Unless you were living under a rock last week, you probably heard about the latest uproar by the traditional and blogger media about Facebook’s privacy (or lack thereof). As the site approaches its 500 millionth user, the world’s most popular social networking site can’t seem to shake the negative press surrounding its approach to privacy and security. In fact, privacy and security was such a hot topic at this week’s mesh 2010 conference that you couldn’t have a conversation where the subject wasn’t mentioned.

Back in the day, I was a Friendster user. I gave them my email address and a few details about what I did for a living, some general interests and that’s about it. That was in 2003. A lot has changed since then.

Earlier in the year, Read Write Web had argued that privacy is still important and that Facebook should be accountable and provide its users with full control over their privacy settings. The EFF argued similar points exhaustively. Posts last week by also highlighted the growing concerns as high profile industry leaders shut down their Facebook profiles, a major security hole exposed private chat conversations and even a member of Facebook’s own board suffered from the result of a hacked account. Danah Boyd, a favourite of mine since I first saw her at her SXSW keynote on privacy this year, has also chimed in with a self-described rant on transparency and her thoughts on Facebook as a utility.

With the growing concerns about privacy and security, a website called quitfacebookday.com (Matthew Milan and Joseph Dee) is rallying Facebook’s users and encouraging them to delete their personal profiles on the world’s most popular social networking coming this May 31. So far 3,302 users have committed to leaving the world’s most popular social networking site through the website and assuming that users actually cancel their Facebook accounts as promised on May 31, the loss of subscribers to Facebook’s almost 500 million base will be the equivalent of an allergy sufferer’s sneeze while facing into a wind tunnel, but to say this would be missing the point. Although many will argue that it’s not the actual number of subscribers that leave Facebook on May 31 that will matter, but the attention generated by this event to the mainstream audience, exposing the decline of privacy in the space where our children and us play (and work).

Matt McKeon wrote an insightful piece about the evolution of Facebook’s default privacy settings from 2005 until April 2010, based on its terms of service. As you can see below, privacy defaults for a brand new user expose nearly everything about the user with the exception of birthday and contact information.

Over the past several years, online services have helped us stay in sync with our friends’ daily lives, with little effort. All we had to do was upload our photos, contacts, emails, employer information, schooling, interests, birthdays, etc, etc. The data store is growing and the potential for misuse becomes greater each day.

This post isn’t a rant about what marketers want do with all of this data, although this is a hot debate amongst privacy advocates around the globe. This also isn’t meant to be a preachy post about the terrible power and ulterior motives of Facebook, Google Buzz and whatever other online service that might house data we expect to be protected. My concern is with the evil-doers that benefit from gaps in privacy and security do with our data and it’s a call to action to all those who would design a system that captures an email address, a phone number, a photo, or something as simple as answer a seemingly simple question, “What are you doing?”

We have a long way to go before we see improvements in the area of online privacy and it’s going to get a lot worse before it gets better. For starters, these online services must have incentives to protect their subscribers data. Right now, there are none. Perhaps we’re at the point where legislation will be needed to protect us, but forcing an organization to care about privacy through legislation isn’t my favourite option.

Until the big media backlash arrives and online users stand up and tell these companies it is unacceptable to use our data by their rules, users of these services are not in a strong negotiating position. Will they delete their online accounts with Google? Facebook? Sure, some will. But the majority will refuse. They’ve come too far and they refuse to go back now.

In light of our weak bargaining position, I’ll sign off with a polite request of developers writing social software for the web: On behalf of Internet users everywhere, please remember that you have been entrusted with data that may or may not seem important to you. Protect it anyway, at all cost.  It’s an enormous responsibility and a thankless job, but it is the path we must take to build a better, safer Internet. Thank you.

Toward the end of my week at the Web 2.0 Expo in San Francisco, I hastily wrote the above post entitled “Charge ‘Em!.”  I asserted that Web service providers offering their services for free are likely doing themselves a disservice and that Internet users need to get used to paying for services they value.

I’ve thought about it some more over the last couple of days and I want to take a shot at building some business theory and context around this argument.  I warn you, I’m going to throw some freshman macroeconomics at you and probably misremember Freakonomics.  I might employ the phrase “irrational exuberance” and, just for fun, I think I’ll lob in a venture capitalist conspiracy theory.

To start, I can think of 5 good reasons to offer a Web service for free:

Passion, pride or generosity

You develop something great and offer it free just for fun, for the respect of your peers or to make a contribution to the Internet community.

As a trial

You believe strongly in your service and believe that users will pay for it after trying it for free for some period.  Of course, it’s tough to raise prices, particularly from free to paid, so be clear that this is the intention from the beginning.

As a gateway to paid services

You have relevant, compelling paid options to enhance the free service.  Our friends at Yola are a great example, adding premium templates, domain names and storage to their free site building.  And they have the revenue to show for it.

To sell your audience

The classic media approach.  Attract users and then sell marketers the opportunity to get their message in front of your users.  The challenge here, and it’s a big one, is that you really need to figure out from the very beginning how to make those third-party messages a welcome part of your user experience.

To acquire valuable data

You give users a valuable service and they give you something in return, data.  Google is an obvious example.  Quantcast is another one for free Web analytics.  There’s a brilliant little B2B company called Ethoca that is building a huge database of transaction data in order to anticipate fraudulent transactions.  Each of their clients contributes data to the “community” so that everyone gets smarter.  On the way to building that database, they brought on some big clients for free.  Now they have valuable data that clients, and possibly third parties, will pay a lot of money for.  The warning here is that your users need to be completely comfortable from the beginning about the contribution they are making.  And your data can’t be so vague (or sensitive to your users) that it’s not actionable.

So, lots of good reasons to support free Web services.  Here’s the problem.  These are all way more difficult than they sound and I believe most free Web services today are following a different model entirely – build a huge following now and figure out how to monetize later.  Hey, it worked for Facebook.  It will probably work for Twitter.  But these services have succeeded by getting so many millions of users that they only need to make a few pennies off of each of them to be wildly successful.  And maybe one in a thousand companies are going to amass that sort of customer base.  It reminds me of the junior drug dealers in Freakonomics who are accepting wages and risks that don’t make any sense because they are fixated on the one guy who got to be the kingpin.  Or the college basketball players who never go to class because they’re all convinced they are going to be NBA players.

These companies are subsidizing their users – offering a service that supply and demand would set at $2.95 a month, for example, for free – with resources they are borrowing from an uncertain future.  Remember the impact of a subsidy on supply and demand?  It shifts the supply curve to the right, lowering the price and increasing quantity.  To continue to meet the demand, the service needs to continue to subsidize it themselves, find buyers for their audience or their data or wrestle the revenue from their users.

It occurs to me that this is a pretty sound strategy if you’re a venture capital firm with 20 or 30 of these companies in your portfolio.  You can afford to send them all long because you have a pretty good chance that one or two will scale through the roof and discover an approach to monetization.  But if your hopes ride on just one of these, it starts to feel more like a lottery ticket.  And the key when you consider a pricing strategy really ends up being time.  If you start off with a paid service or advertisers or a buyer for your data, you’ll find out a whole lot sooner whether you can satisfy all the parties involved.  If you start out offering the subsidy, you could pour years into a service only to find out later that there was never really any way to shove revenue generation into the experience.

I do hate that I sound like such a dowdy pragmatist.  I love the idea of believing so much in a product that you just want to hand it out on a street corner.  I do believe that great innovators will generally be recognized and rewarded somehow.  I am mostly concerned right now that all the parties involved are looking around expecting somebody else to reward them.  Users are hooked on free and figure some advertiser will subsidize them.  Advertisers don’t want to insert themselves someplace that they won’t be welcome and effective.  And investors are going to offer less and less funding if there don’t seem to be any viable sources of revenue.

As an Internet user, I don’t want to rely on anyone else to subsidize me.  And I don’t want to continue to jump from service to service every time the one I’m using starts to get old or disappears entirely.  (I pined for Vindigo for years.  I can name a dozen others.)  I want to pay a fair price for services that I love.  I’m not alone on this.  A friend told me the other day that he begs dailymile to charge him a service fee.  He doesn’t want to take the chance they won’t figure out how to monetize later and he’ll have to somehow motivate himself to run 5 times a week in freezing cold weather.

I know business isn’t always fair.  I know the best service doesn’t always win.  I know you’re competing with services that can pull a deeper subsidy from somewhere.  But I strongly urge Web services and Web users alike to start considering the value of using great services and the cost of losing great services and let the market set an appropriate price.