Eckersley views the Facebook outcry as proof of the chasm that exists between people's privacy expectations online and the real-world actions of online ad providers. "When people become aware of that gap, they become very angry," he said.
In the meantime, Facebook has its hands full and must hurry to do damage control. Almost 70,000 Facebook members have signed an online petition, launched on Nov. 20 by MoveOn.org, protesting aspects of Beacon that the group feels are too intrusive of people's privacy.
While the privacy controversy is unlikely to cripple Facebook, the company must actively deal with the objections and concerns being raised. Beacon partners also have reason to worry about being associated with this program, he said.
"The danger lies in not addressing it, because the longer Facebook stays silent, the higher the chance that it will trickle down to its core user base. Facebook needs to take this seriously," Sterling said.
On Wednesday morning, after the interviews for this article had been conducted, Facebook CEO and founder Mark Zuckerberg announced in an official blog posting that the company had decided to give its members the ability to completely decline participating in Beacon.
He also apologized for missteps in the design and deployment of Beacon. "We've made a lot of mistakes building this feature, but we've made even more with how we've handled them. We simply did a bad job with this release, and I apologize for it," Zuckerberg wrote.
While this move will likely make Beacon more palatable to its critics, Zuckerberg didn't directly address any of the CA findings, which ultimately are the biggest points of contention right now.
In the only apparent reference to the CA findings, Zuckerberg wrote: "If you select that you don't want to share some Beacon actions or if you turn off Beacon, then Facebook won't store those actions even when partners send them to Facebook," he wrote.
That would seem to indicate that Beacon will continue to track users and send data back to Facebook, leaving it up to Facebook to decide which data it keeps and which it deletes.
Privacy advocates generally believe that Facebook shouldn't be tracking people's actions, let alone reporting them back to Facebook, unless they have expressly given their consent for that tracking to occur.
Facebook didn't immediately reply to a request for comment about Zuckerberg's blog posting.