14 DAY TRIAL // Facebook's new Groups feature, which a lot of people have applauded as a big step towards better privacy on the social network, can be abused to embarrass people, at the least.
The new Facebook Groups is a great concept. It allows users to create subgroups of people and share some information only with them, as opposed to all of their friends.
For example some pictures can only be made available to family members and some discussions to be kept only amongst your online gaming buddies.
"EFF applauds this new Groups feature, which goes a long way to providing users even more control over their contextual privacy," the Electronic Frontier Foundation, a civil liberties watchdog, said after it was announced.
But EFF should have probably hold back on that statement, as it turns out that Facebook got it wrong, yet again. The following piece of information from Facebook's own help pages reveals why:
"The functionality of approving a group membership is not available. Similar to being tagged in a photo, you can only be added to a group by one of your friends.
"When a friend adds you to a group, a story in the group (and in News Feed for Open or Closed groups) will indicate that your friend has added you to a group."
Even though the actual content of a group is private, the membership itself is public, in the context of a user's friends list. This opens the door to abuse.
For example, someone has already created a group called NAMBLA, which is the name of a highly controversial organization, to say the least.
Then they forcefully added people like Facebook CEO Mark Zuckerberg, TechCrunch Founder Michael Arrington or Mahalo CEO Jason Calacanis to it.
"Imagine you are traveling to the United States from overseas and your friends find it amusing to add you to a group that looks terrorist related.
"You might find a welcoming committee from the border patrol that you weren't expecting," Chester Wisniewski, a senior security advisor at Sophos, describes another scenario.
Jason Calcanis posted on his blog a copy of an email he sent to Mark Zuckerberg and Sheryl Sandberg after the NAMBLA group incident.
"If you guys want to run these new features by me before you launch them, I can probably save you from a couple of privacy law suits each year," he wrote.