To start off here are the official links to the current Facebook policies.
The first and probably noteworthy item, in particular, is the very first clause of their policy which reads:
1. For content that is covered by intellectual property rights, like photos and videos (“IP content”), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (“IP License”). This IP License ends when you delete your IP content or your account (except to the extent your content has been shared with others, and they have not deleted it).
This statement gives full authority to Facebook of any of the content you post to their site. Your photo’s, your blogs, your status updates, pictures, photos, messages to other users, music. In other words, everything that you do on that site is now licensed to them to do with whatever they please. They also now have the right to profit from any of the content you uploaded. Yes, you still “maintain ownership” but what does that mean really? Even if you delete it, anything that they’ve licensed is already out there including any backup copies they may have sitting on their servers.
They state in their Security Policy that when you delete something, that removes it from their servers, but they give no specific time-frame for this what-so-ever.
When you update information, we usually keep a backup copy of the prior version for a reasonable period of time to enable reversion to the prior version of that information.
How long exactly is “a reasonable period” according to Facebook?
Well according to the rest of the Terms of Service, it is an indefinite amount of time. And to make things more complicated, any of your information sent to other users can be stored even longer.
Where you make use of the communication features of the service to share information with other individuals on Facebook, however, (e.g., sending a personal message to another Facebook user) you generally cannot remove such communications.
Any messages, photos, information, or links that you send to other members Facebook is permanent and archived. This portion also grants Facebook freedom from any responsibility they have for losing your information or having it leaked to unscrupulous 3rd parties. Personally, if someone loses all of my personal details, photos, and videos, I would like them to be held accountable.
We can analyze your application, content, and data for any purpose, including commercial (such as for targeting the delivery of advertisements and indexing content for search).
Anything you do in an application is also used for whatever purpose by Facebook. Interestingly enough 90% of your activity on Facebook is done through “applications.” As seen below, photos, videos, links, groups, notes, gifts, and events are all considered applications.
The below is an excerpt from the Application Guidelines concerning data storage.
User data you receive from Facebook that you can store indefinitely:
Primary network ID
Photo album ID
friend list ID
Marketplace listing ID
Facebook Page ID
Placeholder email addresses for your users
Total number of notes written by the user
Time that the user’s profile was last updated
Applications, and I do mean 3rd party applications, can store the above-listed information about you but also have access to much more than that. They are allowed to cache for up to 24 hours according to the Facebook application policy. Now they are supposed to use this information for Facebook purposes only, but anyone watching the news lately probably read the profile photo scandal story on MSNBC last month.
We may use information about you that we collect from other sources, including but not limited to newspapers and Internet sources such as blogs, instant messaging services, Facebook Platform developers and other users of Facebook, to supplement your profile. Where such information is used, we generally allow you to specify in your privacy settings that you do not want this to be done or to take other actions that limit the connection of this information to your profile (e.g., removing photo tag links).
Facebook has the right to go on an information hunt gathering your data from all over the net. They mention blogs and instant messaging services, so any public profiles or content linked to your name (or face) elsewhere on the internet can be linked back to your Facebook account. This activity also brings up the assumption that any blogs or instant messaging you do through Facebook archives as relevant profile data.
So is Facebook evil? Well no, at least I don’t think they are intentional. Facebook is a business designed to turn a profit. But what concerns me is that they are profiting from my personal photos, information, and other things I would only share with close friends. Not only that but even if Facebook itself is not evil, there could be companies out there that sublicense the content of who you are.