Thanks to an exceptionally well written, award-winning, Hollywood blockbuster, Mark Zuckerberg’s public persona is one of irreverent, brilliant, determined underdog—a veritable hero by today’s standards. But it was only a few years ago that Facebook’s “CEO, bitch” was public enemy #1 because of the online privacy debacle, Beacon.

On November 6, 2007, Facebook and 44 partners unleashed Beacon. Promoted as part of Facebook’s advertising system, the program was touted as “ground-breaking”. It promised to deliver useful, targeted advertising to users and improve “sharing” amongst “friends”.

The theory was that both consumers and producers would benefit. Consumers would be served the most relevant ads for their likes and lifestyle, while marketers would enjoy the obvious benefit of “premium targets” viewing their advertisements.

As Steinbeck warned, the plan went astray, which is often the case when ideas are only considered “in theory”.

Within days of Beacon’s launch, the Guy Fawkes dummy was made, the tar was stirred and the feathers were plucked. Indeed, Facebook users were calling for nothing less than an old-fashioned, public flogging of the wunderkind, Zuckerberg. After all, the 20-something, paper-billionaire had broken a golden rule: Zucks up and put other people’s business in the street…without clearing it first.

The Beacon privacy-breach stories were cringe-worthy. The most notorious involved a foiled engagement plan.

By November 21, 2007—only 14 days after launch—watchdog group, moveon.org, started an anti-Beacon Facebook group and posted an online petition calling for the death of the service. Within 10 days, the confidentiality crusade was over 50,000 strong.

People felt they were at best, misled, at worst, lied to. The marketing and promotion for beacon did little to highlight the fact it was an opt-out program. In other words, when Beacon launched, everyone on Facebook was enrolled. Whether they knew about it or wanted to be involved, millions of users’ online transactions were automatically published on their public feeds. An intimate knowledge of Facebook’s privacy settings was the only way to disable Beacon…and that didn’t always work.

Facebook scrambled to tweak the system while dodging cannonballs from every direction.

On November 29, 2007, the Facebook team was looking forward to what they hoped would be a nerve-calming interview set to run in the New York Times. Meanwhile, an industrious data security researcher on Long Island was testing Beacon to see if promised changes had been implemented. What he found was disconcerting—Facebook was still collecting data from users who had opted out of the Beacon program. Unfortunately for the social media company, what the CA associate discovered and blogged about was the exact thing Zuck’s crew denied in the NYT article running the same day.

Things kept getting worse for Facebook. Zuckerberg issued a public apology that most felt was arrogant and dismissive. Then the lawsuits came. Lane v. Facebook was the most well-publicized of the lot. A class action lawsuit with approximately 20 named plaintiffs representing Facebook users, Lane v. Facebook was the straw that broke the Beacon-camel’s back. The social media darling lost and was ordered to pay $9.5M in damages.

But wait, there’s a twist.

$9.5M may seem like a hefty settlement, but the injured parties saw less than 1% of the damages. $41,000 was split between the 20 odd plaintiffs and the attorneys pocketed somewhere between $3 and $4 million. So where’d the rest of it go?

To Facebook.

The social media company was court ordered to start their own non-profit foundation whose goal was to research and promote initiatives that further online safety, privacy and security. Brass tax: Facebook lost the lawsuit and their “punishment” was permission to keep going.

(Almost forgot, they were also told to build a website about the case and foundation. [sarcasm] It’s an amazing website![/sarcasm].)

And then there was that uncomfortable interview at D with Walt Mossberg.

Just sayin.