Complexity of Privacy
Consider this: by Facebook's own statistics, an "average" user creates more than ninety peices of new content per month. From a privacy standpoint, that is ninety unique new objects that ninety unique decisions must be made about as to who, or what, has access to them.
Now focus on just one of these new items of content, and the web of privacy decisions it entails. According to Facebook, the average user has 130 friends. Furthermore, certain large demographics, like 18-22 year-olds in the United Kingdom, have, on average, over 1000. If a user wishes to fully control which of their "friends" sees a given content item, they must make hundreds, if not thousands, of decisions. Of course, there is no time to make so many decisions for every object ranging from a "like" to a salacious party photograph.
In response, Facebook has implemented essentially a tiered friend system, where the user can make an "a priori" one-time decision as whether to put a given person on a "whitelist" (close friends), a sliding scale of "greylists" (acquaintances), or a "blacklist" (everyone else). Yet, this is an extremely coarse solution, as there is no way to know before hand whether a given content item should make it onto the greylist or whitelist. Even for content restricted to the whitelist, it is easy to conceive a situation where a user would want only a small subset of their close friends to see a given item.
In short, the complexity of privacy control is non-trivial for any social network user with more than a handful of friends. However, the more perfidious problem is the that a given user has no control over a large proportion of the new content directly them. One of the key attractions of social networking sites is the capability to share and comment on common media of interest (ie: pictures and movies). And while users may "untag" themselves from a movie depicting them drunkenly table dancing, if they did not post the movie, they have no ability to prevent others from seeing their beer-sopped selves doing the Hot Charleston. In this sense, the complexity of privacy online is irreducibly complex, for each item of content must conform not only to the preferences of its creator, but to the preferences of those whom it directly involves.
As shown again and again by HR departments worldwide, information a user would desperately wish to keep private can be found by simply going through the user's friendlist. Indeed, researchers at the Max Plank Institute were able to make this process autonomous with a quite simple algorithm that cross-referenced the friend lists of a given target. The target's city, college, and even dormitory could be deduced, even without having a "friend" in common. From a more practical standpoint, the inherent complexity of privacy control is becoming painfully obvious through the successive Facebook privacy fiascos, ranging from the controls initial settings to the shear difficultly to do anything fine-grained.
Resources:
PC World Article
Miller-McCune Article
