The spying can get pretty intrusive. A few years ago I was writing an internal BHO (Browser Helper Object- a binary plugin for Internet Explorer that extends the functionality) for specific use cases (a technology unfortunately that was also abused). We needed it at the company I worked at at the time to provide functionality to customer service agents.

While testing the BHO, I also would hit external web pages like CNN and other news sites to make sure that I didn't break anything when opening external web pages. I kept seeing Facebook in my browser logs, which was odd because not only would I not visit a social media site from a work computer, but I permanently deleted my Facebook account in 2010, so there was no possibility I visited it, and I certainly didn't use that site as a test website. So I dropped down into the debugger and added a breakpoint when the site was about to be loaded, and realized that when the browser was displaying the Facebook "Like" button/image, that graphic wasn't provided as a stock image, but instead made a round-trip call back to the Facebook servers, which was how the tracking was happening. It was eye-opening to me at the time (maybe it shouldn't have been). And I'm not picking on Facebook here; they weren't the only ones.