The privacy settings just seemed completely insane. Let’s use one’s sexual orientation as (spicy) example and assume we have two facebook users, A and B, with the following privacy settings:
A does not allow apps to see A’s sexual orientation.
A does allow all other accesses.
B does allow all accesses.
If B now runs an application, it would seem like B’s application shouldn’t see A’s sexual orientation, because A denies applications that piece of information. However, it seems like Facebook uses B’s privacy settings, which grant all accesses. The result is that B’s application can see A’s sexual orientation. This seems wrong.
I’ve realized, though, that in principle there is nothing wrong with this. Since B can see A’s sexual status, B’s application could ask B to manually enter it, and the application would still know about it. The desire to apply A’s privacy settings to B’s applications really only prevent automation, not the spread of information.
I would still like Facebook to change this, but if I really want to maintain my privacy, I probably have to abstain from using Facebook at all: The least fixpoint of entities that have my information is not small at all.
PS: Now I am going to post this on Facebook.