Web technologies provide several means to infringe user privacy. This is especially true when customers buying tangible goods submit orders that contain their real identity and physical address. Then, in practice, the vendor can link this information with all information gathered about the customer, obtained through various means. In this paper, we present a solution that is based on mobile agents and a new infrastructure consisting of a mobile agent base station and a cardinality observer. This infrastructure can be used to prevent the vendor from directly linking information gathered about the customer with identifying information usually contained in the customer’s order. The vendor can only assign customers to their correct profiles with some probability which depends on the number of candidate profiles. The new infrastructure allows the customer to decrease this probability in several ways. The usage of both the cardinality observer and the mobile agent base station deterministically guarantees to the customer that an agent only starts its journey when a desired threshold for the linking probability has been reached. In a second variant using only the mobile agent base station, the linking probability is decreased in a probabilistic manner by introducing a fixed delay before mobile agent release.