary’ is not in usage in this day and age, particularly for men. She just happened across it? Yeah, right.”

“She’s a snooper,” said Harriet. “Anyway, she read his diary or whatever and in it he wrote, ‘I just don’t find Cara attractive physically anymore. She’s always been a big girl, but lately our sex has been repulsive to me.’ Repulsive! That’s the word she said he wrote! How can you ever get over such a thing?”

“You can’t,” I said. “No wonder she’s crying. Now she has to find a new apartment in New York.”

“I know,” Harriet agreed. “The first mistake she made was not getting on the lease when she moved in. But can you imagine? It’s not like she can talk to him about it.”

“Well, she could,” I said. “I did. A few years ago, I broke into a boyfriend’s voice mail –”

“Oh, yes,” Harriet said, bright with recognition, as if I’d mentioned an old friend that she’d forgotten about. “I’ve done that. I think every woman I know in the world has done that at some time.”

“It’s rampant,” I agreed. “Anyway, I hacked in, and it became an obsession. I couldn’t stop checking it. It was as if I had to find something to back up the reason why I was doing it in the first place. I kept checking it and checking it, sometimes four times a day, like a junkie telling myself, ‘This is the absolute last time.’ I’d hear messages from his landlord, the FedEx man, his rugby buddies –”

“Until you heard what you were looking for,” said Harriet.

“Exactly. A ‘Susan’ purring into the phone about what a wonderful time she’d had last night and why did he have to leave and that she’d have to finish herself what he’d started.” I began to feel nauseated thinking of it. “I remember exactly where I was when I heard that message: sitting on the floor of my living room, bent over. I can remember the smell in the air, the light coming in from the window — everything. Ugh. Now I really feel ill.” I lay down on the sofa and put my book over my eyes.

“Was that the time that you got so obsessed with checking his voice mail that you had a friend change his password without telling you what it was?”

“Well, this was another time,” I admitted. “That time, I’d wanted to save me from myself. Of course, the only wrinkle was that he couldn’t get into his voice mail either. So he got wise and then I had to tell him and we broke up after that.” There was a little silence. “I was young,” I explained.

“Sometimes snooping is a good thing,” Harriet said soothingly. “One time when I snooped and found some letters that a boyfriend wrote to his old girlfriend, I was happy. I really was. It made me realize something was going on and I wasn’t insane.”

“But why don’t men do it?” I asked. I thought about the time that Q watered my houseplants when I was on vacation, and I’d come home to find that I’d left a private notebook sitting on my desk next to the orchid. He looked stunned when I asked if he looked through it, and then thoroughly exasperated when I asked why he hadn’t. “Women!” he’d growled. “Because, frankly, I don’t want to know.”

“Better people?” Harriet guessed. “Less curious? There is always the argument that nothing is found out by accident. It’s a fairly easy way to get a woman to break up with you if you can plant the right information.”

“Another friend of mine found a topless photograph of an old girlfriend,” I said. “But it turned out that he’d taken it in college 15 years ago, for an art class. Her question, as was mine –”

“Is why is he saving it?” Harriet finished. She sighed again. “Another time a friend of mine got obsessed with counting the number of condoms in her boyfriend’s bathroom. I mean, you really can’t come up with many excuses if condoms suddenly start disappearing.”

“Does bathroom snooping count?” I asked. “It seems like that territory would be fair game.”

“It counts,” said Harriet, full of conviction. “But this is always the problem with snooping. If you find the information that you’re looking for — which invariably is something that makes you feel like a piece of dirt — you don’t have any moral high ground. They can always come back and throw it in your face that you violated their privacy.”

She continued, “And if you don’t find anything, you still feel like a piece of dirt, either because you’ve been a snooper — a highly unethical practice, some would say — or because you’ve been a bad snooper and couldn’t come up with the goods.” I heard Q’s key in the lock and I sat up. “I gotta go,” I whispered, and hung up.

“I figured because you told me you were going to go through my stuff, there’s no way in hell that you really would,” he announced, as if he’d memorized a speech. He dropped a grease-stained paper bag on the table and looked pointedly at his file cabinet.

“That was a ploy to save me from myself,” I said. “This time it worked, but next time we may not be so lucky.”

No shock there: The desire for online privacy runs directly at odds with one of the most attractive aspects of doing business online — the Net’s capacity for helping target marketing and advertising efforts directly at specific users.

“The Internet is an absolute gold mine,” says Jerry Kang, a law professor at UCLA and online privacy expert. “Private and commercial forces want to exploit database marketing by tracking cyberspace transactions. But individuals just don’t want that. They are worried that their personal information will be misused.”

The Catch-22 is obvious: to truly protect user privacy would negate the Net’s direct-marketing potential. It’s a difficult contradiction to resolve — all the more so when the driving force behind OPS’s ostensible privacy standard turns out to be the Net’s preeminent specialist in commercializing personal information.

Most press coverage of OPS has focused on the fact that arch-enemies Microsoft and Netscape managed to agree on the proposal, making it likely to become a de facto standard. But the nuts and bolts work of designing OPS was carried out by a company called Firefly, an advertising-driven Web site that recommends music and film selections to users by comparing their own preferences to a database of other users’ likes and dislikes. The entire OPS strategy is an extension of Firefly’s current approach to handling its users’ personal information, with the addition of some digital certification tools cooked up by the cryptographic specialists Verisign.

Firefly’s online lineage is ancient, in Web years. It began in 1993, under the name Ringo, as an e-mail-based music recommendation system operated by MIT graduate students. It quickly morphed into HOMER, a Web-based version of Ringo. The graduate students then formed their own company, Agents Inc. (now called Firefly), rounded up some venture capital and broke important new ground as one of the first true experiments in Web-based commerce.

Firefly’s breakthrough innovation was combining its database of user preference information with the possibilities of Web technology to offer advertisers a profoundly interesting opportunity. Advertisers could specify exactly who they wanted to target their ads at — all people who liked techno music, or solo female country artists. Once Firefly combined this information about users’ taste with demographic data — like users’ geographic location or purchasing habits — one could get very specific indeed.

Says Ted Kamionek, Firefly’s director of communications: “If an advertiser comes to us and says, I want to reach males who live in the Midwest who like athletic activities and R.E.M. and want to buy T-shirts, we can manage that relationship.”

Firefly’s executives are fully aware of how sensitive users are to the perception that their personal information might be accessible to pushy advertisers. Kamionek emphasized that advertisers are never given access to individual information, but are merely allowed the opportunity to advertise to “aggregates” of selected groups. Firefly’s internal privacy policies allow users to remain anonymous if they so wish and to expressly decide which categories of information they wish to make public.

In fact, Firefly gets high marks for its privacy policies from privacy watchdogs like the Washington-based Electronic Privacy Information Center, and the online advocacy organization the Electronic Frontier Foundation. It has also apparently received popular approval from consumers. Kamionek says that Firefly has issued 3 million “passports” — Firefly’s term for the packets of preference data and personal information that it creates for each Firefly visitor. At Firefly, at least, many consumers are willing to make the bargain, to trade their personal info for the Firefly service. But that doesn’t necessarily mean that they enjoy doing so — or that Firefly’s attention to privacy concerns is purely altruistic.

Survey after survey has indicated that online users resent being asked for personal information, don’t trust companies that do ask for such information and often — as much as 25 percent of the time — enter false information when prompted for personal details. Firefly has no choice but to address privacy concerns, or its database will become corrupted and useless.

Firefly and all the other corporations that are supporting the OPS proposal are engaged in a tortuous dance. In their view, for commerce to succeed on the Web, advertisers and marketers must be allowed to take advantage of the Web’s capabilities for targeting consumers. But that very act of targeting automatically raises hackles. So at the same time they seek better ways to gather information, they are trying to assuage consumer fears that focus on the abuse of that information.

Since Firefly has been performing this dance longer than almost anyone else on the Web, it made sense that they took the lead in the creation of OPS. Three of Firefly’s core team of programmers, including founder and chief technical officer Max Metral, are listed as authors of the OPS proposal.

“It’s an outgrowth of ideas that we have had for a long time,” said Metral. “The idea is to ensure consumer privacy.”

“At the end of the day we want consumers to feel comfortable,” says Kamionek.

The problem, say privacy advocates, is that the best way to make consumers feel truly comfortable is not to collect information at all, or at the very least, to allow users to determine whether or not information is collected in the first place. But despite all the OPS language about “control” and “consent,” there’s no provision, says one analyst, for taking care of the basic problem of whether or not information should be collected in the first place.

“OPS is good in that it provides for companies to tell you what they are doing,” says Donna Hoffman, professor of marketing at Vanderbilt University and an expert on Net marketing and demographics. “But they are still not really giving you a choice.”

“We should call a spade a spade,” says Hoffman. “These companies have gotten together and standardized the collection of consumer data that can be shared across sites. That is not the same as a proposal to protect privacy. It’s much less concerned with privacy and much more concerned with facilitating the exchange of information about consumers.

“That is a welcome step. We need this standardization. This kind of collection of demographic information is very important. But we should not kid ourselves — this is only half the equation. We still need more protection on the consumer side. To call this a privacy standard is a bit silly.”

It mystifies us that the man thought he could have it both ways — record everything, and get away with everything. But curiously, it mystifies nobody that we all expect to talk freely and shop with convenience through electronic networks without establishing some sort of reputation for ourselves. In conditions of the utmost anonymity, living in “communities” where neighbors don’t talk to one another, we expect, as Nixon did, to be trusted. And we are outraged to find that it’s not possible, and they’re subpoenaing our tapes on Capitol Hill. Why, we ask, does anyone need to know all this stuff about me?

The exploitation of personal data that the FTC hearings took up is plainly a serious problem. But nobody wants to admit that privacy itself may really be that problem’s root cause rather than its antidote.

Modern life allows us an unprecedented level of physical privacy in real time and space. This isolated existence not only feeds our paranoia but necessitates the electronic record keeping that enables us to deal all day with total strangers. As the scale of interactions and commerce broadens across the Web, the complexity of that record keeping promises only to deepen.

Want to buy gas on credit? Easy! Even easier than the times when the mechanic down the street knew you personally. The difference is that now, the pump will know your name, a distant computer will make a record and the fellow behind the bulletproof glass won’t give a damn. He has privacy, you have privacy. Everyone happy?

It’s no coincidence that the jurist Louis Brandeis wrote his often-cited, groundbreaking “right to be let alone” privacy screed in 1890, just when the close-knit scrutiny of real villages began to give way to the anonymity of urban life. People took privacy for granted until then; in the days before databases, it was not an abstract quality. One’s bedroom or backyard were either private or they weren’t — and one’s reputation was rarely more permanent or widespread than the memory banks of the people one dealt with personally.

Over the last 50 years, our journey into suburbs and cars and flickering TV nighttimes behind barred windows has given us extraordinary seclusion in our personal and home lives. And yet we’ve only felt more insecure. Only 34 percent of Americans polled by the Louis Harris firm expressed concern about personal privacy in 1970. By 1995, the figure was up to 80 percent.

What happened? This growing concern doesn’t indicate a simple increase in how much we value privacy, any more than the soaring number of lawyers in the U.S. means we value justice more. Instead, it’s a fearful reaction to the collapse of trust in our culture.

In “The Naked Society” (1964), Vance Packard trembled at the 20th century innovations that were draining American life of privacy and autonomy: social control by large, impersonal employers; pressure on companies to scrutinize customer choices in a sophisticated manner in order to compete for market share; galloping advances in electronic technology; and the McCarthy-era adoption of a pervasive top-security mentality in both government and business.

Nearly a decade later, at the dawn of computerized record keeping, James B. Rule pointed out in “Private Lives and Public Surveillance” (1973) that the transition to a society of mobile strangers didn’t necessarily increase surveillance — the prying eyes of small-town neighbors are, he felt, in most cases worse. But it did lead to more centralized surveillance — out of sight and, for practical purposes, beyond the control of the individual.

By 1993, in the book “The Costs of Privacy,” Steven L. Nock attacked privacy itself as the problematic result of systemic social separation. “Privacy grows as the number of strangers grows,” Nock wrote. “And since strangers tend to not have reputations, there will be more surveillance when there are more strangers. Privacy is one consequence, or cost, of growing numbers of strangers. Surveillance is one consequence, or cost, of privacy.”

Nock called credit cards, those handy generators of much of the personal data we’ve lost control over, “portable reputations.” In the era of the Internet, cheap computing and an increasingly global economy, those portable reputations record more and more of our activities, and more and more strangers and institutions demand them from us. The trends toward economic consolidation, less face-to-face accountability in our public lives and faster computing will exert great pressure for ever more elaborate identification and credentialing schemes. The spread of the use of the social security number to 60 government agencies is one result of this pressure. Retina and thumbprint scans, already in pilot testing, will be the next.

We can complain all we want about Big Brother, but when we wrested our reputations from human memory and turned them over to far less judgmental computer circuits and phone lines — vanquishing those nasty old village snoops who might keep us from living out our hearts’ desires — reputation remained as important as ever. The difference is that even as we have downplayed its significance — whether out of honest egalitarianism or excessive individualism — we have consigned it to the banal, impersonal testing ground of supermarket checkout stands and pre-employment background checks.

The only thing a computer ever asks is: Are you approved, or not? And everyone from medical insurers to prospective employers to creditors views us as a potential threat until our data prove otherwise. Setting up new privacy regulations isn’t going to alleviate this pressure; it may only lead to more elaborate credentials and invasive identifiers for individuals, and increased secrecy for the institutions that manage our reputations.

Privacy, particularly when enshrined in law, can protect the corrupt and malign as well as the good and upstanding. But the bulk of breathless newspaper reports issuing forth on this issue since last year have almost universally ignored this, instead focusing on the hypothetical risks of baddies out there finding out where Joe Consumer lives and (gasp!) what his children’s names are. Most have taken the same grave, utterly simplistic angle: Privacy good. Stalkers bad. Internet dangerous. Call Congressman. All have invariably repeated the same shopworn Top 10 privacy-violation horror stories, mostly hypothetical and mostly based on the absurdity of having to hide out from one’s HMO, spoon-fed to hungry reporters by a small group of widely quoted privacy activists. James Wheaton, senior counsel of the First Amendment Project, an Oakland, Calif., group trying to protect and expand the Freedom of Information Act, laments “enormous imprecision” in the concerns raised by some of these activists.

By giving government officials the power to deny public-records access to anyone without credentials (i.e. the little guy), Wheaton says, “the privacy activists may inadvertently be helping the moneyed interests and doing nothing for greater security.” Even with their good intentions and a laudable commitment to civil liberties, the professional privacy advocates have little besides fear as a selling point — fear of the stalker, the fraud perpetrator, the government agency run amok . But the fear and paranoia that have become so entrenched in the public mind are the primary cause of all this high-tech surveillance in the first place, because nobody wants to deal with anybody in person any more.

Sure, there are legitimate issues of informational privacy, and at their best, the FTC hearings constructively aired them. Businesses that collect personal information from Web browsing should have some regulation against selling it, and anyone can see that companies compiling dossiers on every American are a threat to — well, let’s not bring up Hitler again. But the drumbeat of scare stories has focused too much attention on the Internet, even though nobody has explained how the Internet causes the problems in any direct or unique way. Credit-card fraud, costing literally billions of dollars in losses in recent years, was a problem as soon as credit cards were invented — and the Secret Service, which investigates computer crime, has no evidence to date that the resourceful credit-fraud rings have sought or needed help from the Internet.

It’s ironic that Americans are asking for privacy protection from the same government that has in the last few years expanded electronic surveillance beyond Richard Nixon’s wildest dreams — always with an appeal to public fear and mistrust. Federal agencies are creating centralized databases to track every new job hire in the country (to catch illegal immigrants and deadbeat dads), to make sure that welfare recipients don’t overstay their five years by changing states and to provide instant “terrorist” profiling to airport security agents. The country has not hesitated in the last few years to wipe out the civil liberties of whole swaths of the population in futile gropes for greater public security that’s never attained.

But as soon as the most minute interest of upper-income people is threatened, Congress is shut down with phone calls, as it was during the Lexis-Nexis fiasco last summer and the Social Security Web site controversy this April. Privacy is a vastly different issue to those whose names aren’t on anyone’s direct-mail list. Ask a homeless person what “privacy” means and the answer might involve a large appliance box. Once you’re on the street, you’re a reputation refugee — and no computer is ever going to approve your e-cash transaction.

Simple loss of privacy is not the real problem underlying all the tossing and turning we’re going through over the openness the Internet has thrust upon us. The entire experience of Internet use has total privacy as its point of departure — “meatspace” privacy, real-time anonymity, the kind that keeps anyone from knowing you’re surfing the Web in your partner’s underwear.

No, privacy is only part of the equation. The other part is the basic question of trust, that elusive property that we’ve all, in our hearts, given up on. This wide-ranging loss of our electronic virginity was well under way 20 years ago, but remained invisible until the Web forced us to confront it. We should be grateful for that. The arrival of the Global Village could be an opportunity to reevaluate our notions of trust and strangerhood. Maybe it will force us to.

Nixon’s demands for privacy were ultimately fruitless and pathetic because there was no longer any trust to base that privacy on. He never understood that — and as privacy-loss hysteria begins to push laws through Congress that may do more harm than good, sadly, neither do we.