Some settings are changing with the recent updates to Facebook privacy, but Facebook’s commitment to providing you control over your information is not. Here’s a summary of what’s changing:

Providing me control over my info…Well, let’s just see, shall we?

• The Privacy page has been simplified, and in that process, some settings have been consolidated. For security reasons, you will now be required to enter your password if you’d like to update your privacy settings.

Huh. Simplified & consolidated – nice way to say “we rearranged the screen and got rid of some of those peskier settings.” And what security reason could justify entering my password to update my privacy settings? If someone has hacked my account that shouldn’t be messing with those settings, then they already have my password! Entering my password a second time does nothing to enhance my security or privacy – and it’s arguably worse without strong encryption being used.

• A privacy control has been added to the publisher at the top of your home and profile page. This allows you to set privacy on individual posts. For example, you could post a status to Everyone or only to Friends. Learn more on the Publisher help page.

OK, even this curmudgeon has to admit this is a good thing.

• Instead of having networks for regions (eg., Australia or New York City), people’s locations are now listed in the “Current City” or “Current Region” field of their profiles. This means if you use the “Friends and Networks” privacy setting, the networks part only applies to work and school networks.

What’s this have to do with security or privacy? Read on…

• A basic set of information is publicly available, meaning it’s visible to anyone that’s able to navigate to your profile, applications you use on Facebook, and websites you connect with via Facebook. This information includes your name, profile picture, gender, current city, networks, friend list, and Pages. Any additional information (eg., photos or videos) will only be exposed if your privacy settings allow it.

This is where facebook is screwing the pooch. By providing all this information publicly, a hell of a profile can be built about any given person. This is a paradise for spammers, scammers, stalkers, and sickos. It’s a tyrannical government’s new tool. It’s a pedophile’s wet dream. And it’s a nightmare for anyone who desires or needs privacy.

Keep in mind that anyone who navigates to your profile will be able to view your publicly available information and information you’ve made visible to Everyone. While you do have the option to hide your Friend List from being visible on your profile, it will be available to applications you use and websites you connect with using Facebook. In addition, your profile picture appears in places you make comments and posts. You can always change your current profile picture or lower your search visibility if you choose.

Oh, yeah, the application gap. It amazes me the amount of info an application can get not just about me, but about my friends. Yes, the API documentation mentions what personal information you’re not supposed to retain about your users, but there’s no system security behind that API to enforce it. Oh, sure, there are the various agreements for facebook developers – but the honor system does no good when facebook does nothing to enforce those agreements. In reality, the more money an application makes, the more ad revenue facebook is getting a cut of – and the less likely they are to do anything about it. So the worst offenders (Zynga, for example) make millions scamming people. It’s only a matter of time before someone sells all the info they’ve mined out of facebook profiles. Maybe that’s why zynga is using iesnare, and maybe that’s why I haven’t heard a peep from facebook since I filed a privacy violation about that issue.

The pages and friendlist are the two most egregious violations of privacy. You can build a fairly good picture of, for example, a person’s political affiliations, religious beliefs, and sexual tendencies, by examining their pages. Why does this need to be public? I used to be able to selectively show that to whoever I wanted or to nobody at all. Same deal with the friendlist – I could customize who would see that (and had it set to only the people I really knew in real life and trusted) – now it’s an all-or-nothing setting. The setting to hide your friendlist from your profile doesn’t even do a thing to ensure the privacy of that. For example, if you’re logged onto facebook, take a look at Mark Zuckerberg’s profile, and you’ll see he has hidden his friendlist from his public profile. However, by appending anybody’s facebook account id or account name to the end of www.facebook.com/friends/?id=, you can see their entire friend’s list, regardless of their privacy settings – this is Zuckerberg’s friend list, which I’m sure he won’t mind being shared like this since that base url is hardly a secret, and the same info can be gotten by platform applications and Connect sites.

Publicly available information includes your name, profile picture, gender, current city, networks, friend list, and Pages. This information makes it easier for friends, family, and other people you know to connect with you.

No, it makes facebook more like twitter, publicizes more of everyone’s info – especially when the search engines start crawling publicly enhanced profiles and putting together their own social graphs – and frankly only makes it easier for more people to connect with me who I don’t want to hear from at all. In reality, despite the way this change has been spun by facebook, I have less control over my information with this change.

The Obama Administration is considering whether to change policy concerning the use of HTTP cookies on government websites. Currently, government officials require a “compelling need” to use persistent HTTP cookies, and must disclose their use in a privacy policy.

In light of this we arbitrarily chose six government websites to determine whether Flash was being used to assign unique values to visitors. Of the 6 government sites we tested, 3 had Flash cookies. Three were set by whitehouse.gov, one of which was labeled, “userId.” Five of these sites used persistent HTTP cookies.

Whitehouse.gov disclosed the presence of a tracking technology in its privacy policy, but the policy does not specify that Flash cookies are present, nor does it provide any information on how to disable Flash cookies.

The White House “disclosure” still doesn’t mention Flash cookies or how to disable them. It does however state the following:

This persistent cookie is used by some third party providers to help maintain the integrity of video statistics. A waiver has been issued by the White House Counsel’s office to allow for the use of this persistent cookie.

If you would like to view a video without the use of persistent cookies, a link to download the video file is typically provided just below the video.

If the White House videos can be viewed without the use of persistent cookies, than what compelling reason is there for this waiver?

This is so like this administration (and the several previous ones as well): Make a rule, then have the White House Counsel issue waivers for it. Obama’s first executive order was to forbid lobbyists from presidentially appointed positions – a waiver for that was issued before the day was out, and in less than a week, the second most important post in the Pentagon was given to a lobbyist. Not to mention Obama’s claim of “sovereign immunity” when it comes to lawsuits against the government concerning warrant-less wiretapping.

Until we have government officials who respect the Rule of Law – instead of the Rule of Individuals – and honor their oath to the Constitution, they shouldn’t expect anyone to trust them.