Despite them making strides forward with the settings, they still have glaring holes. This article will show you some of the things the just don't seem to have got right:
- Control of posting from external apps
- If you give an external app access to post to your wall, then it's impossible to set the visibility of that app's posts to anything other than your default visibility. If you use an app that posts on a particular topic and you don't want to spam everyone, then you'll want to restrict it (usually to a group), but you can't. The same thing also (in my opinion) gives facebook places an anti-competetive advantage over Foursquare etc. This is also true of all mobile apps and the web interface. The options are not there.
- Default "per-post" settings
- If you use the privacy control drop down on the main facebook page to adjust the visibility of your posts and select the 'make default' checkbox then it actually does more than just set the default for all future posts - it actually acts as a global filter on all your posts and changes your overall privacy setting so people not in the group can't see your posts, regardless of what visibility they were posted with. If I want my default privacy post to be 'group X' but have the ability to change individually selected posts to 'all friends' then I basically can't do it. You have to make 'all friends' the default and select 'group X' for each post ... which as per the first point you can't do from external apps. I've accidentally stopped people from seeing my wall several times accidentally.
- Visbility of photo albums etc.
- When you create a facebook album with photos there's no way for your friends to tell what visibility they have. If, for example, they wanted to show someone else a facebook album then they can't easily cut & paste the album/photo link and know if it'll work. The only way to check is to cut & pasting into a non-logged in browser (which still doesn't tell you if it has visibility to 'anyone logged in' or 'friends of friends'). Now that's not great in itself, but in most cases there's nothing to stop you sharing individual images within the album anyway and bypassing the restrictions. Just cut and past the 'Download image' fbcdn link.
With the first two points together you can see that it's basically impossible to use list-based access control from a mobile device, which is frankly ridiculous in this day and age.
The first point about not allowing control via external apps is something I tried to feed back to them, however I didn't get a response. That probably says something in itself.
There is also an issue where sometimes if you see "friend X commented on Y's status" then despite you not being able to view Y's stream, you will be able to click on that link and see it. It appears intermittent, but happens enough that it seems to have been a bug for some time now. (If anyone has details of when it happens let me know!)
I've had this blog post in draft for a couple of months and not put it up. I'm posting it now to get it out there, but finally they might have some competition to get them out of their complacent mode. Google+ has just gone into limited trial, and they get the privacy options right in terms of allowing restrictions for any posts easily. It'll be an interesting battle...