"Some of the explanations that they'll have on the web site describing what a certain thing does can just be very confusing. (For an example, log into your Facebook account and go here, to adjust your privacy settings) It's almost as if they don't want to come out and say "This is what is going to happen to your data," because they don't want to scare people. They want to provide the control to people who value privacy and want to limit access. But at the same time, if they are pushing that in users' faces and reminding them of all these different privacy settings, people will be less likely to share, and that is not what Facebook wants."
Facebook's Vice President for Public Policy, Elliot Schrage, answered questions from New York Times readers this week about the new controls and even admitted the social network could do better.
"It's clear that despite our efforts, we are not doing a good enough job communicating the changes that we're making," Schrage said to readers. "Even worse, our extensive efforts to provide users greater control over what and how they share appear to be too confusing for some of our more than 400 million users. That's not acceptable or sustainable. But it's certainly fixable. You're pointing out things we need to fix."
As for the company's stance on how much privacy people actually want, Facebook founder and CEO Mark Zuckerberg defended Facebook's privacy changes in at the Crunchie Awards in January by stating: "People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. That social norm is just something that has evolved over time."
We have little control over application security
Facebook does a good job keeping track of vulnerabilities on the site itself and protecting users in the context of the Facebook site, said Tyson. The problem is with their application programming interface (APIs) and third-party access to data.
"When you use an application that is interacting with Facebook, you are trusting that application and its level of security as well," noted Tyson. "That is something a lot of people don't understand or realize; how much trust they place in applications they use that aren't Facebook. So if there is a vulnerability within an application, that can be exploited to talk to Facebook your behalf."
The point is: Anything the application can do in terms of access to data; ie: posting links, sharing stories or images, an attacker has that same ability if they attack that application.