Let me be clear: I am not much of a Facebook user. The personal policies that I follow when posting to Facebook needn't be over-engineered: I generally only use Facebook as a tool to keep up on the people I know. They would, I think, find it quite difficult to use Facebook to keep tabs on me, simply because I don't particularly care to create any content.
I am, however, aware of the possible privacy issues that Facebook raises, and I certainly didn't need anyone to tell me that publishing data to the internet will result in other people being able to access that data. In this respect, I think it would be good for schools to provide guides to Facebook use, much like Cornell does, as there might be someone, somewhere, who doesnt't understand this fact about online content. However, I think that it would be a step in the wrong direction for a university to limit students' access to Facebook and similar communities. Why? Because a university should be in the business of upholding the value of free speech, even when exercising that freedom might be stupid.
I think that one very important privacy issue raised by Facebook is the social repercussion of posting pictures of people. I have managed to mitigate this risk through two highly ingenious techniques: not taking many pictures, and not having many friends (who might take my picture, and in general). So for me, this issue is really a nonissue. However, as many of the anecdotes emphasized (in, for example, the Cornell policy), having publically viewable and searchable images (or other postings), and a way to associate such data with "real" people, can result in dramatic "real world" effects. While I have never experienced any "real world fallout" from Facebook, it does happen. This issue is related, I think, to the ability for anyone to take a photo of anything, anywhere, and quickly post it to the internet. This ability really sprung up with the advent of camera-phones, and has muddied the area of intellectual property quite a bit. That is, who owns a photo taken of a public place or event? Similarly, who "owns" an image taken at a party and posted on Facebook? The photographer? The subject? Perhaps both, in some way, though I am not an IP lawyer (and hope to never become one).
"Lessons" goes on to discuss how a user of an online community generally does not have any control of how their data is used. While the author makes a valid point about the legal reasons that the community's users have no control, the "Facebook Riots" made it clear that a community's users have the same power over a provider that a consumer has over a company. That is, Facebook users "boycotted", in a certain sense, changes, and those changes were "fixed". Facebook depends on its users for funding (through advertisements, amongst other ways I am sure). Finally, even ignoring this form of control, events like "YTMND-Day" (http://en.wikipedia.org/wiki/YTMND) make it clear that the members of an online community, when drawn together by common cause, can be as powerful (and as impetuous) as a "real" community.
Finally, achieving privacy on the internet is almost impossible. Some people working to make it a bit easier are the freenet project (http://www.freenetproject.org). If you are interested in anonymity and privacy on the internet, take the time to browse their site.