Beacon formed part of Facebook's advertisement system that sent data from external websites to Facebook, for the purpose of allowing targeted advertisements and allowing users to share their activities with their friends. Beacon reported to Facebook on Facebook's members' activities on third-party sites that also participated with Beacon. These activities were published in users' News Feed. This occurred even when users were not connected to Facebook, and happened without the knowledge of the Facebook user. The service was controversial and became the target of a class-action lawsuit, resulting in it shutting down in September 2009. One of the main concerns was that Beacon did not give the user the option to block the information from being sent to Facebook. Beacon was launched on November 6, 2007, with 44 partner websites. Mark Zuckerberg, CEO of Facebook, characterized Beacon on the Facebook Blog in November 2011 as a "mistake." Although Beacon was unsuccessful, it did pave the way for Facebook Connect, which has become widely popular.
Beacon created considerable controversy soon after it was launched, due to privacy concerns. On November 20, 2007, civic action group MoveOn.org created a Facebook group and online petition demanding that Facebook not publish their activity from other websites without explicit permission from the user. In fewer than ten days, this group gained 50,000 members. After the class-action lawsuit, Lane v. Facebook, Inc., Beacon was changed to require that any actions transmitted to the website would have to be approved by the Facebook user before being published. On November 29, 2007, Stefan Berteau, a security researcher for Computer Associates, published a note on his tests of the Beacon system. He found that data was still being collected and sent to Facebook despite users' opt-outs and not being logged in to Facebook at the time. This revelation was in direct contradiction to the statements made by Chamath Palihapitiya, Facebook's vice president of marketing and operations, in an interview with The New York Times published the same day:
Q. If I buy tickets on Fandango, and decline to publish the purchase to my friends on Facebook, does Facebook still receive the information about my purchase?
A. "Absolutely not. One of the things we are still trying to do is dispel a lot of misinformation that is being propagated unnecessarily."
On November 30, 2007, Louise Story of The New York Times blogged that not only had she received the impression that Beacon would be an explicit opt-in program, but that Coca-Cola had also had a similar impression, and as a result, had chosen to withdraw their participation in Beacon.
On December 5, 2007, Facebook announced that it would allow people to opt-out of Beacon. Founder Mark Zuckerberg apologized for the controversy.
This has been the philosophy behind our recent changes. Last week we changed Beacon to be an opt-in system, and today we're releasing a privacy control to turn off Beacon completely. You can find it here. If you select that you don't want to share some Beacon actions or if you turn off Beacon, then Facebook won't store those actions even when partners send them to Facebook.
On September 21, 2009, Facebook announced that it would shut down the service.
On October 23, 2009, a class action notice was sent to Facebook users who may have used Beacon. The proposed settlement would require Facebook to pay $9.5 million into a settlement fund. The named plaintiffs (approximately 20) would be awarded a total of $41,000, the remainder consisting of legal fees.
Facebook Beacon worked through the use of a 1x1 GIF web bug on the third-party site and Facebook cookies. Clearing Facebook cookies from the browser after explicitly logging off from Facebook prevented the third-party site from knowing a user's Facebook identity.
Main article: Lane v. Facebook, Inc.
As part of a class action settlement, Facebook terminated Beacon. Facebook was also required by a court order to notify its users of the settlement. Facebook set up a $6 million fund to establish an independent non-profit foundation that will identify and fund projects and initiatives that promote the cause of online privacy, safety, and security. Facebook also set up a website about the lawsuit. Under the contingency fee arrangement with the plaintiffs, the law firms that filed the case would get a fee, likely to be $3–$4 million, but the average Facebook user would receive no monetary award. Facebook notified its users about the court order.
Facebook received intense criticism because of Beacon. The case was ended by a permanent termination of the system and an establishment of a Privacy Foundation. Before Beacon terminated, 19 people against Beacon organized a class action lawsuit. Settling the case, Facebook finally paid $9.5 million in total to resolve the privacy concerns around its users. It established a non-profit foundation called Digital Trust Foundation with $6.5 million, aiming to "fund and sponsor programs designed to educate users, regulators and enterprises regarding critical issues relating to the protection of identity and personal information online". Around $3 million was distributed to the original plaintiffs and attorneys. One of the class action organizers made an objection to the Supreme Court, arguing that members from the class action received little money from the settlement as a result of donating to a newly founded charity. The person also raised the issue that the settlement was unfair because Facebook still controlled the foundation since an employee from Facebook was in charge of it. In response to the challenge of the settlement, Facebook explained that direct payment would not be a wise decision compared to setting up a foundation. Each potential plaintiff would only share a tiny amount of money as it is being divided by a huge number of class action members. Thus, the money used in founding a relevant non-profit organization to educate people about privacy issues seemed to be a better-off deal serving the same interests.
Beacon, as "a recommendation from a trusted friend" referred by Mark Zuckerberg, raised ongoing concerns regarding user privacy on social media sites and outraged privacy advocates. Beacon hurt Facebook's reputation by violating its Software Engineering tenets and disrespecting the privacy rights of its users. Since the failure of launching Beacon, Facebook has been mired in controversy in terms of privacy issues. The Beacon stories led many Internet Surfers to believe that "Facebook and other profit-oriented social networking sites are large Internet-based surveillance machines."
In general, Beacon was viewed as a mistake because it appeared to be too explicit about the intentions inscribed in its protocol. By learning from its unsuccessful experience, Facebook has been seeking other ways to monetize its user database through social advertising. Unlike Beacon, the process of commercialization tends to happen in the back-end system thus becoming invisible to the users. In this way, a lot of resistance from the user population could be largely removed. To be more specific, some argue that Facebook Beacon had paved the way for its subsequent service, Facebook Connect, both adopting the idea of utilizing third-party data.