SAN FRANCISCO, USA: This week's revelations that Google Inc, Twitter and other popular Internet companies have been taking liberties with customer data have prompted criticism from privacy advocates and lawmakers, along with apologies from the companies.

They are the latest in a long line of missteps by large Internet companies that have faced little punishment for pushing privacy boundaries, which are already more expansive than most consumers understand.

Despite all the chatter about online privacy and the regular introductions of proposed data protection laws in Congress, Silicon Valley is in the midst of a veritable arms race of personal data collection that is intensifying.

Many innovative companies, most prominently Facebook, base virtually all of their services on the ability to personalize, which requires them to know their users well. Their business models likewise depend to an increasing degree on the ability to target a banner advertisement or other marketing pitch to an individual. Millions of times each day, the right to advertise to a specific user is auctioned off in a fraction of a second by computers talking to one another.

For both the buyers and the sellers of the advertising, the business advantage goes to the participant with the most knowledge, and that race is driving companies like Google to learn as much about its users as Facebook does.

Few U.S. laws prevent those companies and others from collecting all manner of information - ranging from credit cards numbers and real names and addresses to buying patterns and Web surfing habits - then selling the data to advertisers and other third parties.

"Companies are feeling along in the dark, trying to figure out how to serve consumers with cool new toys and while protecting consumer interests," said Jim Harper, a privacy policy specialist at the libertarian Cato Institute. "More often than not, they fall in love with their cool new toys and forget the privacy interests."

Aside from special protections for credit report information, medical records and a few other narrow categories, virtually anything is fair game.

Companies generally face legal threats or a user backlash only after violating their own published privacy policies or being discovered subverting consumer wishes.

Last week Twitter, Path and other firms were found to be vacuuming users' iPhone contact lists even though Apple Inc's policies forbade it. On Friday, a Wall Street Journal report showed that Google was tweaking ads on Apple's Safari Web browser to install tracking cookies which, while commonplace on other browsers, are blocked on Safari unless the user specifically allows them.

Reps. Edward J. Markey (D-Mass.) and Joe Barton (R-Texas), co-chairmen of the Congressional Privacy Caucus asked for a Google probe by the Federal Trade Commission, which declined to comment. Google said Friday that its intentions were innocuous but it nontheless dropped the practice. Twitter and Path said they would seek explicit permission before grabbing address-book contents, and Apple said it would update its software to prevent further leaks.