The latest complaint from Facebook users is that some of them have been seeing private messages show up on their own timeline — a series of posts and pictures stretching back months or years — and even friends' timelines.
Facebook says that the messages are "older wall posts that had always been visible on the users' profile pages."
Facebook's very beginning began with a privacy flap. That was in 2003, when Harvard University sophomore Mark Zuckerberg created Facemash, a site where people could compare the relative attractiveness of Harvard students.
Zuckerberg hacked into Harvard photo directories to get the images. The university shut down the website after a few days and charged Zuckerberg with violating individual privacy and other transgressions. The charges were dropped.
That set the pattern for what started out as The Facebook in 2004. Here's a list of some of the Facebook privacy flags.
2006: News feed
When Facebook launched "news feed" in 2006, it angered many users by not giving them control of who could see their updates, or the ability to opt out.
A "Students Against Facebook New Feed" group was set up by university student Ben Parr, now a well-known writer and expert on social media and internet technology. After it had garnered nearly 300,000 members in two days, Zuckerberg apologized on the Facebook blog.
"We really messed this one up," he said. Conceding that "we didn't build in the proper privacy controls," Zuckerberg described the move as "a big mistake on our part."
Beacon was a Facebook ad system that tracked what users did and what they purchased on partner websites, even for users who were not Facebook members. Adding to the privacy concerns, information about Facebook users' purchases were published without their explicit consent on their friends' news feeds.
The Facebook community mobilized as confusion reigned over whether Beacon was an opt-in or opt-out system and within a month Zuckerberg apologized.
"We've made a lot of mistakes building this feature, but we've made even more with how we've handled them," he wrote.
Facebook shut down Beacon in 2009.
2009: Privacy settings
Facebook changed their privacy settings so that sharing information with everyone became the default setting and removed the news feed privacy controls put in place after their "big mistake" in 2006. They implemented a new process for choosing privacy settings but groups like the American Civil Liberties Union launched petitions and campaigns. Facebook quickly created a guide to privacy settings for their users.
Unsatisfied, the Electronic Privacy Information Center (EPIC) filed a formal complaint with the U.S. Federal Trade Commission over Facebook's "unfair and deceptive business practices." Canada's privacy commissioner also launched an investigation.
The FTC complaint was settled in 2012, with Facebook agreeing to give users "clear and prominent notice" when their information is shared; obtain their express consent before doing so, when it isn't covered by the privacy settings; maintain a privacy program; and have privacy audits every two years.
2010: More privacy problems
A glitch in February 2010 caused some private messages on Facebook to be sent to unintended recipients and that May a coding error opened Facebook chats, which are supposed to be private, to others.
That month, EPIC, along with other groups, filed another complaint with the FTC, while two Canadians scheduled a global "Quit Facebook" day.
A few weeks later, the Wall Street Journal revealed that Facebook and other social networking websites "have been sending data to advertising companies that could be used to find consumers' names and other personal details, despite promises they don't share such information without consent."
Zuckerberg soon responded on the Facebook blog, announcing that they would make it easier to control privacy settings and give users more say over what information is made public.
2011: The anti-Google campaign
Facebook hired Burson-Marsteller, a public relations firm, to contact journalists and bloggers with accusations that Google was engaged in a "sweeping violation of user privacy."
The problem, however, was that Facebook wanted it kept private that they were behind the anti-Google campaign. Once exposed, Facebook admitted that they should have behaved "in a serious and transparent way."
2011: Facebook launches the timeline
Many users were concerned that this major revamp of their Facebook page was mandatory and that the timeline would unearth old material about them that was somewhat buried in the mountain of information on Facebook.
Users could decide who could see that information but not if it was on their friends' Facebook pages.
2012: Facebook's 'like' button
In 2010, Facebook introduced a new tool for users to share information about the things on the web that they liked. But, Facebook users who had clicked on the "like" button' for some products began seeing their name and photo used to promote the product.
A class-action lawsuit was launched. Nick Begus became part of the class action after his friends saw his name being used to promote a 55-gallon barrel of personal lubricant he had "liked" as a joke. His sarcastic comment — "For Valentine’s Day. And everyday. For the rest of your life" — somehow became part of an ad for Amazon, where the barrel was for sale.
As part of the settlement, announced in June 2012, Facebook has to make it clear what the implications might be if they use the "like" button and has to give users the chance to decline to be unpaid endorsers of a product.
An economist testified that the new policy could cost Facebook $103 million in lost advertising revenue.
2012: Datalogix deal
It's hard to say how much of a flap this one will be, since it's just getting started.
Facebook has partnered with Datalogix, a company which tracks customers' purchases when they use a discount loyalty card while shopping, in order to show advertisers whether their ads are working.
Privacy groups have expressed concerned about combining online data about ads with offline shopping data, and with how difficult it is for users to opt out. (A shortcut is this link to the Datalogix privacy page, where you can opt out.)
Facebook says, "individual user data is not shared between Facebook, Datalogix or advertisers."