I read this entire piece out aloud to Dawn just now. Saying 'This is what I've been saying. Isn't this what I've been saying?' She says 'Yep! Just a pity you couldn't articulate it as well as danah boyd" Oh well, at least I can repost some of danah's key points describing the Facebook approach:

For all of the repentance by Facebook, what really bugs me is that this is the third time that Facebook has violated people's sense of privacy in a problematic way.In each incident, Facebook pushed the boundaries of privacy a bit further and, when public outcry took place, retreated just a wee bit to make people feel more comfortable I kinda suspect that Facebook loses very little when there is public outrage. They gain a lot of free press and by taking a step back after taking 10 steps forward, they end up looking like the good guy, even when nine steps forward is still a dreadful end result. Most people... will still believe that Facebook is far more private than other social network sites (even though this is patently untrue). And, unless there is a large lawsuit or new legislation introduced, I suspect that Facebook will continue to push the edges when it comes to user privacy.

danah also explains how Facebook expertly negotiates the confusion about how 'defaults' ought to be set. (after the jump)

In other words, this is "slippery slope" software development. Given what I've learned from interviewing teens and college students over the years, they have *no* idea that these changes are taking place (until an incident occurs). Most don't even realize that adding the geographic network makes them visible to thousands if not millions. They don't know how to navigate the privacy settings and they don't understand the implications. In other words, defaults are EVERYTHING. Most lofty bloggers and technologists argue that if people are given the choice,[to opt out] that's good enough. The argument is that people should inform themselves and suffer the consequences if they don't. In other words, no sympathy for "dumb kids." I object to this line of reasoning. Most people do not have the time or inclination to follow the fine print of every institution and website that they participate in, nor do I think that they should be required to. This is not simply a matter of contracts that they sign, but normative social infrastructure. Companies should be required to do their best to maintain the normative sense of privacy and require that users opt-in to changes that alter that normative sense. In other words, what is the reasonable expectation for privacy on the site and does this new feature change that? Of course, I also understand that this would piss companies off because they make lots of money by manipulating and altering everyday users' naiveté and sense of norms. Still, I think that the default should be "opt-in" and "opt-out" should only be used in situations that would protect users (i.e., a feature that would limit users' visibility). Lots of companies are looking at Facebook's success and trying to figure out how to duplicate it. Bigger companies are watching to see what they can get away with so that they too can take that path. Issues of privacy are going to get ickier and ickier, especially once we're talking about mobile phones and location-based information. As Alison wrote in her previous post on respecting digital privacy, users are likely to act incautiously by default. Thus, what does it mean that we're solidifying the precedent that "opt-out" is AOK?

Good on ya danah. I couldn't have said it better myself.