A couple of weeks ago Facebook announced a new feature called Groups, which allows people to create semiprivate conversations with, as Facebook advertises it, “small groups of friends.” Facebook promoted this as a privacy feature but, depending on how it’s used, Groups can also jeopardize privacy.
Trouble is, what starts out as a small group can quickly mushroom into a large one, and it’s quite possible that the group could contain members who are not your friends or even friends of the person who created the group.
I like the idea of Groups and can see how it can enhance privacy by giving people the ability to communicate with a select group of friends instead of their entire friends list. But until Facebook fixes a couple of privacy loopholes, I recommend people approach Groups with a bit of caution. A group is fine as long as you are aware of who is in it, but if things get out of hand, you could wind up sharing information with a much larger group than you had thought.
Any Facebook member can create a new group simply by going to facebook.com/groups. As part of the group creation process, you’re asked to specify the initial members, which can include any of your friends. You can always go back and add members but so can any of the other members.
True, all members of the group can see the names of every other member and the group administrator can remove any members who shouldn’t be there, but this is all after the fact. Once someone is added to the group, they post and see everything posted until the administrator gets around to removing them.
Another troubling aspect to Groups is that, unlike a friend request, you don’t have to agree to be added to a group. Once you’re added you’re in, unless you remove yourself. As a way of proving this point, TechCrunch editor Michael Arrington created a fake NAMBLA (North American Man/Boy Love Association) group and added Facebook CEO Mark Zuckerberg as a member. Zuckerberg quickly removed himself from the group, but if he hadn’t, someone could have gotten the wrong impression.
Finally, it’s important to understand that there are three types of Facebook groups: Open, Closed and Secret. With Open groups, both the membership list and everything people post is open for anyone to see. The default setting is Closed; with Closed groups, the content can be seen only by members but the membership list and the fact that the group exists is public.
So, if you’re a member of a Closed group anyone — including people who aren’t members — might know you’re in it. What’s more, that information could be posted to your News Feed so if you have any secret interests, you better not join a “closed” group. Also, people in companies need to be careful about setting up groups that can reveal your organizational structure to competitors. If you want to set up a group that hides everything from nonmembers, it had better be a “Secret” group.
Based on what I’ve seen of Groups, a bit of modification is in order. I would like to see Facebook give administrators the option of approving new group members before they’re added, just as Facebook users must approve new friends.
Finally, members of groups should have the option of being notified by e-mail or a Facebook message every time a new member joins. There should also be a clear link where members can send a note to the administrator if they are concerned about a new member or see offensive, off-topic or otherwise inappropriate context that they think should be removed.
Disclosure: Larry Magid is co-director of Connectsafely.org, which receives funding from Facebook and other co