Facebook has turned into a piñata, and it seems like everyone is getting their chance to whack it with a stick. So far we haven't seen any candy, but a lot of other interesting stuff has come flying out.

The latest: Instant messages from a 19-year-old Mark Zuckerberg telling the world that anyone who shared their personal information with him was "a dumb f***" (only he didn't use asterisks).

[ Also on InfoWorld: You can't say Cringely didn't warn you in "Facebook wants to control the Web, like it or not" | Now Facebook needs to face the music. | Stay up to date on all Robert X. Cringely's observations with InfoWorld's Notes from the Underground newsletter. ]

See kids? The things you say online when you're a teenager can come back to haunt you. And if you do it on Facebook, well, you're really f*****.

Couple that with various other statements the now-slightly-older billionaire-on-paper has made that privacy is something he and his generation don't give a damn about, and it's no mystery how they got into this mess.

Yesterday, after weeks of getting hammered in the media and called on the carpet by legislators, Facebook finally circled the wagons and called an all-hands meeting to discuss its privacy problem. I'm sure they held hands, sang Kumbaya, and wondered why everyone else hates freedom so much.

If Wikipedia can be believed, today is Zuckerberg's 26th birthday. So in addition to a faux "birthday cake" ($1 at the Facebook virtual gift shop) I'm offering Zucky some advice as a gift.

1. Pull your head out and deal with this

When the backlash about Google Buzz began (from the media, primarily), the Googleheads responded instantly. They did backflips apologizing and rolled out changes within 48 hours. And more changes after that. And still more after that. They got the message loud and clear they'd screwed up.

Facebook? Not so much. It's still not clear Facebook gets it.

In both cases, these large advertising-driven companies made the self-serving assumption their users would rather share their data with the world by default.

Remember that old management cliche about how it's better to ask forgiveness than permission? That doesn't apply here. With user privacy, it's always better to ask permission and, if you hear nothing back, assume you don't have it.

That will, of course, slash your participation rates -- too bad. You want my information, you need to make it worth my while, which brings me to point number two.

2. Tell me what's in it for me

I get why buttering my information across the InterWebs benefits Facebook. I don't understand what I'm supposed to get out of it. What's the benefit to me exactly? Now I can log onto Pandora and it knows what music I like? Pandora already knows what music I like. So now I can go on Yelp and see what my friends recommend? I can already do that on Yelp (or I could, if I ever used Yelp, which I don't).

If there is some tangible reason why I'd want to opt in (yes, not out) to this data sharing, Facebook needs to make it a lot more compelling. Haven't seen it yet.