They tweaked the notification system, so that a third-part transaction requires an explicit approval on the the user's Facebook page before it's sent into the user's mini-feed to friends and family.
As the New York Times report on this makes it explicitly clear, the company is still dead-set against a universal opt-out option.
Moveon.org, which publicly lead the charge for this move said this action was positive, and that ti would wait and see before deciding whether more needs to done.
From Facebook's perspective, this is just a replay of the protest last year against it's mini-feed feature. After some minor tweaks to the privacy controls, the protests died down, and the feature became one of the unique differentiators of the social network, now emulated by so many internet incumbents and startups. And people seem to like it.
The odds are that Facebook will be able to pull the same thing off with Beacon as well.
But that doesn't mean that all this is good for users in the long-term.
It's a tough issue for internet users, especially the ones that pro-actively embrace it in the belief that it has so much more value to offer us going forward, like yours truly. Fred Wilson articulates this case well in his post today, where he thinks that much of the privacy concerns are over-blown.
At the same time, one can't get away from the fact that the even though most of the privacy revelations through programs like Beacon are benign and can morph into a valued and trusted recommendation system for friends and family, it still feels like the user doesn't have as much control as they should.
So it may just be me, but Beacon still makes me feel a bit uneasy. And maybe that's just my age showing. And it just reflects the way I was raised on issues of privacy.
Facebook will likely need to tweak other innovations it's rolled out in recent weeks as well. In particular, it's Fan pages, which allow products and services to set up Facebook pages, and allow users to endorse them by becoming fans, is something that needs some refinement.
The issue there is one of establishing the authenticity of the identity of the companies behind the product and services. As it stands today, anyone can set up a page on any brand today, claiming those brand names as they were. This is reminiscent of the early days of domain squatting over a decade ago, where users grabbed domains like www.coke.com.
Again, see this post by Fred Wilson on his experience with becoming a fan of Sequoia, the blue-chip VC firm. It explains all this in a vivid manner.
Facebook was able to avoid this situation signing up individual users over the last few years since users needed to establish that they had email addresses at the college/universities and corporations to which they claimed to attend and/or work.
No such mechanism exists yet for establishing Facebook fan pages. But that'll likely be tweaked by Facebook as the complaints and phishing efforts ramp up to take advantage of the 50 million strong Facebook community.
In the meantime, I'm holding off becoming a fan of anything on Facebook just yet.
At the very least, the current situation on the privacy debate in today's social networks seems to open the door for a different category of social networks (version 2.0 as it were), to be more explicitly on the side of the user more than the advertiser. Ones that make a much more explicit promise of "Do No Evil" a la what Google did on the Search front. Howard Lindzon has a post worth reading this issue as far as Facebook is concerned.
This thing's not over by a long shot.