It’s a quick read, but in a nutshell: in 2005, the user controlled where information went. By December 2009, Facebook considered some information to be publicly available to everyone, and exempt from privacy settings.
I vaguely remember Esther Dyson describing privacy more than two decades ago as a good users would trade. That’s how I read the time line. It’s an implicit negotiation between Facebook and its users over the value of personal information (let’s call it Privacy, for short) vs. the value of the service Facebook provides (call it Service).
In the early days, the service had few users, and the network effect hadn’t kicked in. Facebook needed users more than they needed Facebook, and so Facebook had to respect privacy – it was worth more to users than the Facebook service was:
Service << PrivacySince the value of a social network grows exponentially as the number of members increases, the value of the service S grew rapidly as membership increased. A user’s perception of the value of privacy didn’t change much; it probably grew a little, but not exponentially. Probably sometime around 2008, the value of the service started overtaking the value of privacy:
Service ≈ PrivacyFacebook’s hard-nosed approach to privacy (or lack of it) makes clear that it now has the upper hand in the negotiation. An individual user needs Facebook more than vice versa:
Service > PrivacyOne take-away from this story is that the privacy settings users will accept are not a general social norm, but the result of an implicit negotiation between the customer and supplier. When a supplier becomes indispensable, it can raise its prices, in explicitly ($$) or implicitly (e.g. privacy conditions). Other services therefore should not assume that they can get away with Facebook’s approach. They can make virtue of necessity by offering better privacy protection – at least until the day when their service is so valuable that they, too, can change the terms.