Though Facebook last week tweaked its Beacon advertising program to prevent the unintended display of private information, the company still receives personal information about users from Beacon partners without their consent, according to an investigation by a Computer Associates research team.
"Facebook is collecting information about user actions on affiliate sites regardless of whether or not the user chose to opt out, and regardless of whether or not the user is logged into Facebook at that time," Stefan Berteau, a research Engineer with CA's PestPatrol Spyware Research team, wrote in a blog post.
Facebook launched Beacon last month as part of its Facebook Ads program.
Facebook users who are logged into the social networking site and purchase things on Beacon partner Web sites have the option of reporting their activities in their Facebook newsfeeds.
• Click here to visit FOXNews.com's Cybersecurity Center.
• Click here for FOXNews.com's Personal Technology Center.
Initially, Beacon was primarily an opt-out program. People who bought movie tickets on Fandango.com, for example, would see a small, pop-up window that said "Facebook is sending this information to your newsfeed."
There was the option to click "No Thanks," but if a user missed it or did not click it fast enough, it would be sent to Facebook and published on the site.
Activist group MoveOn.org started an anti-Beacon petition, calling on Facebook to make the program completely opt-in, a demand to which Facebook eventually agreed.
Despite this change, the Computer Associates report found that Facebook still receives information about purchases made from the 44 Beacon member companies.
Though this information is not made public on member newsfeeds and is eventually deleted, it is still transferred to the social-networking site, the report said.
Facebook confirmed the practice.
"When a Facebook user takes a Beacon-enabled action on a participating site, information is sent to Facebook in order for Facebook to operate Beacon technologically," according to a statement."
If a user opts out, "Facebook does not use the data and deletes it from its servers," Facebook said. "Separately, before Facebook can determine whether the user is logged in, some data may be transferred from the participating site to Facebook. In those cases, Facebook does not associate the information with any individual user account, and deletes the data as well."
This process applies to all Beacon partners, according to a Facebook spokeswoman. She did not have immediate information on what constitutes "some date."
EBay has not yet implemented Beacon, but plans to do so at some point during the first quarter of 2008, said Usher Lieberman, senior manager of technology and innovation in eBay's corporate communications department.
When eBay does implement Beacon, it will apply only to sellers, Lieberman said.
"The option to include selling information in your news feed will appear at the end of the eBay listing process," he said. "It is explicitly opt-in."
"People in the seller's Facebook network will be able to see his listing activity only, in the form of a meta-category ("Collectibles") and a URL that links to the listing," according to Lieberman.
Users who bid on or win a particular item, therefore, will not have that information sent to Facebook, Lieberman said. "Your purchases do not appear in your Facebook feeds."
Lieberman said he had seen the Computer Associates post, but "cannot really comment on other's implementation of Beacon," he said. "What I can say is that eBay is working on a custom implementation of Beacon.
"We are satisfied that when the eBay integration with Facebook Beacon is deployed it will have the appropriate controls in place to assure the privacy, safety, security, and comfort of our users."
Copyright © 2007 Ziff Davis Media Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Media Inc. is prohibited.