It’s not just new, untested social media applications that we need to be worried about. People who are otherwise technically savvy use “legacy” sites such as Facebook and LinkedIn without fully understanding the way privacy settings are implemented; they don’t understand who can see their posts and who can’t.
For example, a friend of mine just got married, and proudly put a picture of his wife’s visa online to show off her new married name. For a brief period of time her full legal name, address, visa number, etc were online and available to everyone on the internet. Fortunately, my wife read his post shortly after he posted it, and he took it down.
I think part of the problem is people tend to be lax about who they think should be able to see their posts. But I also think that sites like Facebook and LinkedIn make security obtuse and difficult to figure out. We need to do a better job of educating users, and we also need to push back against these companies to make configuring security easier.