Nik Cubrilovic writes:
Dave Winer wrote a timely piece this morning about how Facebook is scaring him since the new API allows applications to post status items to your Facebook timeline without a users intervention. It is an extension of Facebook Instant and they call it frictionless sharing. The privacy concern here is that because you no longer have to explicitly opt-in to share an item, you may accidentally share a page or an event that you did not intend others to see.
The advice is to log out of Facebook. But logging out of Facebook only de-authorizes your browser from the web application, a number of cookies (including your account number) are still sent along to all requests to
facebook.com. Even if you are logged out, Facebook still knows and can track every page you visit. The only solution is to delete every Facebook cookie in your browser, or to use a separate browser for Facebook interactions.
Read more on Nik Curbrilovic Blog and do note his update where he reports that he contacted Facebook a few times about this issue over the past year and got no response.
Is this a deceptive business practice under the FTC Act? Wouldn’t the average user believe that if they are logged out, their data are not being sent back to Facebook.com?
UPDATE: Facebook denies these allegations. See their statement to The Register.