At first it was sharing with your list of friends and others (including non-friends) at your location, which was your school. So, from the beginning, your default sharing included people you did not know and had not listed as people you wanted to share information with.
Seven years later that is still the case, and Facebook's business plan seems to depend on you being willing to share with strangers.
Facebook's default sharing profile has changed over the years. See Matt McKeon's great visual presentation of the changes here. The scope of who gets to see information about you if you do not exercise any control has grown significantly as has, until very recently, the complexity of what you had to do to rein in the scope.
After months of relentless bad publicity about its privacy assumptions and controls, Facebook has heard a message -- maybe not "the" message, but at least "a" message. The social networking site has significantly simplified its privacy controls, but its recommended, and I assume, default setting is very broad. Facebook still wants the world to know you, and part of that world includes Facebook applications and partner Web sites. The latter function is benignly called "instant personalization." Facebook has now added a way to configure what information instant personalization will hand off about you.
I first got my Facebook account in March 2004, just about the time that Facebook expanded from being just Harvard to include Stanford, Columbia and Yale, because my boss wanted me to see if Facebook's privacy seemed OK. As Harvard's CIO, he was curious, even though Facebook was not a university effort. I did some poking around and remember talking with Facebook co-founder Mark Zuckerberg on the phone or via e-mail. Things seemed fine to me.
But, when I was asked for my birthday as part of the registration process I did not see a reason that Facebook needed this information, so I made one up.
I quickly forgot about this made-up birth date, but recently it did come back to get in the way. I did wonder about the birthday greetings I received on the wrong day from people I did not know all that well but dismissed it as flukes. Earlier this year I signed in to Facebook from Toronto when I was there on a business trip. Facebook would not let me log in because I was not at my normal location. I suppose that is a reasonable anti-hacking feature but I was blocked when Facebook asked me to verify myself because it asked for my birth date as part of the verification process. So I was stuck. I tried and failed to raise a human through Facebook's online help process. It was a few weeks later that I figured out that I could tell Facebook that I forgot my password and get a new password e-mailed to me.
Facebook let me log in once using the new password. That gave me a chance to find out what birth date I had used (it does not seem possible to change it even if I wanted to), so when I was challenged the next time I tried to log in I was able to verify myself. Such a relief.
The new Facebook privacy configurations are a big improvement over what went before, but I think they are still missing a major concept: not all friends should be equal in terms of sharing. Friends are not equal in the real world -- there are many things that you tell some friends and not others. Adding this bit of real-world reality would not make things simpler and it would run counter to Facebook's expansive picture of sharing, so I doubt it will happen.
Disclaimer: Harvard tries to prepare students for a real world, maybe one that they help make (as Mark did). But the above review and story is mine and not the university's.
Read more about software in Network World's Software section.
This story, "Can Facebook privacy be simple?" was originally published by Network World.