Here’s the really dangerous part about social networking sites: when they mess up, they tend to mess up huge. Facebook recently began a new advertising service called Beacon, which allows your online purchases to be added into your news feed when they happen. Those familiar with Facebook know that many of the things they do while on Facebook get added to their news feeds and broadcast to all their friends. It’s a neat way to be able to know what’s going on in your little Facebook community without having to constantly check other user’s profiles and can be tailored by both the broadcasting and receiving users to limit the amount of information included.

However, the Beacon advertising campaign was automatically turned on for all users without announcements, and then it required users to “Opt Out” of the service if they didn’t want it. The very real problem with that scenario - in addition to at least giving the impression of sneakiness - is that most users never see their own news feeds and so don’t know what’s happening until someone tells them.

This Christmas season, that “someone” often turned out to be the recipient, as the below story discusses:

Feeling Betrayed, Facebook Users Force Site to Honor Their Privacy - washingtonpost.com

Within two hours after he bought the ring on Overstock.com, he received an instant message from his wife, Shannon: Who is this ring for? What ring, he messaged back, from his laptop at work in Waltham, Mass. She said that Facebook had just put an item on his page saying he bought a ring. It included a link to Overstock, which noted that the 51 percent discount on the ring.

But of course, as Mike Rogers points out, spoiled Christmas surprises are hardly the worst possible transgression:

Facebook privacy cont’d- washingtonpost.com

Beacon’s risks go beyond ruining someone’s Christmas, said Mike Rogers, editor and publisher of a gay-oriented Web site, PageOneQ. “We teach young people to be very careful about what they post and all of a sudden comes along an automated system like this. What happens if a kid is on a football team and he buys a ticket to ‘Brokeback Mountain’ [a gay-themed film]?” he said, alluding to the possibility that the youth could be outed and harassed as a result.

I’m willing to concede that this was all an accident. The thing is this: since Facebook is keeping tabs on all these things you do, and since Facebook also allows third-party applications to access it’s API (Application Programming Interface), the risk continues to grow that this type of thing could happen in far more insidious and harmful ways.

It seems to me that, at minimum, the API should in some way or another restrict the ability to create cookies, if that’s possible. Beacon used cookies set by Facebook to track users when they were on entirely different sites. This is a much, much different thing than simply tracking the “Bob and Nancy are now friends” type of thing that happens exclusively on Facebook.

Tracking and reporting what you’re doing off the site is a recipe for disaster. For those of you who are unaware, what gets reported DOES NOT have to appear in your “news feed,” and instead can be tracked by some shadowy person in silence. That person can collect data about where you go and use it for. . . well, what can you think of? Blackmailing visitors to gay porn sites? Finding and hacking your insecurely password protected PayPal account? Seriously, people. Learn to write a decent freakin’ password before you get screwed.

The possibilities are endless. I guess SpyBot will now need to start tracking cookies from your Facebook account, too.