Facebook has declined repeated requests from to address the CA findings, which industry experts believe merit further modifications to Beacon and public comments from Facebook executives.
The tracking and transmission of data from logged-off users and non-Facebook members in Beacon sites "is a real no-no," Sterling said. "It crosses the line of propriety and, arguably, ethics."
Companies like Facebook are wrong to think that they are obtaining informed consent from their users to track them online as long as they place fine-print clauses in privacy policies written in complicated legalese.
"You need to get explicit, active approval for the tracking of your users and if you don't, you shouldn't track them," said Peter Eckersley, staff technologist at the Electronic Frontier Foundation (EFF).
It's also not helping that Facebook is having to reverse itself in light of evidence produced by independent observers like CA. "Facebook isn't being entirely candid about what it's doing and that's what's causing a lot of their problems," Sterling said.
Facebook urgently needs to infuse Beacon with a massive dose of transparency and do a significant transfer of control over the program to end-users, Sterling said.
Other online advertising providers should pay close attention to the mess in which Facebook has gotten itself into. "Everyone doing online tracking needs to be under the same scrutiny," Eckersley said.
A positive outcome from the brouhaha is that it has made people more aware of privacy threats online. "This controversy may help awaken consumers to the fact that [privacy violations] happen on Web sites everywhere all the time," said Beau Brendler, director of Consumer Reports WebWatch.
And awake people must be, considering that just as Facebook is trying to push the envelope of online advertising tracking and profiling, so are many other companies in this market, according to Joseph Turow, a professor at the University of Pennsylvania's Annenberg School for Communication.
"The more competition there is [in online advertising], the more we'll see this happen, and in more subtle ways," Turow said. "Beacon is symptomatic of a larger development in the trajectory of the Web."
Eckersley views the Facebook outcry as proof of the chasm that exists between people's privacy expectations online and the real-world actions of online ad providers. "When people become aware of that gap, they become very angry," he said.
In the meantime, Facebook has its hands full and must hurry to do damage control. Almost 70,000 Facebook members have signed an online petition, launched on 20 November by MoveOn.org, protesting aspects of Beacon that the group feels are too intrusive of people's privacy.