Facebook's new groups feature worries some

Some complain there's no opt-out system; some misunderstand how it works

This week's overhaul of Facebook groups quickly led to an outcry over the way the service works, but the bigger lesson may be simply this: Be careful who you befriend.

The problems started on Thursday, the day after Facebook revamped groups, giving users a way to compartmentalize their Facebook lives and post certain items to pre-designated groups of people. That's when technology blogger Michael Arrington, Facebook CEO Mark Zuckerberg, and Mahalo founder Jason Calacanis all found themselves added to a group called NAMBLA. It wasn't immediately clear what this page was set up for, but NAMBLA is an acronym for the completely unsavory North American Man/Boy Love Association. (For South Park fans, it refers to the National Association of Marlon Brando Look-Alikes).

Mahalo CEO Calacanis quickly fired off an email to Zuckerberg Calacanis quickly fired off an email to Zuckerberg saying that he was troubled to have been added to the group without being given the opportunity to opt in.

That was followed by general confusion, with some reporting that Facebook's new feature could be used to unilaterally add anyone to a group.

But that isn't the case. The groups feature now lets users automatically add existing friends to groups, but they can't do this with people they don't know.

How did Zuckerberg get added to NAMBLA then? That's all down to tech blogger Arrington. "I typed in his name and hit enter,' Arrington wrote on TechCrunch. "He's my Facebook friend, I therefore have the right to add him."

Arrington added that "as soon as Zuckerberg unsubscribed I lost the ability to add him to any further groups at all, another protection against spamming and pranks."

A Facebook spokeswoman confirmed that group members can only add their friends to the group. "If you have a friend that is adding you to groups you do not want to belong to, or they are behaving in a way that bothers you, you can tell them to stop doing it, block them or remove them as a friend -- and they will no longer ever have the ability to add you to any group," she wrote in an e-mail. "If you don't trust someone to look out for you when making these types of decisions on the site, we'd suggest that you shouldn't be friends on Facebook."

Facebook Friends can also send messages and tag photos of other friends. Neither of these features has generated any type of outcry.

Arrington himself was added to the group by someone named Jon Fisher, one of Arrington's 4,824 Facebook friends. Fisher is also one of Calacanis's 4,740 friends.

Still, there is something disquieting about the way groups works, according to Chet Wisniewski, a senior security advisor with Sophos. He's concerned with the fact that people cannot opt out of the groups sign-up feature. "I'm uncomfortable with the idea that other people can determine what I display," he said. "The fact that it can't be opted out of, to me, seems a bit strange."

Facebook's groups Help Center confirms that there's simply no way to prevent people from adding you to groups. And the critics say that rather than being added automatically, friends should be given the choice to opt into any groups.

In a sign that Calacanis and Wisniewski may be onto something, online affiliate marketers have begun speculating about how the feature could be misused to drive traffic to marketing Web sites -- a current favorite form of Facebook abuse. "If you were to make a group named AT&T and decided to make a few 'official' Facebook spokesperson accounts to add to the fun, you could essentially launch a campaign offering FREE WIRELESS SERVICE FOR EVERYONE DURING THE MONTH OF OCTOBER," wrote a poster named Jon to the Wickedfire.com Internet marketing forum.

This Jon also claimed to have set up a fake NAMBLA page.

"Seeing as how crowd manipulation and influence over the interwebz is sooooooo easy already, plus tack on this as a social parody of sorts, and poof, you have yourself a publicity nightmare on a scale that would be spreading far more rapidly than any BP oil spill ever could," he added.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicessecuritysocial networkinginternetprivacyFacebook

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Robert McMillan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place