A slightly different way to look at it is "I share some of my contact info with you as long as I can control how you use it (e.g. look but don't re-share, I can revoke it later, etc.)." Facebook allows that kind of control by preventing data export.
Facebook allows that kind of control by preventing data export.
In other words, "If everyone uses Facebook for their data control needs, we'd all have perfect data control."
This sounds suspiciously like an argument for DRM, which all end up failing and being bogus. Remember those email client plugins that would keep people from printing or remailing an email, that would have only worked if just everyone you sent something to had it installed?
Obligatory DRM argument, check. But why even have privacy settings if you're not going to try to enforce them? Just make everything public, resulting in people hardly posting anything, and then the whole social networking thing can just shut down.
My point is that the DRM-style argument can't work because bits can't be restricted in this manner.
I mean, I'm still trying to figure out what "look but don't re-share" means. There's absolutely no way to enforce that.
Facebook saying that they are honoring user's settings is a false sense of security, because your address is accessible to me via my email program, that's how I was able to give it to facebook. I can still use your email address I already had for any purpose.
The only people their policy protects is people you friended on facebook without using email address book integration, but that's not the topic here.
I suppose if the false sense of security gets people to use your website, you can exploit that, but that doesn't mean you can actually enforce it. And somehow I doubt people's email addresses being exposed via facebook is going to keep the majority of people from using facebook: everyone already gets spam, and most people don't know how to track how an email address ends up in spamming lists. Facebook may already be selling email addresses to spammers and most people would never know.
It's actually in facebook's interest to sell email addresses rather than expose email addresses to third party apps that contact you via facebook, because third party apps that contact you via facebook reflect badly on facebook's other (maybe legit) emails that come from facebook's servers/domains.
But why even have privacy settings if you're not going to try to enforce them?
That's a question for Facebook, not us. Don't you think?
However, the thing about Facebook isn't just that doesn't respect own privacy settings (which it hasn't). The thing is the concept of providing strong privacy while sharing within a set of intersecting friendship is essentially contradictory and impossible.
This (impossible) promise is very convenient for Facebook, however, since serves as an incentive, a pretext, for all-controlling environment. Consider, how do you keep your information safe while sharing it? The answer isn't "something sort-of like DRM". The answer is that is exactly, fully the definition of DRM. What Facebook is promising boils down to personal DRM (ie, impossible and opens the door nefarious third parties, etc).
