May 06, 2010, 1:34 PM — When a piece of software is automatically installed on your computer without your knowledge, it's called malware. But what do you call it when Facebook apps are added to your profile without your knowledge? We discovered Wednesday that this is actually happening, and stopping it isn't as easy as checking a box in your privacy settings.
If you visit certain sites while logged in to Facebook, an app for those sites will be quietly added to your Facebook profile. You don't have to have a Facebook window open, you don't need to signed in to these sites for the apps to appear, and there doesn't appear to be an option to opt-out anywhere in Facebook's byzantine privacy settings.
These apps appear to be related to Facebook's sharing tools. The sites currently leaving this trail all have Facebook Connect integration, and the list includes heavyweights such as the Gawker network of blogs, the Washington Post, TechCrunch, CNET, New York Magazine, and formspring.me.
It isn't entirely clear what information these apps are pulling from user profiles or feeding back to Facebook. They don't show up automatically on profile pages, but if you go to an application's profile page, you can see a list of your friends who also have that app installed, essentially getting a unintentional peek at their browsing habits. On the other side there are sites like the Washington Post's, which has a Facebook Network News box showing a list of your friends who have recently shared a Washington Post article on Facebook.
How to block the apps
Opting out of Instant Personalization does not stop these apps from appearing. Unfortunately, removing these kinds of applications requires more vigilance than just un-checking a box.
To see a list of your current Facebook applications, click Account in the top right corner of Facebook, then select Application Settings from the drop down menu. If you click on the Edit Settings link for one of the new applications, you'll always see one tab called Additional Permissions that has a box that's unchecked by default. Checking it will give that application permission to "Publish recent activity (one line stories) to [your] wall." Sometimes there is a second tab with an option to add a bookmark for that link to your wall. And a few apps also have a Profile tab where you can add a Tab to your profile for that site and pick its privacy level.