Facebook has come under a lot of scrutiny recently after it started telling users about online purchases their friends had recently made. The Beacon opt-out scheme collected information about each users' purchases and then automatically told their friends what they'd been buying, by displaying the info in their news feeds.
After much criticism, Facebook made this 'service' an opt-in scheme instead of an opt-out scheme, meaning that you now have to give Facebook explicit permission. But it seems this is not the end of the story.
The controversial Beacon tracking system will allegedly report back to Facebook information on all your online purchases regardless of whether you've opted in or not. The only difference is that if you choose not to opt-in, this data will not be displayed to your friends.
Stefan Berteau, a researcher at Computer Associates, tested the Beacon system and found that Facebook was still receiving his private data. It didn't matter whether he opted in or out, and it didn't even matter that he was logged out of Facebook at the time.
Facebook: the silent witness
Facebook was being informed of his actions on certain retail sites, regardless of whether he had given his permission for such details to be shared.
"I then checked the network traffic logs, and was dismayed to find that [even when logged out of Facebook], data about where I was on Epicurious, what action I had just taken, and what my Facebook account name is was transmitted to Facebook," he says on his blog.
"The first two cases involve the transmission of user data despite 'No thanks' having been selected on the opt-out dialog, and are causes for deep concern. They pale, however, in comparison to the third case, where Facebook was receiving data about my online habits while I was not logged in, and was doing so silently, without even alerting me to the cross-site communication."
It is perhaps slightly ironic then, that 23-year old Facebook founder, Mark Zuckerberg, has recently had his own personal data exposed to the public. A magazine in the US reportedly published his application to Harvard University, without his permission.
The application included such details as his social security number, his girlfriend's name and his parents' address in New York.