RelaX

I was wondering what you guys would think on this subject.

In 2 weeks time I am supposed to build a system codenamed PUT for my internship. Basically it is a module in a Content Managment System (tool to build and maintain websites without technical know-how) by the company I am working at that, if turned on, will log every detail of all the website users it can think of.
And when I'm done with that, I'm supposed to set up an LDAP server and configure the CMS to use I-PAS. A means of storing all this info on one server.
Fascinating stuff and all very interesting but on some level it sounds kindof orwellian.

See, PUT is also supposed to store every form you fill in. So if you fill in your name and adress it stores it. I also asked and am not supposed to build in restrictions to exclude credit card numbers or password fields. That is up to the webdevelopers.
Also, information stored from one website with PUT and I-PAS enabled could automatically share it with every other website of other companies.
I doubt I will enable this.
The company I work for, though, WOULD have access to all that data. Simply because it is on their server.

Thanks to having to design this I am now looking at websites completely different.

How much information gathering is too much?
Is there such a thing as too much?
I mean, if as long as you're not hacking or looking at kiddie porn, there should be no objections to monitoring what you browse right?

EDIT: BTW, the reason I ask is because the web usually attracts a young, liberal crowd, but for some reason TFP members tends to be more conservative. More balanced. For instance, posting this on Slashdot would get me flamed to no end, for making the web a little less anonymous...

__________________
The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents.
- Nathaniel Borenstein