How often do you email confidential business data? Or log into a company intranet or VPN? How often do you send love letters or personal notes to a (potential) significant other? etc.

There are lots of uses for the internet where privacy is expected. Perhaps a better thing to say is "If you don't want it shared, don't put it on a social networking website".

It's true that once digitized, content can be very difficult to contain, but there _are_ ways to communicate over the internet and maintain a reasonable expectation of privacy.

The thing with Facebook is that they've promised certain things, like that you'd have to authorize anyone before they had access to any of your data, or that certain things would remain friends-only, or whatever, and then they've renegged on these promises. They betrayed and jeopardized their users for their own immediate profit. Do you think that's something we should just write off as "well, don't put things on the internet"?

It's not like a bunch of nude photos that someone uploaded to a server in a public directory and hoped no one would ever stumble across them. For that, you can say "well, be careful what you put on the internet, because it's just as accessible to everyone else as it is to you", but when a company makes a covenant not to share certain data and then breaks it, I don't think it's really fair to expect users to expect that behavior.

The IM conversation that started this whole topic was not a social service, yet it, too, is public.

If you don't want it shared, don't put on the internet.

(Well, at least, not until my startup is shipping its product. Then you'll be fine.)

But even that's not acceptible. If a TOS/PP says that my privacy settings will be honored, I upload content assuming that only X people can see it, my settings are changed behind my back and now Everyone can see it.... something is very wrong. If Facebook blocked my profile until I had a chance to review the new settings and their new more open defaults, that would be fine. If Instant Personalization had been opt-in, that would be fine. If the god damn Applications page would let me block applications that would be fine. If I could visit Queerty without seeing that some god damned Queerty app was added to my profile CERTAINLY WITHOUT MY CONSENT, that would be okay.

If I have a contract with the clerk at the grocery store, I would trust him. If he broke the contract, changed the terms, added new sections, etc, then I would have a reason not to trust him/her.

That's literally like telling me I shouldn't trust my employers with my direct deposit info and my social security. Or that I shouldn't trust the insurance company with the same information, etc.

How is a privacy policy, changed behind users backs, with blatantly offensive auto-opt-in/out features not a violation of a reasonable expectation?