The amount of stuff that is starting to require Facebook Connect or access to Facebook is what worries me. Most of them ask for every single permission under the world and only ask me once.
For example, Spotify, it is practically neutered unless you connect it to Facebook, but as soon as it is connected to Facebook it can send data to Facebook as me.
There was an app not too long ago that required Facebook to login, it too asked for those permissions. Now it can without my permission start sharing content based upon actions in the webapp. I am not okay with that.
First of all, when I go to spotify and "log in with facebook". The site sends me to a facebook page asking me to "log in to spotify" with my facebook. On this page, it specifically says "This app will not add activity to your Timeline." In other words, the basic spotify login with facebook isn't social. If you "Connect" your spotify account to facebook, it pops up a permission dialog asking you for various types of access. This is the social portion. Don't do this if you are concerned.
The second part of the application is the social part. Again, if you don't trust an application you can always go to your app settings page on facebook (https://www.facebook.com/settings/?tab=applications), select the application you are worried about and deny specific items that you don't want the app to have access to.
If you "x" out too many things, you might cripple the application, but that's the way it works.
I don't want to first opt-in to something and LATER have to deny it those permissions. I want to deny it those permissions and only give it some permissions to start with.
How much damage would it be possible to do in the 3 - 4 minutes it will take me to go back to Facebook, go to my account settings, look at my app settings, find the app in the huge list, and then start removing permissions I don't want to grant it?
After that I have to go through the effort to find the post content in my timeline, one by one delete the items and hope that my friends have not yet seen the content (and it being posted to the ticker makes that unlikely...)
My point was that most pages hopefully will have two levels (like spotify). One to log in and do basic things, and the second level a social one.
So, if you don't do the second part, you should be fine?
Also, I personally would be careful in installing apps. This goes for any application (not just facebook). If you trust an app, go ahead, if not, just avoid it. This is going to be different for different people.
Edit: Ok, I think I see your point. You don't want an app to ask for too many permissions right off the bat and then you having to go back and remove them.
Again, I think this is going to be developer and users driven. The more people ask for apps to start off with minimal permissions the developers will have to comply. Does that make sense?
Why should this be developer and user driven? Facebook on their permission page when I first visit it should be more than capable in allowing me to change what permissions are given.
If they can retroactively remove them, they should be able to do so before I even grant any permissions.
Give me two columns, one "Allow" and one "Disallow" and I can drag the permissions to the columns as I see fit. Can an app give me a template or ask for certain permissions by default, yes, absolutely, but let me change them.
I think it has to re-ask you for new permissions, it doesn't get any permissions 'grandfathered' in. But yeah, the fact that many apps ask for too-many permissions is a pain :/ Means I always have to go back and remove the permissions I don't want, and hope I don't forget.
How is Spotify "neutered" without Facebook? I've never connected it to Facebook and everything works fine for me, including sharing playlists with other users.
For example, Spotify, it is practically neutered unless you connect it to Facebook, but as soon as it is connected to Facebook it can send data to Facebook as me.
There was an app not too long ago that required Facebook to login, it too asked for those permissions. Now it can without my permission start sharing content based upon actions in the webapp. I am not okay with that.