danah boyd (she prefers no caps) gave a cogent and important keynote this weekend at South by Southwest (SXSW) Interactive on the nature of privacy online. Following two privacy missteps–one from Google and one from Facebook–the Microsoft social media researcher presented an impassioned argument for why privacy is not dead, and how it needs to be addressed online.

Both Google and Facebook have encountered problems recently. Google’s Buzz automatically generated a ready-made social network and began sharing items such as public comments from a user’s feed reader. Facebook adjusted its default privacy settings so that users’ posts were set to be open to everyone unless they specifically chose to opt out.

In each case, some people were quick to argue that privacy is no longer possible, and that users need to accept this before putting information on social networks. Google argued that items shared in Reader were already public, and that it wasn’t changing anything about their accessibility, only making them easier to find.

In her talk, boyd suggested that public and private aren’t opposites. Instead, she said, what most people call “privacy” is not so much about keeping information hidden from the world as it is about being able to predict how information is likely to travel once it is shared.

The problem with the approach many tech companies have taken, boyd argued, is that they “think it’s okay to expose people tremendously and then backpedal a couple weeks later.”

People develop mental models of situations, boyd said, that lead them to expect certain results from sharing information in certain ways. For example, people often divulge information to friends while maintaining a sense of which friends can be trusted to keep that information confidential. This occasionally results in nasty surprises, but there are well-established social norms about how people should handle such interactions.

“Online environments are not nearly as stable as offline environments,” boyd said. Social expectations develop, but changes to a product can completely disrupt them. The collateral damage can often be pretty serious for users’ lives. For example, she cited a teenage girl who had moved away from an abusive father. The girl wanted to participate in Facebook in order to get involved in the social circles in her new hometown, but she and her mother were concerned about exposing information to her father. They carefully selected the privacy settings for her profile–all of which changed suddenly to make her data public when she later clicked through an popup window upon login. “Is her fear an acceptable byproduct of Facebook’s changes?” boyd asks. “I don’t think it is.”

Though it’s not yet clear how to solve privacy problems, boyd believes the key lies in understanding what kind of social space the Internet actually is, and in keeping designers and users in agreement on this point. “Just because something is public doesn’t mean people want it to be publicized,” she said, adding that “making something that is public more public is a violation of privacy.”

For example, she said, on average most personal blogs are read by about six people. As a result many users users treat them as the sort of semi-private space. They intend posts to reach a certain audience of friends and then feel violated if parents or co-workers become regular visitors there. “Wanting privacy is not about having something to hide,” boyd said. “It’s about wanting to maintain a sense of control.”

The problem of how to treat the concept of privacy online is only going to grow in coming years. The keynote was well-articulated, and I hope all the major social networks were paying attention.