danah boyd illuminates an interesting privacy loophole in how Facebook allows users to view others’ photos. As she describes it:
A few days ago, Gilad’s eyes opened wide and he called me over to look at his computer. He was on Facebook and he had just discovered a privacy loophole. He had maximized his newsfeed to get as many photo-related bits as possible. As a result, he was regularly informed when his Friends commented on other people’s photos, including photos of people with whom he was not Friends or in the same network as. This is all fine and well. Yet, he found that he could click on those photos and, from there, see the entire photo albums of Friends-of-Friends. Once one of his Friends was tagged in one of those albums, he could see the whole album, even if he couldn’t see the whole profile of the person who owned the album.
There are multiple explanations for what is happening. This may indeed be a bug on the part of Facebook’s. It’s more likely a result of people allowing photos tagged of them to be visible to Friends of Friends through the overly complex privacy settings that even Gilad didn’t know about. Either way, Gilad felt as though he was seeing photos not intended for him. Likewise, I’d bank money that his kid sister’s Friends did not think that tagging those photos with her name would make the whole album available to her brother.
danah correctly sees this as yet another failure of technology designers to understand that privacy is inherently contextual.
danah also notes how “Facebook’s privacy settings are the most flexible and the most confusing privacy settings in the industry”. This conundrum is what prompted me to draft instructions for students on “How to Change your Facebook Privacy Settings”. (Next I plan to make a YouTube video walking them through these various steps).
Finally, danah asks for more feedback regarding particular privacy settings within Facebook:
When I post a photo in my album, let me see a list of EVERYONE who can view that photo. When I look at a photo on someone’s profile, let me see everyone else who can view that photo before I go to write a comment.
This echoes many of the suggestions made by Kathy Dwyer in her recent presentation at AoIR on “Designing Privacy Into Online Communities”.
So much work to do here….
MichaelZimmer.org 
This loophole was exposed last spring when friends of friends of friends of folks like Paris Hilton and The Zuck himself were able to rifle through high-profile photo albums.
I thought this loophole had been fixed, but maybe it was only repaired in the old FB and was overlooked in the redesign? Interesting.
I noticed this a week or so ago. I assumed it was something wonky with the Facebook app for the iPhone.