Most of the reader pushback came in the form of technical questions that had more to do with how Facebook privacy permissions work than anything else. Seeing strangers’ faces in their Washington Post hosted Facebook feed, many users panicked thinking their information was out there too. Such concerns were largely answered by Taylor, who repeatedly cleared up that the application only publishes “Likes” (not comments you’ve made on Post stories or that you have commented at all or what stories you have simply looked at) and only to your friends, who could see them on Facebook anyway. If you hadn’t limited your activity to only your friends’ eyes and instead allowed your profile to be “public,” then anyone—not just friends—could potentially see your Washington Post-related Likes on the Washington Post’s site; before they only would have only been visible on your Facebook page. If a user Likes something and their profile isn’t public, the WaPo facebook application doesn’t broadcast that approval but does add it to the tally of people who have “liked” something.

No big change.

But in a way it was.

The Post did an excellent job explaining the feature, disclosing that Don Graham, the Post’s Chairman, is on the board of Facebook, and being responsive to its readers concerns with the changes it pledged to roll out over the weekend. But it didn’t do a good job preparing readers for the change. And in doing so, it didn’t really acknowledge that it was a big change to begin with. In one explanation about how the feature works, the Post wrote:

“If you’re not logged into Network News or you don’t have enough friend activity, then we will display profile photos and content from people who have elected to share content publicly.”

But there is something disingenuous about the declaration that those whose information appears in the feed, had elected to participate in it. No one had “elected” to share his or her content publicly via The Washington Post, per se. This wasn’t like other Facebook applications, like silly quizzes to determine which celebrity you are most like or what animal you might have been in a past life, where you always have to explicitly allow access to your Facebook feed. If you’re not logged on already to Facebook when you visit the Post, then yes, you must log in, therein acknowledging that you’re okay with participating in the Facebook/third party experiment. But if you just happen to be logged onto Facebook at the same time you are on the Post site, no login is necessary, and users with public profiles are sharing by default. Either way, your Washington Postfeed was simply tied to whatever privacy settings you have on Facebook, which up until now, have only applied to items posted on Facebook—not third party sites.

Some people may very well not be bothered by this, but clearly many were. Granted, Internet users should make sure to know what their own privacy settings are. But this third party hosting of Facebook feeds is a feature that Facebook has just introduced; it’s brand new. Mark Zuckerberg announced that Facebook would be showing up in more and more third-party sites to much fanfare at a Facebook developers’ conference just one day before the Post rolled out their version. So users are just learning to grapple with how it works. And even if they do know how their Facebook privacy settings work, which many don’t, they couldn’t know for sure how their settings applied to this new thing. By asking users to opt out by changing their privacy settings if they don’t like it, the assumption is that people want to be social by default. That’s still a pretty big assumption to make, despite New York Times trend stories to the contrary. The case is, right now, most people—at least apparently most people who read well-established legacy newspaper websites—don’t feel comfortable sharing private information online. They want to be asked to Opt In if they like an application– rather than be told to Opt Out if they don’t.

Alexandra Fenwick is an assistant editor at CJR.