Huh? It's pretty easy. Give users the proper ability to control what of their information is and isn't private. That's it.
The situation as it stands now:
* Facebook tries as hard as it can to make it impossible for a user to liberate their information from the system (either to ditch Facebook for a new system, or to run both in parallel).
* Facebook constantly has bugs/oversights/intentional misrepresentations that allow 3rd parties to get access to user information that the user though they had ultimate control over. This information obvious isn't a click-button interface to access, but the people trying to harvest that type of information are more technical (or will just hire more technical people) than the majority Facebook's user-base.
The ultimate goal is give the user control and meet user expectations:
* When a user says, "Hide my email from everyone but my friends," they don't want there to be some way for a 3rd party or a friend of a friend to url-hack their way to that information (even if they don't know what url-hacking even means; don't prey on user ignorance, and claim that you're ethical).
* The user does want the ability to export the information that they have in the system. Don't hide behind some excuse like, "You can't export all of your friends' contact information because that information belongs to your friends." As long as your friends have given you access to see it, then you have access to that information. It's not a privacy violation if you allow a user to export data that they have read-access to. If your friend revokes access to their (e.g.) email address down the road, that doesn't mean that you still don't know what it is. You could have manually entered it into Gmail, or your physical address book. An export feature is just an automation of this process, not a privacy violation.
It's not a privacy violation if you allow a user to export data that they have read-access to.
That applies more to email addresses than photos.
Of course, you can persuasively argue that users want their friends to have the right to save their contact information but not necessarily their photos (after all, contact information is worthless if you can't save it).
The situation as it stands now:
* Facebook tries as hard as it can to make it impossible for a user to liberate their information from the system (either to ditch Facebook for a new system, or to run both in parallel).
* Facebook constantly has bugs/oversights/intentional misrepresentations that allow 3rd parties to get access to user information that the user though they had ultimate control over. This information obvious isn't a click-button interface to access, but the people trying to harvest that type of information are more technical (or will just hire more technical people) than the majority Facebook's user-base.
The ultimate goal is give the user control and meet user expectations:
* When a user says, "Hide my email from everyone but my friends," they don't want there to be some way for a 3rd party or a friend of a friend to url-hack their way to that information (even if they don't know what url-hacking even means; don't prey on user ignorance, and claim that you're ethical).
* The user does want the ability to export the information that they have in the system. Don't hide behind some excuse like, "You can't export all of your friends' contact information because that information belongs to your friends." As long as your friends have given you access to see it, then you have access to that information. It's not a privacy violation if you allow a user to export data that they have read-access to. If your friend revokes access to their (e.g.) email address down the road, that doesn't mean that you still don't know what it is. You could have manually entered it into Gmail, or your physical address book. An export feature is just an automation of this process, not a privacy violation.