BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Mark Zuckerberg Joins The North American Man-Boy Love Association, And Other Adventures In Facebook Groups

This article is more than 10 years old.

Image by Getty Images North America via @daylife

My colleague Kashmir Hill congratulated Facebook's Mark Zuckerberg earlier today on his increasingly savvy approach to talking about privacy issues in public. It should be interesting to see him try to talk his way out of this one.

The new "Groups" feature that Facebook rolled out yesterday allows users to slice and dice their friends into publicly-visible cliques, recognizing that users don't always want to share something with their entire friend list or just a single recipient. But Sophos security researcher Chet Wisniewski points in his blog to a gaping problem in that feature: Any user can add any of their friends to one of those groups without the friend's approval, generating a status update showing that the friend has been added to that group.

Blogger Michael Arrington seems to have already performed a helpful proof-of-concept by adding Mark Zuckerberg to a group supposedly representing NAMBLA, the North American Man-Boy Love Association. Zuckerberg's addition to the group is broadcast to all of his friends, as shown in the image above.

Mahalo chief executive Jason Calacanis had complained in an open letter to Zuckerberg earlier Thursday that he was added to the same boy-loving group, and offered a bit of free privacy consultation to Facebook. "I’ve now been assigned to a group that advocates… well…. ummm…. you can look it up–it’s very bad," he writes. "If you guys want to run these new features by me before you launch them, I can probably save you from a couple of privacy law suits each year. :)"

Though some have questioned Calacanis's story, Facebook's own FAQ confirms that anyone can be added to a group without his or her consent: "Can I prevent people from adding me to a new group?" is answered by "The functionality of approving a group membership is not available."

Sophos' Wisniewski argues that the prank could have serious consequences. "Imagine you are traveling to the United States from overseas and your friends find it amusing to add you to a group that looks terrorist related," he writes. "You might find a welcoming committee from the border patrol that you weren't expecting."

In fairness, however, the problem of finding yourself subscribed to a group you'd rather not associate with isn't new. As my colleague Kashmir points out, we all occasionally finds ourselves unwillingly subscribed to an email listserv that broadcasts its membership to every other member. Unlike email, however, Facebook Groups are visible to friends who aren't members of that group.

I've reached out to Facebook to comment on this and will update if I hear from Facebook executives.

Facebook should be given credit for avoiding the auto-population feature that Google Buzz used to generate friend lists from users' activities when it launched last February. As Kashmir wrote, the company could have used that technique to automatically segment users into Facebook Groups, but would likely have incurred the same privacy wrath that Google faced when its Google Buzz trick exposed who users were most often chatting with without their express consent.

But Facebook Groups' tactic of letting users create lists manually creates its own potentials for embarassment. Expect Zuckerberg to tweak the feature to fix this design flaw, or find himself enrolled in many more clubs that are less than seemly for a CEO.

Do you see Facebook Groups as another privacy flub for Facebook? Or is Zuckerberg making progress in overcoming Facebook's privacy criticisms? Let me know your thoughts in comments below.