The breach that allowed application developers to disclose user information to advertisers, isn't Facebook's only current privacy problem. There is also the issue of Facebook's new Groups.
Announced a couple of weeks ago, the Groups feature allows Facebook users to carry on semiprivate conversations with (as Facebook advertises them) "small groups of friends." Facebook promoted this as a privacy feature but, depending on how it's used, Groups can also jeopardize privacy.
Trouble is, what starts out as a small group can quickly mushroom into a large one, and it's quite possible that the group could contain members who are not your friends or even friends of the person who created the group.
Use with Caution
I like the idea of Groups and can see how it can enhance privacy by giving people the ability to communicate with a select group of friends instead of their entire friends list. But until Facebook fixes a couple of privacy loopholes, I recommend people approach Groups with a bit of caution. A group is fine as long as you are aware of who is in it, but if things get out of hand, you could wind up sharing information with a much larger group than you had thought.
Any Facebook member can create a new group simply by going to facebook.com/groups. As part of the group creation process, you're asked to specify the initial members, which can include any of your friends. You can always go back and add members but so can any of the other members.
So if you've created a group for your book club, there is nothing to stop members of your club from adding additional people, including people you and the rest of the group don't know. True, all members of the group can see the names of every other member and the group administrator can remove any members who shouldn't be there, but this is all after the fact. Once someone is added to the group, they can post and see everything posted until the administrator gets around to removing them.
Another troubling aspect to Groups is that, unlike a friend request, you don't have to agree to be added to a group. Once you're added you're in, unless you remove yourself. As a way of proving this point, TechCrunch editor Michael Arrington created a fake NAMBLA (North American Man/Boy Love Association) group and added Facebook CEO Mark Zuckerberg as a member. Zuckerberg quickly removed himself from the group, but if he hadn't, someone could have gotten the wrong impression.
Three Types of Groups
Finally, it's important to understand that there are three types of Facebook groups: Open, Closed and Secret. With Open groups, both the membership list and everything people post is open for anyone to see. The default setting is Closed; with Closed groups, the content can be seen only by members but the membership list and the fact that the group exists is public.
So, if you're a member of a Closed group anyone -- including people who aren't members -- might know you're in it. What's more, that information could be posted to your News Feed so if you have any secret interests, you better not join a "closed" group. Also, people in companies need to be careful about setting up groups that can reveal your organizational structure to competitors.
If you want to set up a group that hides everything from nonmembers, it had better be a "Secret" group.
Although it's an annoyance, not a privacy issue, all messages posted to the group are sent to the e-mail address associated with each member's Facebook account. That can be a good feature if the traffic level is moderate, but not with high-traffic groups. Fortunately, that can be turned off by clicking "Edit Settings" when you're on the Groups page.
How Facebook Could Improve Groups Privacy
Based on what I've seen of Groups, a bit of modification is in order. I would like to see Facebook give administrators the option of approving new group members before they're added, just as Facebook users must approve new friends.
I also think that people should not be added to groups without their permission. Their name shouldn't be associated with a group until they agree to be a member.
Finally, members of groups should have the option of being notified by e-mail or a Facebook message every time a new member joins. There should also be a clear link where members can send a note to the administrator if they are concerned about a new member or see offensive, off-topic or otherwise inappropriate context that they think should be removed.
What You Can Do to Increase Your Groups Privacy
More Facebook Privacy Advice
Facebook's New Simplified Privacy Settings (Video)
Granular Facebook Privacy Settings: Customizing Who Can See What (Video)
Controlling Where Facebook Places Puts You
Facebook's Privacy Settings: What's Changed
Disclosure: Larry Magid is co-director of Connectsafely.org, a non-profit Internet Safety organization that receives funding from Facebook and other companies
This article first appeared in the San Jose Mercury News
Follow Larry Magid on Twitter: www.twitter.com/larrymagid
About a week ago, a friend created a group for four friends, so we could converse privately instead of on someone's wall. Everything was find, until the three of got into very lively discussions.
Suddenly, two of the members were BLOCKED by FB. Apparently for "abusive behavior". There was NOTHING abusive in their post, no complaints! Not only were they unable to post to the group but were blocked from posting anything on FB! One, will call Jane, related that she got multiple messages
from FB with "spelling words" to check if she was a human and not a bot. Jane explained that she
spelled the words correctly, each time she entered the words. Then she was on "probation" and had
a warning that if the behavior continued, her account could be permanently disabled.
The issue was finally resolved, for both friends. We "self-destructed" the group.
Another thing, Jane created the group, she was the admin. She decided she didn't want to be the admin (why did we need an "admin"?). She left the group, then rejoined. Although she was no longer
the admin, her email (@groups.facebook.com) still showed as the contact person.
In conclusion, I would not recommend groups to anyone. Look at this mess with just FOUR members!
If the object of Facebook, however, is facilitiating Friends and Family interaction, AND creating opportunities for expanded "groups" around the world, with the interactivity that universe implies Facebook needs additional Group formation and affinity Search options.
Necessarily, until all the future options go through their trial and error shakedown periods there will be angst and agita, aggravation and security isses.
Bona Fortuna to all of us who hope for worldwide participation; millions of new Friends we just "haven't met yet."
I just blogged about Facebook:
http://adrianzupp.blogspot.com/2010/10/facebook.html