Hmm, I'd say the real privacy issue is the user who installs and runs all those Facebook, Twitter, LinkedIn, etc. apps and freely shares his private information with everyone.
You can't really prevent that with technology unless you start to educate kids/users better. But who am I kidding? People will forfeit their private data for shiny stuff as long as there will be shiny stuff and private data.
There are two different connotations of 'privacy' that are often conflated in discussions about Facebook, Google, etc. Conflating them probably obscures the more important connotation to the benefit of such companies' bottom lines.
The first connotation is the one my mother warned me about. It's Facebook photos of that tequila weekend in Tijuana and those two PM Tuesday tweets from the beach bar when I called in sick to work. These are things that require personal judgement in regard to what I say. Self-control addresses this type of privacy.
The second connotation of privacy is newer, but still nearly twenty years old. It entails concerns regarding information collected about my actions beyond what I explicitly choose to broadcast. It's cookies in the browser [and their more sophisticated descendants]. It's my browser linking my Google+ account to my browsing history at lesbiandwarffurries.com.
Privacy issues of this second type are assumed to be normal when they are considered at all - why doesn't my browser sandbox cookies for each website? Or rather why isn't there a browser that does so? The same logic underpins the Blackphone - sand boxing unrelated parts of the system so that privacy is a matter of personal judgement rather a battle against a technically sophisticated adversary.
> why doesn't my browser sandbox cookies for each website?
You can do that with Fluid.app (http://fluidapp.com/ only for MacOSX) It is a Single-Site-Browser-Generator with the option to have a separate cookie store for each SSB.
I have one instance for facebook, one for Google+ etc.
I've been running Firefox with Ghostery and NoScript for about four years. I know the consequences.
I only access Facebook from a VM or an old smartphone with no SIM. That's because browsers are designed to circumvent my attempts at privacy and to facilitate the ends of third party cookies.
Using a Git analogy, there is no reason for a single cookie repository. Suppose foo.com injects a third party cookie from bar.com into my data stream. It could sit on the foo.com branch of my cache, so that when I visit baz.com, it does not know about the bar.com cookie, and injects another one [which sits on the baz.com branch of my cache].
When I want to have a single bar.com cookie for foo.com and baz.com, then I merge them and let bar.com sort out any discrepancy. To put it another way, there might be a few websites where I wish to allow a shared persistent Facebook cookie, but I don't want to share that information with every website with a LikeUsOnFacebook widget or share all my browsing with Facebook.
But browsers thwart that process and facilitate tracking. It is by explicit design that browsers break the web when there are attempts at privacy. They are designed to mislead users and be truthful to remote websites rather than vice-versa.
No. The problem is not the common user who just follows common hardware and software. The problem is common hardware and software, which put security last.
That hardware and software are being selected by users. Unless you become the government, your "solutions" will be less preferred and will die. At best you can sell luxury products to paranoid, Howard Hughes types.
You can't really prevent that with technology unless you start to educate kids/users better. But who am I kidding? People will forfeit their private data for shiny stuff as long as there will be shiny stuff and private data.