One thing's for sure, he's a clever one. Harvard's most celebrated dropout since Bill Gates wants to turn an already popular website into a indispensable platform that becomes a kind of web within the web and which can be integrated into all manner of electronic devices, ranging from mobile phones to TV sets. This will have privacy implications across all facets of our lives, not just when we're in front of a computer. Yesterday, Facebook took a big step in the right direction by announcing changes designed to boost confidence in the way it handles personal information supplied by its 500 million-plus members. These acknowledge that not all friends are equal and that you don't have to share every scintilla of information you decide to post with everyone on your extended friends list. Facebook will also allow users to see and manage how third parties use their "public" information. And it has introduced a way to bundle the entire contents of a user's profile and pop it into a portable compacted file. Until now, the company had shown contempt for its users' privacy and has had to make regular tactical retreats after overstepping the mark and exposing a reckless disregard for the sanctity of personal information. These misadventures were not mistakes. They reflect Zuckerberg's personal philosophy of "radical transparency". In January, he told an audience that the concept of privacy was passe, that it was no longer a ''social norm''. While the advent of the world wide web has helped to diminish the need to hit the privacy panic button as frequently, there is still a gulf between Facebook's concept of the norm and everyone else's.

If Zuckerberg actually believes that transparency "will help create a healthier society", he should lead by example. Facebook should also be detailing the extent of the vast trove of personal metadata that is being compiled on the back of information supplied directly and indirectly by its members. Too much of the Facebook-flouts-privacy debate, however, has centred on control over the known information that users willingly divulge on their pages and those of their friends. What has been overlooked is the hoovering up of the digital fingerprints we leave in our online meanderings. These can be sorted, aggregated and then linked back, not to a semi-anonymous IP address or a browser ID, put to a real person with a real name. Then there's the inferred data, or what Columbia University law professor Eben Moglen calls "the data in the holes between the data we already know if we know enough things". And we have no way of knowing what has been collected, recombined, shared and stashed in places we never knew existed, with companies and organisations we never consented to allow into our lives. For example, every time you click one of those ubiquitous Facebook "Like" buttons, which have now spread well beyond the borders of Facebook itself. Or when you update your whereabouts using Facebook Places, the company's new geo-location service.

They always knew your name, age and gender. Now they can tell what you like and where you are or where you have been. And you know what comes next? By knowing where you have been, they'll be able to work out where you are going. Heading home after work? Let's flash up an ad that offers you a discount at your favourite Thai takeaway. Some people may see that as a convenience. I find it creepy. The moment my phone informs me that it knows what I'm going to do next is the moment I ditch the phone. Facebook's advantage over the likes of Google is that it can deliver a more accurate demographic slice of the audience to advertisers. I have no problem with that, as long as I know everything that is being logged under my name and that if I choose not to allow it, there is guarantee that when I choose to remove my data, all of it disappears from Facebook's servers immediately and forever. But this is Facebook's secret sauce, so it's not likely to share it without a fight. And as it grows, Facebook continues to fly below the radar because it remains in private hands, thereby avoiding the kind of intense regulatory scrutiny that comes with a sharemarket listing. In any case, legislation in this area can't keep pace with the rate of change. Supervisors and watchdogs either don't have the skills to tackle well-funded adversaries or don't have the brief to keep them honest.

Yesterday's announcement by Facebook will help to change the perception that the company is just a data miner posing as a social network. But that perception won't be put to rest until we see more evidence that Zuckerberg's "radical transparency" vision will apply first to Facebook's own dealings. Stephen Hutcheon is a Fairfax Media online editor.