A repeated refrain of cynics and "infomopolists" alike is that privacy is dead. People are supposed to know that anything on the Internet is up for grabs.
In some circles this thinking turns into digital apartheid; some say if you're so precious about your privacy, just stay offline.
But socialising and privacy are hardly mutually exclusive; we don't walk around in public with our names tattooed on our foreheads. Why can't we participate in online social networks in a measured, controlled way without submitting to the operators' rampant X-ray vision? There is nothing inevitable about trading off privacy for conviviality.
The privacy dangers in Facebook and the like run much deeper than the self-harm done by some peoples' overly enthusiastic sharing. Promiscuity is actually not the worst problem, neither is the difficulty of navigating complex and ever changing privacy settings.
The advent of facial recognition presents far more serious and subtle privacy challenges.
Facebook has invested heavily in face recognition technology, and not just for fun. Facebook uses it in effect to crowd-source the identification and surveillance of its members. With facial recognition, Facebook is building up detailed pictures of what people do, when, where and with whom.
You can be tagged without consent in a photo taken and uploaded by a total stranger.
The majority of photos uploaded to personal albums over the years were not intended for anything other than private viewing.
Under the privacy law of Australia and data protection regulations in dozens of other jurisdictions, what matters is whether data is personally identifiable. The Commonwealth Privacy Act 1988 defines "personal Information" as: "information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained from the information or opinion".
Whenever Facebook attaches a member's name to a photo, they are converting hitherto anonymous data into personal information, and in so doing, they become subject to privacy law.
And yet too many people still underestimate the privacy implications of face recognition. Some technologists naively claim that faces are "public" and that people can have no expectation of privacy. And yet the words "public" and "private" don't even figure in the Privacy Act.
If a government was stealing into our photo albums, labelling people and profiling them, there would be riots.