Already worried? Scroll down to the steps you can take to protect your info.

How does this work?

Well, first of all, Facebook has already released “social plugins” for web sites that will add Facebook stuff to their pages. The Facebook info is actually loaded into a little frame on each page. The content in the frame shows comments, notes, etc., from your Facebook friends in connection with this web site (assuming your friends have been there).

Keep in mind that you have to be logged into Facebook for the personalization to work. This can happen one of two ways: you log in at the main Facebook site and then browse the rest of the internet, or you log in through one of these social plugins on someone else’s site.

So if you log in, how is your Facebook data used?

Liz Gannes explains it this way at gigaom.com:

Instant personalization means that if you show up to the Internet radio site Pandora for the first time, it will now be able to look directly at your Facebook profile and use public information — name, profile picture, gender and connections, plus anything else you’ve made public — to give you a personalized experience. So if I have already publicly stated through my Facebook interests page that I like a musical artist — say, The Talking Heads — the first song I hear when I go to Pandora will be a Talking Heads song or something that Pandora thinks is similar.

It also will allow your friends to share any information that you currently have given permission to share in your Facebook Privacy settings.

This is all very disturbing.

Why? There are two basic things wrong with their approach:

1. Facebook is sharing your information quietly, and the average user will not know enough to either a) opt out, or b) understand the difference between Facebook content and the actual content of the web site they are visiting.
2. Taken together, Facebook’s quiet approach and their decision to make all users opt-in to this service by default, they appear both sneaky and too big for their britches.

Let’s break this down.

The idea of a personalized web experience is not bad.

However, Facebook is a social destination, not a browsing mediator/experience.

A personalized browsing experience is what we might expect from a company like Google. They already provide a number of applications to make living on the Internet much easier. Want to read the Microsoft Word attachment in your email, but don’t have that ability on your phone? No problem: Google Docs will copy the document into your own little document area and show it to you as a web page.

But from Facebook? No. For me, at least, Facebook has not yet escaped its roots as a social application.

It’s true that people use Facebook very differently. You could simply use Facebook as the social tool it was originally developed to be, posting updates about yourself and uploading pictures. Other people like the social aspects of being able to post on someone else’s wall and using apps to send virtual cards, smiles, flowers, and other gifts to their friends. Yet another purpose is business and marketing: you can add a page for your business, invite people to become fans, and post announcements about your store. Still others create a profile to use only as a gaming account, connecting to Facebook game apps both large and small.

The point is, Facebook is still a destination. To be fair, I’m not against Facebook’s expansion, but they really need to handle it better. A service like “Instant Personalization” should have been introduced more carefully, with a lot more communication about the feature’s benefits and practical application, allowing users time to grasp the concept.

Most importantly, no matter how this new idea was communicated, Facebook should have respected their users enough to let us opt-in to it. By quietly flipping the switch on all users, Facebook now appears both sneaky. The reactions online have been saying “look what else Facebook is doing to trample all over our privacy” and not “look how innovative Facebook is.”

Facebook also appears way too convinced of their own superiority. Either they feel too big/too important to worry about offending a few users, or they assume that everyone will want to opt-in (so why not do it for them).

Unfortunately, Facebook is offending its users. That’s important because in a world of free and cheap services, the characteristics that set one product or service apart from another are the intangibles, like service and quality.

Facebook certainly isn’t the only social service available out there. If they continue acting this way, I will seriously consider distancing myself from Facebook as anything except a vehicle for reposting my tweets. I may only be one user, and a half geek at that, but there are many more out there who might gladly jump off the Facebook ship for a more user-friendly (in all aspects of the phrase) solution.

These steps will prevent Facebook from sharing your info:

1. After logging into Facebook, click on Account and go to Privacy Settings > Applications and Websites. Uncheck the Allow box at the bottom of the page.
2. Next, also on your Privacy Settings > Applications and Websites page, click the button to edit “What your friends can share about you.” Uncheck any item you do not want shared by someone else. (It’s quite a list. I unchecked them all.)
3. Finally, you need to block three applications. Yes, you apparently need to block them even if you have not used them or explicitly granted them access in the past. You need to block Facebook Docs, Yelp, and Pandora.
4. You may want to keep an eye on the Facebook Help Center page about the partner sites in this program. There are only three at the moment, but there is no guarantee Facebook will tell anybody when new ones are added.

Many thanks to PCWorld for sharing these steps.

None of the other suggestions online worked for me, but I did find a solution on my own today. I’m posting it here in the hopes that it will help someone else.

I logged into an old Google account using my PC while I was investigating this issue, and I discovered by accident that I could log in to YouTube with the alternate email address I had listed on that account.

But I didn’t have an alternate email address on my current Google account, so I took the following steps:

1. Logged into my current Google account and went to My Account (https://www.google.com/accounts/ManageAccount?hl=en).
2. Under Email Addresses, clicked Edit.
3. Added an alternate email address (a Hotmail address).
4. Google sent a verification email, so I went to Hotmail, opened it, and clicked the link to verify.

Then I immediately went to the YouTube app on my iPhone and was able to login using the alternate email address I had just verified and my Google/Gmail password.

Let me know if this works for you. If it does, feel free to post this solution to any forums where you tried to get a solution and none worked. Spread the joy!

@ridedali: you’re the first sane commenter on this Giz post. Thank you for acknowledging that the iPad is not anywhere near perfect, but at the same time has great potential.

Apple has introduced game-changing things in the past. Unfortunately, having set the bar high with both their original products and the subsequent evolution of those products, Apple is their own worst enemy. We expect something slicker and better than their previous innovations, even if things like the iPod have taken time to evolve.

So, I think people were hoping that the iPad would be a tablet/netbook/Kindle killer, and it’s not. Instead, it fills a gap somewhere between the iPod and the MacBook Air.

I will be watching to see how the iPad develops. (Unfortunately, until color e-ink is available, I don’t think any pad, netbook or slate will fill the entire digital entertainment gap.)

At the same time, there is room for someone to fill significant niches. As a creative web person, I would love something with the capabilities of iPad/JooJoo/Wacom all in one. Maybe others would like an iPod/iPhone/Kindle. I expect this to happen in time, but I no longer expect Apple to do this in one felling swoop.

P.S. I tried to leave this comment at Gizmodo directly, but since I’m using an iPhone, clicking the “Share” button did not show me the next screen where I could sign up. Rather than waste my typing, I copied it and posted it here. Ironic.

Zeus (or whatever it’s called these days) is a virus, trojan, spyware, malware, phishware, backdoor intruder (you get the idea). What it does: shows a fake “security” form when you log into your bank account, Paypal, and probably other sites as well.

The insidious part: it appears to be part of the site you visit, effectively “cloaked” as a legitimate page! I only got suspicious when I logged into Paypal and they appeared to be asking for the same kind of security information that Wachovia did.

At first, I wondered if sites were simply verifying accounts due to recent browser hacks. But one of the things the form asks for is the PIN to your debit or CC card. Paypal doesn’t need that info.

That’s when I emailed Paypal and asked why they need my PIN. They replied and said that they have no record of ever asking for my PIN.

So then I ran my free edition of Malwarebytes’ Anti-Malware (MBAM). Much to my surprise, it found 40 infections!!! That’s more than it found when I was infected by “Internet Security 2010″ last week. That gem is a fake anti-virus program which also drops several trojans in your computer, disabling Task Manager and Program removal in the process.

Yeah, so I was floored. I told MBAM to remove all the infections, of course.

But I had already submitted my information when the form appeared after my banking login screen.

So I called my bank to report the issue and cancel my debit card. They transferred me to the Online Fraud department and a gentleman who knew all about this fake form and told me that it is called the Zeus Virus.

Fortunately, this rep was able to immediately kill my debit card, PIN, and login details. He also said that he didn’t see any suspicious login activity, and so far there are no fraudulent transactions or purchases.

Unfortunately, my information was submitted to who-knows-where, and I’m at a big risk for identity theft.

My bank has offered me the free services of their Identity Theft Assistance Center to monitor my credit and catch any attempts to take out loans, credit cards, etc., in my name.

Geeky stuff

I saved the source code from the Paypal form to include when I contacted Paypal Support. If any industrious geeks want to see it, you can download it here as a TXT file. I believe it works on the same basic idea as Goored, which executes a remote Javascript to take over your browser’s destination.

Also, I upgraded Malwarebytes’ Anti-Malware so I would have real-time monitoring in case anything tries to attack me again. I’m glad I did, because there is apparently something still lingering on my PC. Every once in a while, MBAM blocks an attempt to access a known malware IP address.

I was able to get rid of the active infections by following the Malware and Spyware Cleaning Guide from the GeeksToGo forums. They also have free instructions on how to remove a number of more popular infections. GeeksToGo is run by volunteer geeks who donate time to answer the problems that stump the less geeky.

Since MBAM has been blocking malware IP addresses, even after I did all the recommended cleaning, I think the only way to be completely rid of the entire infection is to repair my Windows installation.