Computer Ethics, Fall 2011

Corboy 423;  7:00-9:30 Th, Sept 29, Class 5

Readings:
Paper 1, due Friday Sept 30


They are watching you: http://www.youtube.com/watch?v=8JNFr_j6kdI.

Is this a real threat? (See especially the section between 0:45 and 1:25)

I'm offering this as an example of a possible threat, but which definitely has elements of "paranoia" as well. (I imagine somewhere on YouTube there's a video of someone explaining the dangers of the government eavesdropping on your conversations by beaming lasers on your windows.)

Privacy

What is privacy all about? Baase (p 45) says it consists of
Are these all? Note that Baase put control of information as #2; I moved it to #1.

In some sense the second one is really a different category: the need to get away from others. A technological issue here is the prevalence of phones, blackberries, and computers and the difficulty of getting away from work.

The third one is to some degree a subset of the first: who gathers information about us, and how is it shared? Another aspect of the third one is freedom from GOVERNMENTAL spying. Privacy from the government is a major part of Civil Liberties.

Privacy is largely about our sense of control of who knows what about us. We willingly put info onto facebook, and are alarmed only when someone reads it who we did not anticipate.

Privacy from:
Sometimes, when we try to argue for our privacy, we get asked what do you have to hide? Is this fair?

On the other hand, should we care at all about privacy? Or is it just irrelevant?

Strange history: once upon a time we were mostly concerned about privacy from the government, not from private commercial interests.


Once upon a time, concern about privacy was on the decline. People knew about the junk-mail lists that marketers kept, but it did not seem important, especially to younger people.

In the last few years, privacy has become a significant issue. Why is this?

Psychologists have ways of defining general personality traits, eg the OCEAN set of
(The Myers-Briggs system has four dimensions, and classifies you as at one end or the other (eg extraverted or introverted) on each axis.)

Are we approaching the point that outsiders can create a psychological profile of us using online data only?

Is this even what we mean by losing our privacy? Psychologists have suggested that "getting to know someone" is based significantly on the slow voluntary exchange of personal information.

Or is it much simpler: perhaps the marketing information about us was too remote for us to be concerned, but that Facebook has ushered in a new era of online information about our social situation: friends, events, likes, and that these are the things that are relevant in our day-to-day interactions with others.


What do computers have to do with privacy?

Old reason: they make it possible to store (and share) so much more data
Newer reasons: 
 
Baase, p 45: Communist East-German secret police Stasi, and non-computerized privacy invasion

Fourth amendment:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.

Baase p 47: computers "make it easy to produce detailed profiles of our personal characteristics, relationships, activities, opinions, and habits"

Maybe also of what sales pitches we're likely to respond to??
 
Some non-governmental privacy issues:


Maybe some of the most sensitive information gathered about us today is our location, typically from a cellphone. Traditional phones do not necessarily track GPS in real time, unless an emergency call is placed, but "smartphones" do this continuously in order to display advertisements for nearby businesses. What undesireable things could be done with this information?

We will return to this later.

 
http://pleaserobme.com, listing twitter/foursquare announcements that you will not be At Home (now "off"; I wish I'd kept some sample data)


In ~1990, a big privacy issue was Caller ID. Whose privacy was at stake?
 
Facebook has made us our own worst privacy leakers.

Facebook and college admissions, employment, any mixed recreational & professional use


Some specific things we may want to keep private, from a few years ago:
In keeping these sorts of things private, are we hiding something?

More significantly, what has the rise of Facebook done to this list? How much do we care about this "general background" information as opposed to the kind of information that leaks out of Facebook: who we partied with last night, what we drank, who we partied with five years ago, where we were last night given that we said we would be volunteering at the soup kitchen?

Sometimes we want to keep things private simply to avoid having someone else misinterpret them.

Is this list what is really important to us in terms of privacy? Or are we really only concerned with more intangible attributes?


Why do we care about privacy? Is it true that we wouldn't care if we had nothing to hide? What about those "minor transgressions"  on the list? Are they really minor?

Or is is true that "we live 'in a nation whose reams of regulations make almost everyone guilty of some violation at some point'" [Baase p 69]

Once upon a time (in the 1970's) there was some social (and judicial) consensus that private recreational drug use was reasonably well protected: police had to have some specific evidence that you were lighting up, before they could investigate. Now, police are much more free to use aggressive tactics (eg drug-sniffing dogs without a warrant, though they can't use thermal imaging without a warrant).

Is this a privacy issue?

On page 47, Baase quotes Edward J Bloustein as saying that a person who is deprived of privacy is "deprived of his individuality and human dignity". Dignity? maybe. But what about individuality? Is there some truth here? Or is this overblown?

On page 67, Baase quotes Justice William O. Douglas as saying, in 1968,

In a sense a person is defined by the checks he writes. By examining them agents get to know his doctors, lawyers, creditors, political allies, social connections, religious affiliation, educational interests, the papers and magazines he reads, and so on ad infinitum.

Nowadays we would add credit-card records. Is Douglas's position true?

Privacy from the government

This tends not to be quite as much a COMPUTING issue, though facial recognition might be an exception. "Matching" was an exception once upon a time. Interception of electronic communications generally fits into this category; the government has tried hard to make sure that new modes of communication do not receive the same protections as older modes. They have not been entirely successful.
   
To large extent, we'll deal with this one later.

One of the biggest issues with government data collection is whether the government can collect data on everyone, or whether they must have some degree of "probable cause" to begin data collection. On p 73 of Baase there is a paragraph about how the California Department of Transportation photographed vehicles in a certain area and then looked up the registered owners and asked them to participate in a survey on highway development in that area. Why might that be a problem?

Canadian position: government must have a "demonstrable need for each piece of personal information collected".
   

Commercial data, based on transaction history
    Primary use is some sort of marketing

Other data
    legal, workplace, medical, etc
    Traditional "paper" data;
    The computerization issue is easy/universal access to such data
   
personal
    facebook, etc
     

Some data collection that we might not even be aware of:

Google Buzz

Google Buzz was google's first attempt at a social-networking site, back in ~2009[?]. When it was first introduced, your top gmail/gchat contacts were made public as "friends", even though the existence of your correspondence may have been very private. For many, the issue isn't so much that yet another social-networking site made a privacy-related goof, but that it was google, which has so much private information already. Google has the entire email history for many people, and the entire search history for many others. The Google Buzz incident can be interpreted as an indication that, despite having so much personal information, Google is "clueless" about privacy. At the very least, Google used personal data without authorization.

For many people, though, the biggest issue isn't privacy per se, but the fact that their "google profile" overnight became their buzz page, without so much as notification.

See http://www.nytimes.com/2010/02/15/technology/internet/15google.html.
Or http://searchengineland.com/how-google-buzz-hijacks-your-google-profile-36693.

Tyler Clementi

On September 19, 2010, Rutgers University Tyler Clementi asked his roommate to be out of the room for the evening. Clementi then had a sexual encounter with another male. The roommate, meanwhile, turned on his webcam remotely from a friend's room, watched the encounter, and streamed it live over the internet.
(More at http://news.yahoo.com/s/ap/20101001/ap_on_re_us/us_student_taped_sex.)

Three days later Clemente leapt to his death from the George Washington bridge, presumably because he felt "outed".

How much is this about harassment of homosexuals?

How much is this about bullying?

How much is this about invasion of privacy?

Would the situation be seen differently if  Clemente's tryst had been with a woman?

Is this at all about "cyber harassment"?

Is it about abuse of "social media"?

What about "outing" that was once relatively common within the gay community?

What about Erin Andrews, the ESPN reporter who was videoed while undressed in her New York hotel room, allegedly by Michael Barrett, apparently now convicted? This video too was circulated on the internet; the case made headlines in July 2009 (though when the videos were actually taken is unclear). Barrett got Andrews' room number from the hotel, reserved a room next to hers, and either modified the door peephole somehow, or drilled a hole through the wall and added a new peephole.

Is Andrews' situation any different from Clementi's? (Aside from the part about damages to hotel property).

What should the law say here? Is it wrong to place security cameras on your business property? Is it wrong to place "nannycams" inside your house? What sort of notice do you have to give people?

When we record the ACM lectures at Loyola, what sort of notice do we have to give the audience? The speakers?

Note that in Illinois it is a felony to record conversations without the consent of all parties, even in a public place. But there is a downside to this: you also cannot record the police if they stop or harass you, and you cannot record others who harass you (eg in the workplace). More at http://www.chicagobreakingnews.com/2010/08/aclu-challenges-illinois-eavesdropping-act.html. For a stronger slant on the recording-police issue, see http://gizmodo.com/5553765/are-cameras-the-new-guns (there is at least some evidence that the Illinois law in question was intended to disallow recording of police).


Note: Under New Jersey’s invasion-of-privacy statutes, it is a fourth degree crime to collect or view images depicting nudity or sexual contact involving another individual without that person’s consent, and it is a third degree crime to transmit or distribute such images. The penalty for conviction of a third degree offense can include a prison term of up to five years.

New Jersey lists "nudity" and "sexual contact" as entitled to privacy; some other states list "expectation of privacy".

One final note: if Clementi killed himself simply because he had been "outed", then any sex partner could have outed him legally. Sex partners could not legally have filmed him without his consent, but (like the Paris Hilton sex tape) a lover could later release a tape that had been made with consent, or simply release a textual narrative.

AOL search leak, 2006

Baase p 48: search-query data: Google case, AOL leak.
In August 2006, AOL leaked (actually, released) 20,000,000 queries from ~650,000 people. MANY of the people involved could be individually identified, because they:
Many people searched for medical issues.

Wikipedia: "AOL_search_data_scandal"
    Thelma Arnold

Mirror site: http://gregsadetsky.com/aol-data/
   
An article:
http://www.techcrunch.com/2006/08/06/aol-proudly-releases-massive-amounts-of-user-search-data

Google strongly resisted releasing "anonymized" search data to the government.

What would make search data sufficiently anonymous?

Question: Is it ethical to use the actual AOL data in research? What guidelines should be in place?

Are there other ways to get legitimate search data for sociological research?

Where is google-search-history stored on your computer?

What constitutes "consent" to a privacy policy?
Are these binding? (Probably yes, legally, though that is still being debated)

Have we in any way consented to having our search data released?

Pennsylvania school laptops

In the Lower Merion school district in Ardmore PA, school-owned laptops were sent home with students. School officials have now been accused of spying on students by turning on the laptops' cameras remotely, while the laptops were in the students' homes.

The school's position is that remote camera activation was only done when the laptop was reported lost or stolen, as part of the LANRev software package (see also the open-source preyproject.com site). Note that the current owners of LANRev now state:

We discourage any customer from taking theft recovery into their own hands," said Stephen Midgley, the company's head of marketing, in an interview Monday. "That's best left in the hands of professionals."

However, the AP article on the incident states the following:

The Robbinses said they learned of the alleged webcam images when Lindy Matsko, an assistant principal at Harriton High School, told their son that school officials thought he had engaged in improper behavior at home. The behavior was not specified in the suit.

"(Matsko) cited as evidence a photograph from the webcam embedded in minor plaintiff's personal laptop issued by the school district," the suit states.

Supposedly the camera was activated because the laptop was reported as missing, but that in the case in question the laptop was declared missing by the school because insurance fees were not paid. Matsko saw the student ingesting something that looked to her like drug capsules; the student in question claimed it was Mike-and-Ike candy and there was considerable corroborating evidence that that was the case.

Some technical details, including statements made by Mike Perbix of the school's IS department, are available at http://strydehax.blogspot.com/2010/02/spy-at-harrington-high.html. The stryde.hax article also makes the following claims:
The first, if true, would seem odd; the other points are fairly standard (though black electrical tape is wonderfully effective at disabling what the camera can see).

Note that public schools are part of the government, and, as such, must abide by the Fourth Amendment (though schools may be able to search lockers on school property). (Loyola, as a private institution, is not so bound, though there are also several Federal statutes that appear to apply.)

Students and parents do sign an Acceptable Use policy. However, a signature is required for the student to be issued a laptop. Also, students are minors, and it appears to be the case that parents are not authorized to sign away the rights of minors.

In April 2010 the school's attorneys issued a report claiming there was no "wrongdoing", but nonetheless documenting rather appalling privacy practices. Some information from the report is at http://www.physorg.com/news192193693.html. The most common problem was that eavesdropping was not terminated even after the equipment was found.

Another school-laptop case

(Will these ever stop?)

Susan Clements-Jeffrey, 52-year-old long-term substitute teacher at Keifer Alternative School (K-12) in Springfield OH,  bought a used laptop from one of her students in 2008. She paid $60 for it. That's cheap for a laptop, but the non-free application software had been removed and, well, the case sort of hinges on whether it was preposterously cheap. The lowest prices I could find for used laptops were ~$75, on eBay.

The laptop in fact had been stolen from Clark County School District in Ohio, and on it was LoJack-for-Laptops software to allow tracking. Once it was reported missing, the tracking company, Absolute Software, began tracking it. Normal practice would have been to track it by IP address (the  software "phones home" whenever the computer is online, and then turn that information over to the police so they could find out where it was located, but Absolute investigator Kyle Magnus went further: he also recorded much communication via the laptop (including audio and video).

Clements-Jeffrey used the laptop for intimate (that is, sexually explicit) conversation with her boyfriend. Absolute recorded all this, including at least one nude image of Clements-Jeffrey from the webcam. Police eventually did come and retrieve the laptop; theft charges were quickly dropped.

Clements-Jeffrey, however, is now suing Absolute for violation of privacy, under the Electronic Communications Privacy Act that forbids interception of electronic communication. Absolute's defense has been that Clements-Jeffrey knew or should have known the laptop was stolen, and if she had in fact known this then her suit would likely fail. However, it seems likely at this point that she did not know this.

Absolute has also claimed that they were only acting as agent of the government (ie the school district). The school district denies any awareness that eavesdropping might have been done. And claiming that actions on behalf of a school district are automatically "under color of law" seems farfetched to me.

In August 2011, US District Judge Walter Rice ruled that Clements-Jeffrey's lawsuit against Absolute could go forwards.

More at http://www.wired.com/threatlevel/2011/08/absolute-sued-for-spying.

Event data recorders in automobiles

Who owns the data? Should you know it is there?

What if it's explained on page 286 of the owners manual?

Should it be possible for the police or the vehicle manufacturer to use it AGAINST you at a trial?

See wikipedia: "Event_data_recorder"

Facebook and privacy

When did Facebook stop being "closed", ie access was limited to your "network" (eg Loyola)? Did anyone care?

Facebook privacy issues are getting hard to keep up with!

Facebook know a lot about you. It knows
In May 2010 Facebook made perhaps their most dramatic change in privacy policy, when they introduced changes requiring that some of your information be visible to everyone: your name, your schools, your interests, your picture, your friends list, and the pages you are a "fan" of. Allegedly your "like" clicks also became world-readable. Here's an article by Vadim Lavrusik spelling out why this can be a problem: http://mashable.com/2010/01/12/facebook-privacy-detrimental. Lavrusik's specific concern is that he sometimes joins Facebook groups as part of journalistic investigation, not out of any sense of shared interest.

Here's a timeline of the progressive privacy erosion at facebook: eff.org/deeplinks/2010/04/facebook-timeline

Around the same time Facebook also proposed "sharing" agreements with some other sites, and made data-sharing with those sites the default. Some of the sites (from readwriteweb.com) are:
Eventually Facebook has again stepped back from a full roll-out of the sharing feature.

Facebook has long tinkered with plans for allowing a wide range of third-party sites to have access to your facebook identity. Back in 2007, this project was code-named Beacon. Supposedly the Beacon project has been dropped, but it seems the idea behind it has not.

Ironically, third-party sites might not need Facebook's cooperation to get at least some information about their visitors (such as whether they are even members of Facebook). Your browser itself may be giving this away. See http://www.azarask.in/blog/post/socialhistoryjs. (Note that this technique, involving the third party's setting up invisible links to facebook.com, myspace.com, etc, and then checking the "link color" (doable even though the link is invisible!) to see if the link has been visited recently, cannot reveal your username.)

After resisting the May 2010 uproar for a couple weeks, Facebook once again changed. However, they did not apologize, or admit that they had broken their own past rules.

Here's an essay from the EFF, http://www.eff.org/deeplinks/2010/05/facebook-should-follow, entitled Facebook Should Follow Its Own Principles, in which they point out that Facebook's 2009 principles (announced after a similar uproar) state

People should have the freedom to decide with whom they will share their information, and to set privacy controls to protect those choices.

But Facebook's initial stance in 2010 was that users always had the freedom to quit facebook if they didn't like it. Here's part of Elliot Schrage, FB VP for Public Policy, as quoted in a May 11, 2010 article at http://bits.blogs.nytimes.com/2010/05/11/facebook-executive-answers-reader-questions:

Joining Facebook is a conscious choice by vast numbers of people who have stepped forward deliberately and intentionally to connect and share. We study user activity. We’ve found that a few fields of information need to be shared to facilitate the kind of experience people come to Facebook to have. That’s why we require the following fields to be public: name, profile photo (if people choose to have one), gender, connections (again, if people choose to make them), and user ID number.

Later, when asked why "opt-in" (ie initially private) was not the default, Schrage said

Everything is opt-in on Facebook. Participating in the service is a choice. We want people to continue to choose Facebook every day. Adding information — uploading photos or posting status updates or “like” a Page — are also all opt-in. Please don’t share if you’re not comfortable.

That said, much of your information is still public by default.


Two weeks after Schrage's claim that users would always be free not to use Facebook if they didn't like it, Facebook CEO Mark Zuckerberg weighed in, with a May 24, 2010 article in the Washington Post: http://www.msnbc.msn.com/id/37314726/ns/technology_and_science-washington_post/?ns=technology_and_science-washington_post. In the article, Zuckerberg does not seem to acknowledge that any mistakes were made. He does, however, give some Facebook "principles":
The first principle is a step back from the corresponding 2009 principle.

Facebook vigorously claims that your information is not shared with advertisers, by which they mean that your name is not shared. However, your age, interests, and general location (eg town) are shared, leading to rather creepy advertisements at best, and cases where your identity can be inferred at worst.

Recall that advertisers are Facebook's real customers. They are the ones who pay the bills. The users are just users.

 
Deja News, once at deja.com (now run by google): where is it now? It still lets you search archives of old usenet posts, though the social significance of that is reduced in direct proportion to the reduced interest in Usenet. Think of being able to search for someone's years-old facebook posts, though (and note that there's no reason Facebook can't just enable this).
 

 
Facebook mini-feeds, Baase p 55
Allowed active notification to your friends whenever you change your page. Why was this considered to be a privacy issue?

I note that lots of people have left these enabled.

The mini-feed issue originally came up in 2006. However, modifications of the feature still occasionally reopen the privacy issue. The latest issue is that you can get "realtime" minifeed updates, and also somewhat fine-tune which updates you receive about whom; you can thus "eavesdrop" on someone by subscribing to everything they do on FB, and then monitoring the feed. See http://www.infoworld.com/t/social-networking/facebook-makes-it-easier-ever-eavesdrop-173657 for more detail. (Note on 9/29/2011: I could not get the realtime feeds shown in the infoworld article, now over a week old. Maybe FB has dropped this feature? Maybe the feature was timed to coincide with the public opening of google+?)

Is this a privacy issue or not?

Whatever one says about Facebook as a source of privacy lost, it is pretty clear to everyone that posting material to Facebook is under our control, though perhaps only in the sense that we participate in Facebook voluntarily. Thus, the Facebook privacy question is really all about whether we can control who knows what about us, and continue to use Facebook.

Facebook reapers

How about this site: Social Intelligence Corp, www.socialintel.com.

What they do is employee background screening. They claim to take some of the risk out of do-it-yourself google searches, because they don't include any information in their report that you are not supposed to ask for. What they do is gather all the public Facebook information about you (and also from other sources, such as LinkedIn), and store it. They look, in particular, for
While they do not offer this upfront, one suspects they also keep track of an unusually large number (more than four?) of drunken party pictures.

Think you have no public Facebook information? Look again: the information does not have to have been posted by you. If a friend posts a picture of you at a party, and makes the album world-viewable, there went your chance for that job at IBM.

To be fair, Social Intelligence is still fine-tuning their rules; the latest version appears to be that they keep the information for seven years, but don't release it in a report unless it's still online at the time the report is requested. Unless things change, and they need to go back to the old way to make more money.

In June 2011 the FTC ruled that Social Intelligence's procedure was in compliance with the Fair Credit Reporting Act.

See:
Is this a privacy issue?

Facebook and other sites

Facebook now shows up on unrelated sites. Sites are encouraged to enable the Facebook "like" button, and here's an example of theonion.com displaying my (edited) friends and their likes: http://cs.luc.edu/pld/ethics/theonionplusFB.html. How much of this is an invasion of privacy?

While Facebook does seem interested in data-sharing agreements with non-FB sites, it is often not at all clear when such sharing is going on. The two examples here, for example, do not necessarily involve any sharing. An embedded "like" button, when clicked, sends your information to Facebook, which can retrieve your credentials by using cookies. However, those credentials are hopefully not shared with the original site; the original site may not even know you clicked "like". As for the box at theonion.com listing what my friends like, this is again an example of "leased page space": Facebook leases a box on theonion.com and, when you visit the site, it retrieves your FB credentials via cookie and then fills in the box with your friends' "likes" of Onion articles. The box is like a mini FB page; neither the likes nor your credentials are shared with The Onion.

One concern with such pseudo-sharing sites is that they make it look like sharing is in fact taking place, defusing objections to such sharing. If someone does object, the fact that no sharing was in fact invoved can be trotted out; if there are not many objections, Facebook can pursue "real" sharing agreements with confidence. They also make it harder to tell when objectionable sharing is occurring.

An example of a true data-sharing agreement would be if a restaurant-review site let you log into their site using your Facebook cookies, and then allowed you to post updates about various restaurants.

Facebook "connections": http://www.eff.org/deeplinks/2010/05/things-you-need-know-about-facebook

Your connections are not communications with other users, but are links to your school, employer, and interests. It is these that Facebook decided to make "public" in May 2010; these they did back off from.


Finally, here is a lengthy essay by Eben Moglen, author of the GPL, on "Freedom in the Cloud: Software Freedom, Privacy, and Security for Web 2.0 and Cloud Computing": http://www.softwarefreedom.org/events/2010/isoc-ny/FreedomInTheCloud-transcript.html. Mr Moglen adds some additional things that can be inferred from Facebook-type data:
You get free email, free websites, and free spying too!

Mr. Zuckerberg has attained an unenviable record: he has done more harm to the human race than anybody else his age.

Because he harnessed Friday night. That is, everybody needs to get laid and he turned it into a structure for degenerating the integrity of human personality and he has to a remarkable extent succeeded with a very poor deal. Namely, “I will give you free web hosting and some PHP doodads and you get spying for free all the time”. And it works.

Later:

I’m not suggesting it should be illegal. It should be obsolete. We’re technologists, we should fix it.

Did Google+ fix anything? Does anyone trust google more than Facebook?



Here are some of the June 2010 Facebook privacy settings (that is, a month after the May 2010 shift), taken from privacy settings => view settings (basic directory information). Note that there is by this point a clear Facebook-provided explanation for why some things are best left visible to "everyone".

Your name, profile picture, gender and networks are always open to everyone. We suggest leaving the other basic settings below open to everyone to make it easier for real world friends to find and connect with you.

* Search for me on Facebook
This lets friends find you on Facebook. If you're visible to fewer people, it may prevent you from connecting with your real-world friends.
      Everyone

* Send me friend requests
This lets real-world friends send you friend requests. If not set to everyone, it could prevent you from connecting with your friends.
      Everyone

* Send me messages
This lets friends you haven't connected with yet send you a message before adding you as a friend.
      Everyone

* See my friend list
This helps real-world friends identify you by friends you have in common. Your friend list is always available to applications and your connections to friends may be visible elsewhere.
      Everyone

* See my education and work
This helps classmates and coworkers find you.
      Everyone

* See my current city and hometown
This helps friends you grew up with and friends near you confirm it's really you.
      Everyone

* See my interests and other Pages
This lets you connect with people with common interests based on things you like on and off Facebook.
      Everyone

Here are some more settings, from privacy settings => customize settings (sharing on facebook)

    * Things I share
          o Posts by me (Default setting for posts, including status updates and photos)
                Friends Only
          o Familyused to let you look up old
                Friends of Friends
          o Relationships
                Friends Only
          o Interested in and looking for
                Friends Only
          o Bio and favorite quotations
                Friends of Friends
          o Website
                Everyone
          o Religious and political views
                Friends Only
          o Birthday
                Friends of Friends
         .
    * Things others share
          o Photos and videos I'm tagged in
                Friends of Friends
          o Can comment on posts
                Friends Only
          o Friends can post on my Wall
                Enable
          o Can see Wall posts by friends
                Friends Only
    * Contact information
          o Friends Only

The core problem here is not that these settings are hard to do, or that the defaults are bad. The core problem is simply that you keep having to make new settings, as things evolve. Examples:
Another issue is whether the settings options are user-friendly. Here's a technical analogue: are NTFS file permissions better than Unix/Linux? Yes, in the sense that you can spell out who has access to what. But NTFS permissions are very difficult to audit and to keep track of; thus, in a practical sense, they have been a huge disappointment.