Ryan Singel at Wired has a clear description of exactly what has changed. As far as I can tell, that includes very little other than to condense the pages and pages of privacy settings into a single page. That single view still uses the opaque references to friends-of-friends and everyone that often defy common expectation of who, exactly, falls into these classes. Worse, the plumbing behind the scenes is as bad as it ever was. Oh, and you may not see this change for a while as it will apparently take time to roll out to everyone.
On further reading, the changes are not entirely superficial. EFF, among others, points out a couple of positive changes. These are reversals of previous policy changes the net effect of which is that your profile “Connections” can be made entirely private and you can now completely opt-out from data sharing with third party applications and web sites. Kevin Bankston’s analysis extends to the remaining issues with both of these critical changes.
For control over “Connections”, the burden is on the user to audit these and reset them to values with which they are comfortable. Shifting the onus onto users is consistent with their passive-aggression around past privacy changes. Zucerkberg is quoted elsewhere justifying this stance based on data demonstrating a sizable fraction of users tweaking their privacy settings. It misses the point that they shouldn’t have to do so in the first place to maintain a reasonable expectation of privacy over time. Also, the citation is disingenuous as if even half the user base leaves the settings alone, that is still 200M users they haven’t reached, that will continue to fuel the race to zero privacy.
Bankston’s critique about the price of opting out of apps and partner sites is valid, though personally it is a deal I am happy to cut. The opt-out is essentially a nuclear option. You cannot white list apps and sites that you do trust, you either have to share with everyone or with no one. In principle, I agree with Bankston but I fear his zeal for empowering user discretion is at odds with any kind of simple interface to achieve this end. I fear pushing this point too hard will re-complexify the new simple settings page.
Finally, Marshall Kirkpatrick articulates the pressing questions that arose from a press call conducted by Zuckerberg. How are we supposed to reconcile inconsistencies in Zuckerberg’s account of changes in December and more recently? Can we really trust someone so willing to glibly edit history to support his view? The contradictory thinking even extends to the reversals made today. At one point in the call, Zuckerberg marginalizes concerns from typical users over privacy, but then says the reversals were motivated by a sense of the right thing to do. Which is it? And how do we know that the company’s moral compass defining what’s right won’t wander from (closer to) true yet again?