Perhaps in response to the campaign by MoveOn, perhaps just because they have always tweaked new features in the weeks following their launch, Facebook announced last night changes to its much-maligned (in the press) Beacon advertising system. According to a statement, participation in Beacon, while still controlled site-to-site, is now explicitly opt-in — ignoring a Beacon notification will no longer be taken as passive acceptance to publish stories to your news feed. Users will have to explicitly tell the system they are okay with the information being passed to their profile before any info is posted.

MoveOn is calling this a victory, even though the system still operates site-by-site, and Facebook has said there will be no global opt-out, which we pointed out was apparently in an earlier, pre-release version of the system, and which MoveOn later picked up on.

As we suggested last week, and as VentureBeat also intimated, the size of the reaction from Facebook users seemed overblown — i.e., the tech media and blogosophere echo chamber was more upset by Beacon than the majority of Facebook users. That matters little, though, since better privacy controls for users is a win for them whether they care to have them or not. We can’t help but think, however, that MoveOn has actually missed the important issue.

The MoveOn campaign focused exclusively on Beacon’s tendency to share purchases with friends (or total strangers in your network via your mini-feed, as MoveOn’s Adam Green pointed out to me via email last week). But what we haven’t heard from MoveOn is a word about the information Facebook is gathering on your purchases. Whether or not you opt-in to let the stories be published, Facebook still likely knows what you bought and is gathering that information. Which is the greater breech of your privacy?

This is, of course, nothing new. Google, DoubleClick, Microsoft’s Atlas, any just about any other ad network on the web uses cookies to watch where you go and build a profile of your behavior. It’s all supposed to be anonymous, of course, but privacy advocates have long been unnerved by this practice (the US Senate is looking into DoubleClick now). The difference with Facebook, is that the data they gather on your purchases (and potentially on your web browsing) is linked to a profile of additional information specifically about you. Even if they promise the data is kept anonymous and not sold to third-parties — and they do — doesn’t that seem just a bit creepier than the potential for your friends to find out which game you bought for your Wii from Overstock?

While users can count it a victory that they have greater control over what information gets published to the news feed about their behavior outside Facebook, that they still have no way to opt-out of the data collection on Facebook partner sites at all is somewhat disconcerting. Data collection on the web by advertisers is something that many of us have grown used to, and some of us have grown jaded and simply accept it as a fact of Internet life. But the real privacy issue here has not been resolved: Facebook still has access to detailed information about your purchasing and browsing habits on partner sites that you can’t opt-out of.