[nbm]

How would whatever system that does this discover that the user is or is not logged into Facebook? The javascript portion doesn't have access to cross-domain cookies, so that won't work. Anything else requires connecting to a domain such that cookies are passed on so that it could discover whether the user is logged in or out before passing it to a subdomain.

(I work at Facebook, but not on this.)

[bandushrew]

hmm? without pretty specific knowledge of the problem set facebook is trying to solve with its current set of code I am clearly unable to offer a solution that will resolve them all.

However, if one of the problems that they wanted to solve was 'we dont want to track user data unless they are logged in', they would have solved it by now.

The fact that they haven't means either (a) they just haven't thought about it or (b) they have thought about it, but do not want to solve it.

[nbm]

The purpose of the social plugins is to provide social context - telling you which of your friends has liked something, or that you are the first.

To do this, it needs to know who you are if you are a Facebook user that has not logged out. To do that, it needs to check the cookie that the Facebook web site sets when you are logged in.

Unfortunately, the web as it stands doesn't allow this interaction without divulging some information (time/date, browser, IP address, &c.) when the only interesting thing is who you are if you happen to be logged in.

This is the same problem that web analytics, certain comment systems, other social buttons, and other embedded functionality systems face.

About the best that can be done is explain what happens with that data when it is received - and that is explained at https://www.facebook.com/help/?faq=186325668085084

[bandushrew]

Dude, if I am a facebook user who has not logged out, they can send cookies as much as they like.

The browser manages this - if they are logged in, set a cookie that will be sent to the hypothetical 'like' subdomain of facebook, if they are logged out, remove the cookie.

This kind of functionality is really not rocket science, there are dozens of ways to implement it and I feel kind of stupid talking about it.

There are reasons for facebook not doing this, but they are not technical ones.