The quasi-best-practice of conveying that your app will "never, ever post anything to Facebook without your permission" is indicative of a problem Facebook needs to solve. My solution: Silent Connect.
My app, Snapix, is a photo messaging service to share funny or interesting photos back-and-forth with friends. Your social graph is inherent to the app's experience - one of the core dynamics of the app is to give you a new way to interact with your friends. This is powered by Facebook Connect.
When you fire up Snapix for the first time, there's only one way to start utilizing the app: Facebook Login. The upshot of doing so is obvious:
The user doesn't need to fumble with his keyboard to enter a username, email and password, or with his Camera Roll (along with pinch and zoom) to select and frame an avatar.
You get immediate access to your social graph. As a Snapix user, this enables you to easily snap with your friends.
You can post/share to Facebook in dead-simple fashion
The negative consequence is just as apparent: The user needs to compromise his personal data. I especially lament that Facebook Login is the lone method to start using our app, but this is purely a side project for my partners and I and implementing anything else - email, Twitter, Google+ (ha!) - for authentication would multiply the complexity of the project. Other services have taken their fair share of heat for requiring Facebook Login, most recently the Sunrise app.
Similarly, Hacker News users identified a quasi-flaw that made BangWithFriends less anonymous than any user would ever expect: Through Open Graph Search (query: "Friends who use BangWithFriends") and the permissions dialog, you could find out who is using the app. Not cool for people who are in a relationship but want to add something on the side with one of their co-workers ;-)
The simplest illustration of this problem: Try to evoke the pang of fear and uncertainty you experience whenever adding a new app via Facebook. It can be daunting.
I vaguely recall that the first time I used Facebook Connect was on Rotten Tomatoes. Facebook typically rolls out major new features with trusted partners: trusted among Facebook executives as much as consumers themselves. Even though I had only a rough idea of what to expect the first time I Facebook Connected, I trusted Rotten Tomatoes - an established brand - to keep all the privacy issues shut tight, and thus to keep my concerns at bay. To this day I'm vastly more willing to Facebook Connect when it's with a service or brand that seems to be well vetted by the market (in other words, by earlier adopters).
But a tiny app like Snapix has no brand equity. Nor, for that matter, do Circle or Tinder, two apps which both nearly require Facebook Connect before you can even start using the app (Circle reiterates Facebook Login not once but twice [1 and 2] even after you've chosen to login via email!). And look at what they do to ease users' privacy concerns:
Nothing says "Trust us!" like big red text, a lock iconography, and a stop sign, right? Need further proof that this solution is in itself problematic? Quick, don't think of a pink elephant!
To be clear, we use the same sort of "never, ever post to Facebook" language in Snapix that Circle and Tinder do. I don't think it's wrong, it's just an unfortunate reality at the moment.
This is how I wish the permission dialog looked when you joined Snapix:
If you missed it, here's what I added.
What is it Silent Login? Simple: Any app which supports Silent Login cannot share without your permission and will never, ever appear anywhere on your Timeline or your friends' Timelines.
Now of course this can be configured by the user via "Who can see this?" and other permissions, but most users don't have a command of what these things do. And Facebook's Privacy Settings are notoriously byzantine, enough to confuse even Mark Zuckerberg's sister. Silent Login would merely be a set of configurations with cohesive branding that is air-tight and totally reliable.
Is Silent Login in Facebook's interests? Seemingly no, if you believe and trust in Zuckerberg's mission to create a world of "frictionless sharing". Silent Login is indeed almost the opposite. But there are scores of amazing social apps to be made if not for how much pulling your social graph (read: Facebook Connect) reduces conversion by dint of privacy concerns. Think of Fred Wilson' point about the "download app, use app, keep using app, put it on your home screen" flow that retards mobile adoption, and then insert "pull your social graph" somewhere in there. Ugh, it sucks. In fact, when you look at what stands in the way of BangWithFriends really taking off, the reason is friction. Friction to connect in the first place.
What about an alternative to Facebook's social graph? There are alternatives out there: the decentralized Tent protocol and the freemium, advertising-free App.net, but I'm skeptical that these will ever penetrate beyond hard-core geek audiences. Google+ represents my Email Contact graph more than anything else, and Twitter my Interest graph, not my Social. I can't foresee any valid alternatives (or maybe that's why they don't pay me the big bucks ;-), and frankly I don't want to have to rebuild my social graph again elsewhere.
I want Facebook to own my social graph; I'm even willing to give up some of personal data in exchange for maintenance of my social graph; I just want a "frictionful" option that allows me to do whatever I want on or through Facebook without anybody knowing. I think Silent Login would do that.