Facebook Groups Can Jeopardize Privacy

The breach that allowed application developers to disclose user information to advertisers, isn't Facebook's only current privacy problem. There is also the issue of Facebook's new Groups.
This post was published on the now-closed HuffPost Contributor platform. Contributors control their own work and posted freely to our site. If you need to flag this entry as abusive, send us an email.

The breach that allowed application developers to disclose user information to advertisers, isn't Facebook's only current privacy problem. There is also the issue of Facebook's new Groups.

Announced a couple of weeks ago, the Groups feature allows Facebook users to carry on semiprivate conversations with (as Facebook advertises them) "small groups of friends." Facebook promoted this as a privacy feature but, depending on how it's used, Groups can also jeopardize privacy.

Trouble is, what starts out as a small group can quickly mushroom into a large one, and it's quite possible that the group could contain members who are not your friends or even friends of the person who created the group.

Use with Caution

I like the idea of Groups and can see how it can enhance privacy by giving people the ability to communicate with a select group of friends instead of their entire friends list. But until Facebook fixes a couple of privacy loopholes, I recommend people approach Groups with a bit of caution. A group is fine as long as you are aware of who is in it, but if things get out of hand, you could wind up sharing information with a much larger group than you had thought.

Any Facebook member can create a new group simply by going to facebook.com/groups. As part of the group creation process, you're asked to specify the initial members, which can include any of your friends. You can always go back and add members but so can any of the other members.

So if you've created a group for your book club, there is nothing to stop members of your club from adding additional people, including people you and the rest of the group don't know. True, all members of the group can see the names of every other member and the group administrator can remove any members who shouldn't be there, but this is all after the fact. Once someone is added to the group, they can post and see everything posted until the administrator gets around to removing them.

Another troubling aspect to Groups is that, unlike a friend request, you don't have to agree to be added to a group. Once you're added you're in, unless you remove yourself. As a way of proving this point, TechCrunch editor Michael Arrington created a fake NAMBLA (North American Man/Boy Love Association) group and added Facebook CEO Mark Zuckerberg as a member. Zuckerberg quickly removed himself from the group, but if he hadn't, someone could have gotten the wrong impression.

Three Types of Groups

Finally, it's important to understand that there are three types of Facebook groups: Open, Closed and Secret. With Open groups, both the membership list and everything people post is open for anyone to see. The default setting is Closed; with Closed groups, the content can be seen only by members but the membership list and the fact that the group exists is public.

So, if you're a member of a Closed group anyone -- including people who aren't members -- might know you're in it. What's more, that information could be posted to your News Feed so if you have any secret interests, you better not join a "closed" group. Also, people in companies need to be careful about setting up groups that can reveal your organizational structure to competitors.

If you want to set up a group that hides everything from nonmembers, it had better be a "Secret" group.

Although it's an annoyance, not a privacy issue, all messages posted to the group are sent to the e-mail address associated with each member's Facebook account. That can be a good feature if the traffic level is moderate, but not with high-traffic groups. Fortunately, that can be turned off by clicking "Edit Settings" when you're on the Groups page.

How Facebook Could Improve Groups Privacy

Based on what I've seen of Groups, a bit of modification is in order. I would like to see Facebook give administrators the option of approving new group members before they're added, just as Facebook users must approve new friends.

I also think that people should not be added to groups without their permission. Their name shouldn't be associated with a group until they agree to be a member.

Finally, members of groups should have the option of being notified by e-mail or a Facebook message every time a new member joins. There should also be a clear link where members can send a note to the administrator if they are concerned about a new member or see offensive, off-topic or otherwise inappropriate context that they think should be removed.

What You Can Do to Increase Your Groups Privacy

  • If you're the administrator, consider making it a secret group. If you're not the admin, ask that person to consider changing it to secret. Admins can change settings under "edit group."

  • Ask everyone in your group to agree not to add people who shouldn't be there
  • Check frequently to see who is in the group. If you're not happy with members leave the group or be extra cautious before posting. Click "See All" in upper left corner of Group page to view members
  • More Facebook Privacy Advice

    Disclosure: Larry Magid is co-director of Connectsafely.org, a non-profit Internet Safety organization that receives funding from Facebook and other companies

    This article first appeared in the San Jose Mercury News

    Popular in the Community