This image was lost some time after publication.

My boss, Nick Denton, may be banned from Facebook, for posting photos of Emily Brill, daughter of entrepreneur Steve Brill. Insiders at the social network tell me that they have considered similar sanctions against me, especially after I posted the story of Facebook PR chief Brandee Barker befriending her Microsoft counterpart, Adam Sohn, shortly before Microsoft invested $240 million in Facebook. In solidarity, I'll now take a similar risk by posting this charming photo of Facebook CEO Mark Zuckerberg and his girlfriend, Priscilla Chan, taken while the two were goofing off during a BusinessWeek photo shoot.

How was I able to obtain this photo, which was found in a private album on Mark Zuckerberg's profile? A tipster sent it to me, and provided me the Web address where he found it. But here's where it gets interesting. Unlike LiveJournal, which allows users to restrict not just blog posts but pictures to specific groups of friends, Facebook provides no real security around its pictures. With the right URL, anyone can see any photo on the site, "private" or not.

So here's a question for Facebook's executives: Is your time better spent bullying reporters, or getting your programmers to fix the site's glaring privacy holes?

Certainly, you can threaten to revoke reporters' Facebook accounts, but they'll simply get material sent to them by tipsters with active accounts. In fact, bullying the press is a sure way to make sure that we get a steady stream of material from sympathetic sources. Correcting Facebook's flaws, on the other hand, would improve all of your users' security and privacy.

The answer is obvious. But Facebook has failed to see the obvious before. How they handle themselves in this latest controversy will be telling.