After ranting about Shelfari recently, I guess I have become a little sensitive to websites implementing things that are wonderful for them and their partners, but (potentially) harmful to their users.
Read the posts by Ethan Zuckerman and David Weinberger for the latest move by Facebook that could seriously compromise its users' privacy. As both of them acknowledge, the idea itself is quite neat and some users may like it enough to go for it, but the key to getting its implementation right is in getting the defaults right. Here's Weinberger:
When Blockbuster gives you the popup asking if you want to let your Facebook friends know about your rental, if you do not respond in fifteen seconds, the popup goes away ... and a "yes" is sent to Facebook. Wow, is that not what should happen! Not responding far more likely indicates confusion or dismissal-through-inaction than someone thinking "I'll save myself the click."
Further, we are not allowed to opt out of the system. At your Facebook profile, you can review a list of all the sites you've been to that have presented you with the Facebook spam-your-friends option, and you can opt out of the sites one at a time. But you cannot press a big red button that will take you out of the system entirely. So, if you've deselected Blockbuster and the Manly Sexual Inadequacy Clinic from the list, if you go to a new site that's done the deal with Facebook, you'll get the popup again there. We should be allowed to Just Say No, once and for all.
Why? Because privacy is not just about information. It's all about the defaults.