With its new advertising infrastructure, Facebook is being careful to protect privacy of information. But they are bucking — and perhaps helping to transform — the norms of privacy. At its most basic, Facebook is getting the defaults wrong.

The new ad infrastructure enables Facebook to extend their reach onto other companies' sites. For example, if you rent a copy of "Biodome" from Blockbuster.com, Blockbuster will look for a Facebook cookie on your computer. If it finds one, it will send a ping to Facebook. The Blockbuster site will pop up a "toast" (= popup) asking if you want to let your friends at Facebook know that you rented "Biodome." If you say yes, next time you log into Facebook, Facebook will ask you to confirm that you want to let your friends know of your recent rental. If you say yes, that becomes an event that's propagated in the news feed going to your friends.

Facebook has also created a new type of entity to allow non-people to have a presence in the system. So, a company or a character can now get a "page," but not a profile. It can have "fans" but not "friends." And the fact that you decided to become a fan of Cap'n Crunch is yet more information advertisers can use against you.

Facebook makes an astounding array of information available to its advertisers so that they can precisely "target" likely suspects. This is great for advertisers, and — given that the ad space is going to be filled up one way or another — it's arguably better for users to see ads that are relevant than are irrelevant. (The counter-argument is that targeting makes ads more successfully manipulative, not just more relevant.) Facebook is scrupulous, however, about not letting advertisers know the identity of those to whom it's advertising. So, Blockbuster might buy ads for all men aged 18-24 who have joined the Pauly Shore fan club, but Blockbuster doesn't know who those people are.

When Facebook talks about preserving user privacy, that's what they have in mind: They do not let advertisers tie the information about you in a profile (your age, interests, etc.) to the information that identifies you in your profile (your name, email address, etc.). That is the informational view of privacy, and Facebook is likely to continue to get that right, if only because so many governmental agencies are watching them. I also think that the Facebook folks understand and support the value of maintaining privacy in this sense.

Yet, I find myself creeped out by this system because Facebook gets the defaults wrong in two very significant areas.

When Blockbuster gives you the popup asking if you want to let your Facebook friends know about your rental, if you do not respond in fifteen seconds, the popup goes away ... and a "yes" is sent to Facebook. Wow, is that not what should happen! Not responding far more likely indicates confusion or dismissal-through-inaction than someone thinking "I'll save myself the click."

Further, we are not allowed to opt out of the system. At your Facebook profile, you can review a list of all the sites you've been to that have presented you with the Facebook spam-your-friends option, and you can opt out of the sites one at a time. But you cannot press a big red button that will take you out of the system entirely. So, if you've deselected Blockbuster and the Manly Sexual Inadequacy Clinic from the list, if you go to a new site that's done the deal with Facebook, you'll get the popup again there. We should be allowed to Just Say No, once and for all.

Why? Because privacy is not just about information. It's all about the defaults.

If a couple is walking down the street, engaged in deep and quiet conversation, it certainly would violate their privacy to focus listening devices on them, record their conversation, and post it on the Internet. The couple wold feel violated not only because their "information" — their conversation — was published but because they had the expectation that even though their sound waves were physically available to anyone walking on the street who cared to listen, norms prevent us from doing so. These norms are social defaults, and they are carefully calibrated to our social circumstances: The default for sidewalks is that you are not allowed to intercede in private conversations except in special circumstances. The default for showing up at a wedding party is that they can ask whether you're with the bride or groom's party, but they can't ask you to show a drivers license. The default at some schools is that your grades will be posted on a public bulletin board and at others that they will not. When we violate these norms, various forms of social opprobrium ensue. We even have special words for different types of violations: eavesdropping, being nosy, being a blabbermouth, etc.

Facebook is getting privacy right where privacy is taken as a matter of information transfer. But it is getting privacy wrong as a norm. Our expectation is that our transactions at one site are neither to be made known to other sites nor made known to our friends. We may well want to let our friends know what we've bought, but the norm and expectation is that we will not. Software defaults generally ought to reflect the social defaults. And when you're as important as Facebook — two billion page views a day — your software's defaults can nudge the social defaults.

Our privacy norms are changing rapidly. They have to because we've now invented so many new ways to be in public. That's why Facebook's move is especially disappointing. Although they are rigorously supporting informational privacy, they are setting the defaults based not on what's best for their users but on what's best for them. It's clearly and inarguably better for users to be able to opt out of the entire third-party system, but it's clearly more lucrative for Facebook to make it hard to opt out (not to mention making it an opt in system).

Businesses always choose sides, implicitly or explicitly. Facebook has been notable for being on its users' side. Not in this case. In fact, because this new ad plan invokes Facebook on other companies' sites, it feels like we're being ganged up on. Even worse, in this case the gang is so strong, it could reshape privacy's norms.