That's an illustration of how confusing they can be." A configuration problem on a Facebook server caused the PHP code to be displayed instead of the web page the code should have created, raising concerns about how secure private data on the site was.

A visitor to the site copied, published and later removed the code from his web forum, claiming he had been served and threatened with legal notice by Facebook.

When a Facebook user takes a Beacon-enabled action on a participating site, information is sent to Facebook in order for Facebook to operate Beacon technologically.

If a Facebook user clicks 'No, thanks' on the partner site notification, Facebook does not use the data and deletes it from its servers.

The EFF noted that "For users that have not opted out, Instant Personalization is instant data leakage.

As soon as you visit the sites in the pilot program (Yelp, Pandora, and Microsoft Docs) the sites can access your name, your picture, your gender, your current location, your list of friends, all the Pages you have Liked—everything Facebook classifies as public information.

The second feature, Mini-Feed, keeps a log of similar events on each member's profile page.

Members can manually delete items from their Mini-Feeds if they wish to do so, and through privacy settings can control what is actually published in their respective Mini-Feeds.

Even if you opt out of Instant Personalization, there's still data leakage if your friends use Instant Personalization websites—their activities can give away information about you, unless you block those applications individually." On December 27, 2012, CBS News reported that Randi Zuckerberg, sister of Facebook founder Mark Zuckerberg, criticized a friend for being "way uncool" in sharing a private Facebook photo of her on Twitter, only to be told that the image had appeared on a friend-of-a-friend's Facebook news feed.

Commenting on this misunderstanding of Facebook's privacy settings, Eva Galperin of the EFF said "Even Randi Zuckerberg can get it wrong.

Other popular websites have only asked for verification of identities through an e-mail confirmation link, or in some cases, a cellular phone text message confirmation.

In 2010, the Electronic Frontier Foundation identified two personal information aggregation techniques called "connections" and "instant personalization".

They demonstrated that anyone could get access to information saved to a Facebook profile, even if the information was not intended to be made public.