Facebook is an ideal example of this model type. The meat of the site is constructed around its users’ social profiles, which allows individuals to reach out and share pieces of information with one another and interact on a very personal level.

Although the Facebook news feed acts as a global push mechanism to share information with all of your friends, the true advantage for most active users is on the personal level. When you post items to your Wall, your friends may comment, providing a shared social experience. People who do not use Facebook simply as a feed mechanism for cross-posting between multiple services (such as Twitter) can use the site to develop highly engaging social experiences with friends, family, coworkers, or even strangers.

Between constructs such as direct messaging, status comments, groups, pages, applications, and more, Facebook offers users the opportunity to build a comprehensive profile and interact with people on a personal level.

People who are actively engaged in Facebook are looking for different things from the service than they would from Twitter, and in fact, casual Facebook users often comment that they “don’t get” Twitter. This is because the two services reach their audiences in very different ways.

Since a connection model usually contains a vastly complex and detailed amount of user information and personalization settings, privacy is often one of the most important priorities for implementers. Normal implementations tend to include layered privacy settings that allow users to display different pieces of information to different people, or to hide some data altogether by setting it to private. In addition, users generally have the option to hide the majority of their profiles from people they have not included in their circle of friends.

While sites built on this model usually have a strict security policy in place, it’s still very difficult to secure social data and shared information. This is especially true if you have an embedded application environment where third-party developers can build an application that accesses the profile information of users who have added it.

Another issue is that privacy settings within this type of model can become convoluted, especially when the application offers a high degree of customization. For example, Facebook has a number of security pages, like those shown in Figure 2-2, which are just a small portion of the full security features that are actually available on the site. With this kind of complexity, users can quickly become confused and misunderstand settings, making it easy for them to inadvertently allow unwanted parties to obtain access to their privileged data.

Figure 2-2. Facebook privacy settings