One of things that Facebook wants to do is to make it possible for them to share your information automatically with "pre-approved" websites. That would mean that if you're logged into Facebook and then visit a third party website, that site will be able to access the following:
- your name
- your profile picture
- your gender
- your friends and connections
- your userid
- any content shared using the "Everyone" privacy setting
In other words, you might visit a website and discover that it already knows who you are, your date of birth, where you live, who your friends are. All, without ever having given the site explicit permission to access that data.
Here's how Facebook describes it in its proposal:
Pre-Approved Third-Party Websites and Applications. In order to provide you with useful social experiences off of Facebook, we occasionally need to provide General Information about you to pre-approved third party websites and applications that use Platform at the time you visit them (if you are still logged in to Facebook). Similarly, when one of your friends visits a pre-approved website or application, it will receive General Information about you so you and your friend can be connected on that website as well (if you also have an account with that website). In these cases we require these websites and applications to go through an approval process, and to enter into separate agreements designed to protect your privacy.
According to Facebook, only a small number of pre-approved sites will be offered this feature, and users will be given the option to disable the feature.
Yes, that's right - the onus will be on users to "opt-out" of this feature, rather than "opt-in". I know which way round I would prefer that to be.