This becomes particularly apparent when looking at Third Party Application developers. These external applications can access data in ways that are not immediately obvious to the end user, and in some cases this seems to work against people's obvious desires. In short: third party applications get the same access as the account that installed them, so if your privacy settings are set to friends only, and a third party app installed by a friend requests your information, it can get it. So, your privacy is as good as your least discrete friend's judgment.
But issues around abusing privacy aren't new for Facebook. They have these types of issues a few times a year, every year. Flash back to the launch of Beacon:
"Facebook still collects your data. Whether or not they show it onscreen or not is only marginally relevant. They have records of how you have used their site, and that information is valuable to people who want to sell you things."
Facebook has a well worn track record of disastrous handling of user data. In the beginning of 2009, Facebook pre-emptively changed their ToS. People were not happy, but people should not be surprised, as this is normal behavior for Facebook.
And, of course, Facebook can change their privacy settings at will, thus eliminating the illusory value of these settings in the first place, as illustrated by this very conversation.
Some other good reads on this:
- The Facebook Blog: http://blog.facebook.com/blog.php?post=197943902130
- Electronic Frontier Foundation: http://www.eff.org/deeplinks/2009/12/facebooks-new-privacy-changes-good-...
- From ReadWriteWeb: http://www.readwriteweb.com/archives/facebooks_privacy_move_violates_con...