Facebook partners quiet on Beacon fallout

While some partners have turned off Beacon until Facebook makes more changes, others are reticent to speak on the subject

These findings, later confirmed by Facebook, were initially disclosed by a CA security researcher who has been conducting independent tests on Beacon. The findings contradicted Facebook's previous responses regarding questions about Beacon's extent of user tracking and data reporting.

The CA findings expanded the scope of Beacon privacy concerns beyond Facebook members to potentially all visitors to the partner sites. As such, the CA research has prompted questions of whether Beacon partners have a responsibility to alert visitors to their Web sites that some of their actions will be captured by Beacon, even if they aren't Facebook members.

"The affiliate sites have a responsibility to their own users to inform them that certain actions will result in Facebook receiving information, even if they do not have a Facebook account," wrote CA researcher Stefan Berteau in one of his notes about Beacon.

Although the CA findings have been broadly reported for a week now, many Beacon partners contacted said they were either unaware of them or simply declined to address them.

Some partners even declined to say whether they have turned on Beacon on their sites or not, and what actions they track or intend to track. That's the case of shoes site Zappos.com and gaming site GameFly.com.

Zappos.com provided an e-mailed prepared statement saying it has been "actively working" with Facebook on Beacon and that it has made and will make changes based on customer feedback. It didn't reply to several requests for clarification on the changes or on the status of its Beacon implementation.

Without addressing any questions specifically, GameFly.com e-mailed a statement saying the company values its members' privacy and security, and understands these issues are important. "We applaud Facebook's actions to make Beacon an opt-in feature as well as the introduction of a privacy control to turn Beacon off," the statement reads.

Meanwhile, the following partners were contacted and either didn't reply or declined to comment on the record about Beacon: Fandango, AllPosters.com, Blockbuster, ExpoTV, Hotwire, Joost, Live Nation, The Knot, Yelp, National Basketball Association, (RED), Conde Nast's Epicurious, and WeddingChannel.com.

Among those that did offer comment, one of the most forthcoming was Overstock.com. The online retailer turned off Beacon on Nov. 21, said Judd Bagley, a spokesman for the company. "We have a specific threshold that the program needs to meet, in terms of privacy, before we'll be turning it back on," he said. Until Beacon supports an opt-in both on Overstock as well as Facebook, Overstock won't begin using it again, he said.

When contacted last week, Overstock was just learning about the CA findings, Bagley said, adding that previously the company wasn't aware that Beacon had the ability to capture the actions of non-Facebook users.

Another company distancing itself from Beacon is online retailer Bluefly, which hasn't deployed Beacon and isn't committed to it, said a spokeswoman for the company. She said the company is analyzing the program to decide whether to move forward with it due to privacy concerns.