I'm in the middle of listening to This Week in Tech episode 250 and the show's host, Leo Laporte, said the following:
"Facebook made a promise to me we will keep it private unless you say otherwise. You tell us who you want to share with. That was the promise and I feel it's like a friend that I went and I told something secret to and then he blabbed it and they said, oh my bad. So I go back and said, okay, I understand you made a mistake. He blabs it again."
"To be honest, I feel like this is a bad girlfriend who three times now has revealed stuff that I said this is secret and I am not going to give her a fourth chance. I just don't think it's right."
Since when was Facebook your friend, girlfriend or confidant? Why are you telling it information you want to keep private? Sure, it promised to not reveal any of it, but why did you expect it to keep its promises? If you stopped a stranger on the street and showed them a picture of you drunk or told them that you hated your boss, would you expect them to keep it private? What if they promised you? Would that make any difference?
This is not something solely related to Facebook. Every site on the net is the same to a greater or lesser extent. If you put private information on the internet then it's not private any more, no matter how many "guarantees" you're given. For your information to remain private you have to assume that at least all the following are true:
That's an awful lot of things to assume, and I don't think there's any person or company on the internet who could honestly make those guarantees, even if they really want to. No matter how small and trivial the online service, there are so many people involved in making it happen that some of them will be dishonest. Some of them will be incompetent. Some of them will be bribed or tricked into giving away your information. Some part of the system will have a security flaw that gets exploited. One way or another, the information you give to an online service will end up under the control of someone you don't trust sooner or later.
So how do we solve this problem? As far as I'm concerned, the only approach is to treat every internet service like you would a stranger. Sure, you might strike up a conversation with someone in a bar or at a conference or on a train, and sure, you might tell them personal information, but you're never going to tell them something you wouldn't tell absolutely any other person on the planet, right? Just don't put anything on the net that you're not willing to write on a piece of paper, sign and hand to a stranger. Yes, this restricts the usefulness of the web and, in particular social networks, but remember:
The internet is not your friend, so don't tell it anything you want to keep private.