Anyone here notice facebook is 'keeping users logged in' by default?

24 points by prasen ↗ HN
The 'Keep me logged in' used to be unchecked by default, but I recently noticed it to be checked automatically - obviously to help their facebook connect thing, but I just thought it was sneaky of them.

17 comments

[ 2.8 ms ] story [ 52.5 ms ] thread
Yes, I saw this the other day too.

Also, the 'logout' is now buried in a drop-down, instead of in view all the time.

That said, I'm having a bit of facebook privacy fatigue.

I have no great love for facebook, but let's face it...

"Joe the plumber" doesn't like having to log in :(

This results in others sites that I browse being able to connect me to Facebook without my permission. Was initially surprised to see my profile photo at random sites that I visit.
That's how I noticed too, I suddenly saw the name of another HN user listed as 'liking' some article on cnn.com and I figured there has to be some kind of underwater tie that I'm not aware of. CNN lost a user, I'm sure they don't care but I do care. I'm really not looking forward to a web of websites sharing information on their users between them, if I decide to give my information to one website I really don't expect it to show up elsewhere.
I actually like this, I really dislike sites that let me "remember me" and then log me out every 2 weeks or so.
I especially hate Hotmail.com who never seems able to remember my data, even if i select remember me.
well i think the user should have the power to decide whether a site should remember him or not. If you prefer being logged in, you can choose to do it.
The same choice is still possible on Facebook, no? There is a default-unchecked "Keep me logged in" box and a Logout button.
They do log you in automatically if you are logged in your Google/Yahoo(or any other OpenId provider). However, you have to configure it in the account settings first.
Not to make you paranoid, but it isn't just Facebook Connect. All of those "Like" buttons scattered around the internet are iframes loaded from Facebook's domain. When your browser requests the iframe from Facebook, it sends whatever cookies Facebook has set. So, even if you never interact with a "Like" button, Facebook knows that you at least went to that page. Even if you've signed out, Facebook could leave cookies that uniquely identify you as the last person who has logged in and track those.

If I willfully click something, I'm happy to send data to Facebook - it's my intention. If I'm just browsing, it bothers me to be sending data cross-site.

This is the reason I manually logged out of Facebook on all machines I use, deleted the cookies (and blocked 3rd-party cookies in Chrome), and have now made a habit of logging into Facebook only when in incognito mode.
Something I noticed...

I deleted my FB sometime back and I created an MSN account after that. Recently a friend sent me a facebook invitation on my MSN mail (I only use it for keeping contact(IM) with people who are born to use MSN). The invitation suggested 3 friends who are contacts of my MSN. So I guess FB has copies of address books of my friends.