One of the topics we discuss in my class is the degree of ethical responsibility Facebook has to provide sufficient default privacy settings. That is, when you create a new Facebook account, should FB provide you with tight defaults that you can loosen as you see fit, or should the default to be an open environment where users can revoke access until they are confortable. This argument basically comes down to personal responsibility vs. a provider's obligation to consider the well-being of its users. Should a person be responsible to fully understand the information dissemination architecture of a system to which he entrusts personal information? Or is it unreasonable to assume that the average user will take the time to understand the system, thereby creating a responsibility on the part of the system to protect him? Normally, I side with personal responsibility -- I oppose taxing soda or banning salt in NY restaurants -- because I believe people should do what is in their own best interests. This, however, is a case where I side with imposed protections.
Check out this graphical representation of evolution of Facebook's default privacy settings:
While the scale of the image seems to shift to provide a more dramatic effect, I think it still does provide a pretty accurate description of the direction Facebook is moving in. I remember when I had to provide my Penn email address to sign up for Facebook because it was restricted to the Ivies. Such a setup implicitly granted a degree of privacy. With the gradual opening of the system to the world -- including the advent of public profile pages, visible to those who don't even have Facebook accounts (!) -- Facebook has a responsibility to provide an intuitive, simple set of privacy controls for its users -- and to restrict access by default!