Nik Cubrilovic writes:

Dave Winer wrote a timely piece this morning about how Facebook is scaring him since the new API allows applications to post status items to your Facebook timeline without a users intervention. It is an extension of Facebook Instant and they call it frictionless sharing. The privacy concern here is that because you no longer have to explicitly opt-in to share an item, you may accidentally share a page or an event that you did not intend others to see.

The advice is to log out of Facebook. But logging out of Facebook only de-authorizes your browser from the web application, a number of cookies (including your account number) are still sent along to all requests to facebook.com. Even if you are logged out, Facebook still knows and can track every page you visit. The only solution is to delete every Facebook cookie in your browser, or to use a separate browser for Facebook interactions.

Here is what is happening, as viewed by the HTTP headers on requests to facebook.com. First, a normal request to the web interface as a logged in user sends the following cookies:

Note: I have both fudged the values of each cookie and added line wraps for legibility{...}

Read more here

"Frictionless sharing" sounds like a Catholic love novel.

There's got to be some fun stories about unexpected updates. I know one guy got a bunch of porn through something like Netflix which was Facebook connected.. his friends were obligated to roast him.