This seems like a fundamental flaw in the client-server model when hosting social/personal information. The server host must pay the electric bill (3rd party) leading to a natural conflict with the interests of the user.

I'd like to think that there is a market rather than regulatory solution. But the story of Zero Knowledge Systems (http://en.wikipedia.org/wiki/Radialpoint#History) shows that retail privacy did not find a market during the DotCom boom. Perhaps highly sensitive social network content will change that.

I would like to see some privacy laws that effectively stated that:

1) All privacy settings must be easy to find, and govern the level of privacy of all aspects of communication.

2) All use of your data on a given service must be disclosed in plain English on an easy to find part of the site.

3) All sites are required to have a "scrub" feature that a user can use to delete all data associated with him from the service.

I am often concerned by how much of my info is out there, even though I try to control it as much as possible. I don't want to slide to the side of being the equivalent of an internet hermit, however. But sometimes you really don't have a choice, it's either be a hermit or let advertisers have your information.

Wish that would change.

Regarding your point #3: how would "scrub" work with interconnected user data? Comment threads like this one are a good example; my comment is dependent on yours for context. Should you be able to delete your data and leave my comment dangling? If so, should your deletion cascade to my related data? Shouldn't I have a say in that?

Certainly that's a grey area, but I don't see why such posts couldn't just replace the user with "Unknown User" and leave the actual data there. Definitely there'd be a problem with conversations when some posts disappear. But I should still be able to detach myself from those things.

This becomes a bigger problem when you're dealing with quoting.

Suppose I wrote something like: "As MrCharles said above, it's a grey area, but...".

So then what? Do we scrub all mentions of your username down the thread? What about typos?

Don't get me wrong -- I'm all for a scrubbing mechanism -- but it's a complicated problem.

"I don't want you using anything I might have done here to make money," said the guy who just got a bunch of not-free-to-create, not-free-to-serve content for nothing.

We can bemoan the current state of things all we like, but people still need to be paid for their time. The only real effect of the type of privacy legislation Schneier advocates would be to make explicit and thorough opt-in mandatory in order to access most content - the average individual would effectively have less privacy than they did before the legislation.

You hear about them on here "all the time", and yet you've never heard of them? How does that work?

Well except for here. This Paul Graham persona must be some kind of inside joke here.