A FEW years ago, Facebook was forced to retreat from a new service called Beacon. It tracked what the social network's users were doing elsewhere on the web—which caused a huge fuss because of the loss of personal privacy. At the time, Facebook promised to make strenuous efforts to better protect people's information.

But apparently the firm has not been trying very hard. On November 29th America's Federal Trade Commission (FTC) released the results of an investigation it had conducted of Facebook. They showed that the world's biggest social network, which now boasts more than 800m users, has been making information public that it had pledged to keep private.

The FTC's findings come at a sensitive time for Facebook, which is preparing for an initial public offering (IPO) that is almost certain to take place next year. Some recent reports have speculated that the firm may seek a listing as early as next spring, and that it will try to raise a whopping $10 billion in an IPO that would value it at $100 billion. To clear the way for an offering, Facebook badly needs to resolve some of the regulatory tussles over privacy that it has become embroiled in.

Hence the FTC's announcement, which came as part of a settlement struck between the commission and Facebook. The FTC's investigation highlighted a litany of instances in which the social network had deceived its users. In what is perhaps the most damning of the findings, the agency documents that Facebook has been sharing people's personal information with advertisers—a practice its senior executives have repeatedly sworn it does not indulge in. The FTC also says that the firm failed to make photos and videos on deactivated and deleted user accounts inaccessible after promising to do so.

The settlement imposes a number of sanctions on Facebook. The company has agreed, among other things, to an external audit of its privacy policies and practices every two years for the next 20 years. And it has agreed to henceforth seek users' permission before making any changes that override existing privacy settings. (In the past, the company often introduced changes that made more data public by default, forcing people to “opt out” in order to keep their information private.)

In a bid to minimise the fallout from this latest debacle, Mark Zuckerberg, Facebook's boss, took to the company's blog to apologise for the network's failings and to claim that Facebook has had “a good history of providing transparency and control” over users' information. Critics beg to differ. “Zuckerberg is walking a privacy tightrope” by trying to serve both advertisers and users, says one sceptical privacy activist. “Sooner or later he is bound to trip up badly.”