Facebook, long a lightning rod for criticism for lax privacy controls, is being hammered again, this time for a loophole that lets a person be added to a discussion group by a friend without the user’s permission.
At the heart of the controversy are two gay college students in the US who reportedly had their sexual preference inadvertently exposed to hundreds of Facebook friends.
A Facebook spokesman deflected any blame pointed in the company’s direction.
“Our hearts go out to these young people,” he said. “Their unfortunate experience reminds us that we must continue our work to empower and educate users about our robust privacy controls.”
The University of Texas in Austin students had been careful to keep their parents from knowing about their same-sex lifestyles. But they lost control of their secrets when the president of the Queer Chorus, a choir group they joined, inadvertently exposed their homosexuality to hundreds of Facebook friends by adding them to a Facebook discussion group, according to The Wall Street Journal .
It occurred despite the fact that both were seasoned Facebook users who had tried to use Facebook’s privacy settings to shield some of their activities from their parents.
Here’s how it happened.
The choir group leader created a ‘group’ on Facebook around a shared interest or activity. He set it to be “open,” meaning other Facebook users could see its membership and activities, as opposed to two other more locked-down options — “secret,” which hides membership and discussions from non-members, or “closed,” which lets anyone see who’s in the group, but not what they’re posting.
After he added the two students who were Facebook friends to the group, Facebook generated a notice that appeared on the two students’ friends’ Facebook pages — alerting them to their membership.
While people added to a group this way can always leave, they are first added by default.
The fallout: one father left nasty phone messages and threatened to sever family ties and another didn’t speak to his son for three weeks.
Discussion groups aren’t the only privacy issues Facebook is facing.
Independent security researcher Suriya Prakesh recently published a blog post in which he claimed that “98 percent of your phone numbers [on Facebook] are not safe.” In the post, Prakesh demonstrated that a brute-force attack could be used to lookup sequential phone numbers on Facebook and match them with their respective user names.