Waiter – there’s no (more) identity in my blog

Sorry to interrupt you attempting to set you Facebook privacy settings, but I have to tell you something. I’ve got me a new blog over at Gartner. You can get all my rambling goodness on identity management related stuff over there. As for the rants about privacy, they are likely going to stay here, but you never can tell.

Also, I am thinking of building a new version of Privacy Mirror to use the graph API. Any one have feature requests?

Facebook & Washington Post behavior I cannot explain

I was looking at some local news on Washington Post’s website. I happen to notice that there in the right gutter along with miscellaneous ads which my brain filters out of my awareness, was a blue box. In the blue box was a list of things my Facebook friends have “liked” on WaPo recently.

And this took me by surprise.

I opened a different browser and headed to Facebook. First, I checked my Application Settings to see if a Washington Post application had slipped into my profile. I had this happen – Gizmodo and some other sites appeared in my authorized application list without getting my authorization. See this article for more. There was no Washington Post application. Next up, I checked my Privacy Settings to verify once more that I disabled Instant Personalization. And yes, that was still the case.

So, wtf?

I clicked on the big red X that WaPo had so kindly put in the blue box with my friends activities. Instead of removing the widget, it brought me to my Washington Post account. (At some point, I registered an account with the Post so I could actually read what they wrote – I know, crazy eh?) And there was a setting called Network News. Sure enough I was opt’ed in to that. This Network News setting enabled the Facebook social activity widget to appear on the pages I saw.

Here’s the million dollar question – How did Washington Post link to my Facebook profile? I certainly never used Facebook Connect, nor have I ever “Liked” something on the Post.

The best guess I’ve got at this point is that the Post used my profile email address to match with Facebook. But this is a pretty weak theory as I have my privacy settings cranked down tight on such things at Facebook, for what that is worth. I check the Post’s privacy policy and no mention of Facebook anywhere.

Anyone have an idea on this? Anyone seeing the same behavior?

BTW – if you want out of the Post’s Network News, go here to change your preferences.