Gnomer, if I may be allowed to pursue my concept, the idea isn't for the centralized database to store all of that information. Its main purpose would simply be to verify that you are you. In essence, instead of having separate logins and passwords to every resource, you'd log into a single system which would then share that authentication with any other site you visit that uses the protocol.
The authentication system itself wouldn't need to store much information - if I were running it I'd mainly have it store data that's common to the accounts you set up with any other site, such as name, email address(es), mailing/billing/shipping address, phone #s, etc. You would have the option to store credit card and bank account information for payment purposes, but it wouldn't be required.
You could set up preferences for whether you want to use a single login cookie for an entire browsing session or have to authenticate to each site separately, or even have individual profiles for each site. You'd also have a master control panel that you could use to review each site's profile and modify, discontinue, or even block access.
You could add all kinds of services to this basic system. Examples that I can think of off the top of my head include:
* A feedback/profiling system that alerts you to a site's reputation and alerts of reported scams, sort of like a BBB rating.
* You could link multiple accounts within a family and set up a "parental" or supervisory account that lets you set parental controls, browsing times, track logins to sites, etc.
* Businesses could provide additional services based on the voluntarily shared contents of your profile. This would work by having a "public" authentication layer where sites can share specific data with each other based on your profile without being able to impersonate you. As an example, you could let Amazon and Barnes & Noble share your book and music ratings to give improved recommendations.
The cost of the system could be easily absorbed by (a) charging users a small fee for universal access, (b) charging businesses a fee based on usage - for example, a forum wouldn't need anything more than basic access and would pay little or nothing, while an online store might pay 0.5% of sales or a fixed rate per user or something. This is almost certainly less than these businesses already spend on password security.
The weakness of this system, of course, is that if your universal authentication is compromised, someone could access everything, not just an isolated subset of your data. To offset that, two-factor authentication would be much easier to manage (and indeed, market) if it's associated with a single site instead of dozens or hundreds. Identity theft would become obsolete overnight if the hackers had to get physical possession of a SecurID or similar dongle to access your accounts.
On the privacy side, the government could indeed exercise power to access everything you do online. Hell, they can do that now; it would just become a lot easier. The trick is to remember that the government must ultimately be responsible to the people, and if things get to the point where you have to hide everything you do from Big Brother, it's no longer a democratic country. In other words, you have to trust them at least to a certain point, and if you don't, well - you might as well move or shoot yourself or go hide in a cellar in Montana or something.