Facebook’s founder and chief has come as close as seems likely to happen to apologizing for inadequate privacy policies.

Writing in the Washington Post, Mark Zuckerberg said that the company had thought it best to offer users detailed controls over every aspect of user settings relating to data use and privacy, but that “We just missed the mark.”

That may seem a little arrogant, but read in context it appears the “just” in the comment is not so much “we only barely missed getting things right” but more “we simply didn’t get things right.”

Zuckerberg went on to promise much simpler privacy controls including “an easy way to turn off all third-party services.” He also vowed that Facebook will stick to the principles that “we do not share your personal information with people or services you don’t want” and that “we do not give advertisers access to your personal information.”

That may be true in the sense that technically it is users who give third-parties access to information, for example when clicking to accept the conditions of installing a third-party application. But it’s also clear that in many cases this “decision” is not an informed one and that people don’t fully understand exactly what information is shared.

The claim is also shaky at best when it comes to user privacy policies changing, particularly when defaults are changed so that data becomes more accessible to others without the user making an intentional choice for that to happen. While it’s clear that opt-out systems work better for Facebook’s bottom line than opt-in systems (every user who fails to change a default through apathy or ignorance is a more valuable customer to advertisers), it’s also clear that failing to make every piece of data as private as possible by default means that Zuckerberg is at best living up to the letter of his principles, but by no means the spirit.