Facebook wrote up a post on Sunday attempting to explain some of its new approaches to selling and analyzing ads on the site, responding to user alarm about its partnership with data firm Datalogix. Among the revelations: stores can give Facebook hashed versions of customer e-mail addresses they've collected to target users with ads, and Facebook is allowing users to opt out of entire ad networks via a link in real-time ads.

Facebook's recent partnership with Datalogix meant that it would be sharing data on ad viewership and how customers reacted to ad displays. Datalogix plans to forward Facebook's data to clients like CVS and Stop and Shop to help them determine how effective the ads are. In turn, Facebook promises that a combination of ID numbers and hashes protect users, and that data is only presented in aggregate to Datalogix clients.

In the post written by Facebook privacy engineer Joey Tyson, Facebook highlights a new use for those e-mail addresses you've been tossing off while checking out at your favorite stores: a store can hash the e-mails it has in its database, Facebook will hash its own, and then the two parties will compare notes to find customers to show that store's ads to. No actual information is shared, so Facebook skirts its third-party sharing promise again. Still, we don't expect most Facebook users who have given out e-mail addresses to retail stores expected them to be used in this way, hashed or not.

This process could potentially take Facebook to the heights of creepy and invasive more quickly than before. Retail stores are already able to figure out female customers are pregnant before their immediate family members. If CVS takes your purchase history and hashed e-mail address and compares it to Facebook's database, it can start serving you ads for soup when you buy cold medicine, condoms when you buy Cosmopolitan, or topical acne cream when you buy sparkly gel pens and a bag of candy.

But Facebook appears to want to make opt-out an easy option, at least for real-time ads that are served via Facebook Exchange. In this system, Facebook notifies marketers when a user signs on using a unique ID (based on their profile and browser), and the marketers can bid to show a particular ad at a particular instance. Tyson notes that "[w]hen we show an FBX ad on Facebook, it includes an 'X' link that lets you provide feedback about ads," and also, "a link that lets you learn more about and choose to opt out of future ads from the service provider responsible for that ad."

Privacy groups have already begun prodding the FTC to look into the Facebook-Datalogix liaison. The groups have called Facebook's opt-out procedures "confusing and ineffective" and that the FTC itself has said that "hashing is vastly overrated as an ‘anonymization’ technique."