If you print out FB’s T&C’s, plus all of the layers of embedded links within links, it’s 87,000+ words. That is designed to be unreadable and incomprehensible, it’s an attempt to baffle. Even stupid people, illiterate people, and just plain lazy people don’t deserve to be taken advantage of.
If you want to talk about what people “should” know, there’s s reasonable man statute, and it definitely doesn’t include what you’re describing.
I agree with you on that. I'm just pointing out that the data isn't being shared with "some random third-party tracker/ad-ware" (it's either a conscious decision or a serious security mistake to include third-party scripts on your site). This particular method of "leaking data" shouldn't be treated any differently from direct, deliberate information sharing because it's not some kind of unanticipated "hack" as the story might sound.
"These scripts are embedded on a total of 434 of the top 1 million sites, including fiverr.com, bhphotovideo.com, and mongodb.com. … We believe the websites embedding these scripts are likely unaware of this particular data access [5]."
From an end user point of view - I don't think it's reasonable for a bhphotovideo.com user logging in with Facebook to assume their Facebook data is being sent to ntvk1.ru
I suspect it's not even really reasonable to expect the website owner at some of those "434 of the top million sites" to be technical enough to understand the privacy implications for their users of running both "Log in with Facebook" and 3rd party ad serving on their sites at the same time.
If you want to talk about what people “should” know, there’s s reasonable man statute, and it definitely doesn’t include what you’re describing.