Unless you’ve been living under a rock, you know that [tag]Facebook[/tag] recently fell flat on it’s face when it rolled out an intrusive feature called Beacon.

Facebook CEO [tag]Mark Zuckerberg[/tag] posted about [tag]Beacon[/tag] on his blog this week, nearly a month after the fracas began, in a post with the utterly benign title, “Thoughts on Beacon”. Zuckerberg wrote:

Facebook has succeeded so far in part because it gives people control over what and how they share information. This is what makes Facebook a good utility, and in order to be a good feature, Beacon also needs to do the same. People need to be able to explicitly choose what they share, and they need to be able to turn Beacon off completely if they don’t want to use it.

This has been the philosophy behind our recent changes. Last week we changed Beacon to be an opt-in system, and today we’re releasing a privacy control to turn off Beacon completely. You can find it here. If you select that you don’t want to share some Beacon actions or if you turn off Beacon, then Facebook won’t store those actions even when partners send them to Facebook.

That’s not the same thing as being able to opt out altogether. People opt out because they don’t want you tracking them at all. On the opt-out page, it says:

Please note that these settings only affect notifications on Facebook. You will still be notified on affiliate websites when they send stories to Facebook. You will be able to decline individual stories at that time.

Lest you think I’m just being paranoid, PC World reports on a recent study by Stefan Berteau, a researched with Computer Associates Threat Research Group:

If a user has ever checked the option for Facebook to “remember me” — which saves the user from having to log on to the site upon every return to it — Facebook can tie his activities on third-party Beacon sites directly to him, even if he’s logged off and has opted out of the broadcast. If he has never chosen this option, the information still flows back to Facebook, although without it being tied to his Facebook ID, according to Berteau.

Moreover, Berteau also found that Beacon doesn’t limit its tracking to Facebook members. It actually tracks activities from all users in its third-party partner sites, including from people who have never signed up with Facebook or who have deactivated their accounts.

In those cases, Beacon captures detailed data on what users do on these external partner sites and sends it back to Facebook along with users’ IP (Internet Protocol) addresses, although there is no Facebook ID to tie to the data.

The information captured by Beacon in these cases includes the addresses of Web pages visited by the user and a string with the action taken in the partner site, Berteau said.

[read the whole article]

Berteau’s report summery is also available at the CA site. (There’s a good summary and explanation of the report, also on the PC World site, “Facebook’s Beacon More Intrusive Than Previously Thought”)

It’s true that all kinds of information about what you do online is being gathered and scrutinized by all sorts of organizations, but that doesn’t mean that individuals should let these types of systems go unchallenged. Fortunately, groups such as the [tag]Center for Digital Democracy[/tag] continue to follow issues relating to Facebook, [tag]social networking[/tag], and [tag]privacy[/tag].