In what is probably old news now, Facebook faced a renewed storm of controversy after a Computer Associates engineer (Stefan Berteau) opined that Facebook tracked your behavior notwithstanding your opt-out of Facebook's "beacon" system.  In response Zuckerberg (Facebook's founder) apologized in what Wired described as a "meekly written" blog post.

Two points to take away from this whole episode.  First, hardly anyone has perused (i.e., examined in detail) the privacy policy.   I guess this is not surprising, given how convoluted most privacy policies are and how much they are filled with legalese.  (Here's an idea:  how about a requirement that a privacy policy also have a "translated" plain English version.  In defense of Facebook theirs is easier to read than most.)  I guess this just illustrates that privacy policies are only useful in one place - in court!

Second, the media firestorm/company reaction loop is probably not the best way to iron out privacy quibbles.  Wired's epicenter blog makes a good point about Facebook's privacy practices and how common they are:

In order to collect data from external sites, Facebook gives Beacon advertisers a piece of code that they run on specific web pages (such as order confirmations). The code is used to transmit data between the advertisers' sites and Facebook's servers. If a user clicks on the "Remember Me" box when logging in to Facebook, the cookies that are stored locally on his computer will also store data about his activities on Beacon advertisers' sites.

Although this development may be somewhat alarming, it's not entirely shocking. Many e-commerce sites and web advertisers have used cookies to track users online for years now. The threat could also be somewhat overstated: Facebook can only gather user data from advertisers who signed up to use Beacon (such as Overstock.com and Epicurious.com); and Facebook cannot collect data on users if they are surfing external sites that are not part of Facebook's advertising network.

True, true.  Third party websites collect an inordinate amount of information about you, including what products you buy, what sites you visit, and what action you take.  In fact, it's almost standard fare in any website terms to let the user know that the website often uses cookies and beacons, including those placed by a third party or at the third party's request.  These can track your behavior on the site and off.  The catch is that generally speaking this information is collected on an anonymous basis and no one in the chain has the ability to put together your online behavior with your actual identity. 

I guess - and I'm not sure - Facebook's practices resulted in the loss of this anonymity in several ways.  As to specifics, I'm not really sure, because I didn't see many stories which really dug into specifics.  The initial Computer Associates blog post did mention specifics, but subsequent media reports sort of took off from there.  I guess this illustrates the drawbacks of this loop - Facebook dealt with a blog/media pile-on that resulted in all sorts of general claims about its privacy practices.  In the process, inevitably, it became increasingly difficult to separate a legitimate concern from a privacy practice that most of us willingly endure.