I find very curious and yet logical the path that facebook is following... I still feel bugged about their ACLs: friends, friends of your friends and everyone... the problem is with the middle one, "friends of your friends" what does that really mean and why would someone ever chose to use it? Can I really trust the friends of my friends? and if that is the case then why I don't trust the friends of my friends' friends? See my point?
Anyhow, I've been involved with security and privacy for several years now in way way or another and I still have to see an easy to use yet effective system to manage privileges; lets see how facebook tackles the challenge.