As usual, when a social media network makes change in how it handles privacy settings, there's been a kafuffle over Facebook's recent privacy changes. I was nosing around the new privacy settings, and noticed something that I consider obnoxious: even though I was already logged into my account, I had to enter my password again to modify my Privacy settings:

"Your privacy settings are secured for your protection."

This is an obvious deterrent to users modifying their own privacy settings, but I can buy the argument that it's good to have that extra layer of protection, as people are likely to leave their Facebook account logged into public computers, and someone modifying their privacy settings would obviously be ugly. Of course, Facebook and their advertisers and other partners all serve to gain the less people know about and modify their privacy preferences.

Beyond that, I was curious, so I went back to the preferences and clicked on Deactivate Account, and sure enough -- you can deactivate your account without inputting your password. Just fill in a CAPTCHA and bam, you are dead to Facebook! Like a zombie you can shamble back through Facebook simply by logging in again—but shouldn't deleting accounts also require you to prove via password that you are who you're deleting?