The "Like" button infrastructure (images, JavaScript) is loaded from Facebook's servers via a cross-domain request. Those servers can theoretically use cookies or IP addresses in conjunction with referrers to do tracking even without clicking Like, for both authenticated and unauthenticated users.
Some content is loaded off of their CDN, which I highly doubt is doing any tracking. The non-CDN pings are quite possibly not doing tracking, but it would be possible for Facebook to enable some tracking with most people never noticing.
facebook has a long history (the entirety of their existence) of being extremely greedy about personal data. Whenever outsiders have had the chance to see inside their thought process on collecting data, it has always been clear they'll collect anything and everything they can. What they're doing with it might not be nefarious; but they love personal data like no company ever before, and go to great lengths to own it.
I'd be surprised if they aren't tracking every request that passes through their servers and gathering usage patterns of everyone on the Internet, regardless of whether someone is logged into facebook or not, and regardless of whether the request originated on a facebook property. That's just the kind of thing facebook does, as far as I can tell. If they aren't doing it already, it's just a matter of time.
I'm speculating that the CDN servers are running stripped-down, static-file-only HTTP servers that don't integrate with a more complex user-identification and logging infrastructure to help with throughput.
I agree that they probably aren't doing complex user-identification...probably no cookies or JavaScript or anything like that happening on their CDN.
But, IP alone would be enough to follow the trail of most people (I know all the caveats about IP!=individual, but that data is still far from worthless), and collecting IP trails would be absolutely trivial and practically free from a performance perspective. The difference in a high performance webserver environment with logging vs. without logging is less than one percent...probably much less.
With a bit of clever data juggling, and logging of user agents and other information about the client, compare that to past visits from the same IP on properties where facebook has more data (from cookies and logged in activity), and identify users by name with pretty good accuracy.
In short: Performance is not a factor for logging, and facebook wouldn't need a large amount of additional cooperation from the client, like cookies or JavaScript bugs, to track users who aren't logged in. They just need to combine the already available log data in useful ways. A big part of the reason all these fancy distributed key/value stores and BigTable imitators exist (and why facebook has developed their own in-house) is for processing exactly this kind of data.
I'm extremely confident that facebook logs everything, though I have no idea what sorts of things they do with the resulting data.
Why wouldn't they be doing tracking? It seems like a big portion of the benefit to them in doing connect/like/etc. They do make their money selling ads, and they are seemingly hot to collect as much information as possible.
It seems like logging enough detail to matter on so many loads would cost more in time and money than the data is worth.
edit: And then I did the math. A 15 byte IP (pretending all IPs are made of four 3 digit numbers) plus a 400 byte URL across 1b accesses is less than half of a terabyte hard drive. Guess we're doomed.
So what if they are tracking? It's a separate issue to whether or not Facebook is controlling data / privacy too much. The same tracking issues with the Like button exist with any technology that is included on a huge number of websites, including advertising networks and Google Analytics (which expressly exists purely to track users!)
It is not inherently evil to track users. What you do with that information decides the morality of the situation. It seems to me that rolling this non-issue into the arguments against Facebook is actually harmful to the FSFs cause - why would they bother telling us about something trivial if they had real concerns to air?†
† I am not saying that there aren't real concerns, or that the FSF isn't airing them - just that airing a non-issue looks bad
Some content is loaded off of their CDN, which I highly doubt is doing any tracking. The non-CDN pings are quite possibly not doing tracking, but it would be possible for Facebook to enable some tracking with most people never noticing.