Facebook could have avoided the strident, weeks-long controversy engulfing its Beacon ad system if, when designing and deploying it, the social-networking company had followed basic social etiquette principles, such as being considerate and candid.
It's not too late, though. Following the common sense and time-tested advice of Mister Rogers and Miss Manners could help Facebook end the nightmare that threatens to harm its business, affect its relationship with advertising partners, and erode its end-users' trust.
That's the consensus from several industry observers and online privacy experts regarding the embattled Beacon, introduced several weeks ago to a sustained chorus of boos.
"Facebook created what it thought was a clever program and a lot of people didn't like it," said industry analyst Greg Sterling of Sterling Market Intelligence.
Beacon, part of the company's new ad platform, tracks certain actions of Facebook users on some external sites, like Blockbuster and Fandango, in order to report those actions back to users' Facebook friends network.
The idea: to generate advertising that is more effective because it is intricately combined with people's social circle, so that products and services are promoted in a more organic way via the actions of friends and family.
More than 40 Web sites have signed up for Beacon, although not all have implemented the system. Off-Facebook activities that can be broadcast to one's Facebook friends include purchasing a product, signing up for a service and including an item on a wish list.
Responding to a round of initial complaints that the program was difficult to understand, manage and avoid, Facebook tweaked it last Thursday, making its workings more explicit and giving people more control over it.
Although the changes didn't go as far as many had hoped, they were generally seen as encouraging. However, the calm didn't last long. On Friday, a CA researcher detailed tests showing that Beacon is more intrusive and stealthy than Facebook had acknowledged until then.
Stefan Berteaufound that Beacon tracks users even if they are logged off from the social-networking site and have declined having their activities broadcast to friends.
In this case, users aren't informed that data on their activities at these sites is flowing back to Facebook or given the option to block that information from being transmitted, according to Berteau, senior research engineer at CA's Threat Research Group.
If a user has ever checked the option for Facebook to "remember me" -- which saves the user from having to log on to the site upon every return to it -- Facebook can tie his activities on third-party Beacon sites directly to him, even if he's logged off and has opted out of the broadcast. If he has never chosen this option, the information still flows back to Facebook, although without it being tied to his Facebook ID, according to Berteau.
Moreover, Berteau also found that Beacon doesn't limit its tracking to Facebook members. It actually tracks activities from all users in its third-party partner sites, including from people who have never signed up with Facebook or who have deactivated their accounts.
In those cases, Beacon captures detailed data on what users do on these external partner sites and sends it back to Facebook along with users' IP (Internet Protocol) addresses, although there is no Facebook ID to tie to the data.