- Here’s why you shouldn’t buy a Nintendo Switch until mid-August Monday 5:11 PM
- Man blasted for making his coworkers babysit his child Monday 5:07 PM
- Pete Buttigieg’s country radio interview was blocked from the air Monday 4:35 PM
- 15-year-old Smash Bros. prodigy caught using racist slur in private Discord server Monday 3:47 PM
- Instagram users who post pet pictures more likely to get hacked Monday 3:45 PM
- Post-Prime Day recap: Shipping delays, more sales, and a scam Monday 3:08 PM
- Jacob Wohl returns to Twitter … for now Monday 1:56 PM
- How to stream WWE Raw Reunion Monday 1:35 PM
- ‘I hope Trump deports you’: Woman goes on racist rant to Spanish speakers at a store Monday 1:24 PM
- Emoji Mashup Bot gives life to unidentifiable emotions Monday 1:15 PM
- Notorious grifter Anna Sorokin reportedly blocked from profiting off Netflix series Monday 12:45 PM
- Charlottesville attacker’s Twitter account included praise for Hitler Monday 12:10 PM
- ‘Short Treks’ trailer: Spock, Pike, and Number One return Monday 11:57 AM
- Everything we know about ‘Star Trek: Lower Decks,’ the new animated show Monday 11:55 AM
- Cole Carrigan says he left Team 10 after being called homophobic slur Monday 11:32 AM
Facebook closes loophole that released private group members’ info
Facebook recently closed a serious privacy loophole that gave marketers the ability to discover the members of private groups on the social network.
Andrea Downing, the moderator of a private Facebook group for women with the BRCA gene mutation (which is associated with a higher-risk breast cancer), discovered the existence of a Chrome extension called Grouply.io. This extension made it possible to download names, email addresses, employers, locations, and other details of the BRCA Sisterhood’s 9,000 private group members. Downing, and group members, were understandably rattled by the revelation—while the group wasn’t secret on Facebook (that is, it is searchable), many of its members did not want their identities publicly known.
Downing contacted a security issue to check if her concerns were valid, and he found that the extension did make it possible for third parties to discover the members of “closed” Facebook groups. This extension, in particular, was built to harvest that data for marketers, but the information could also be gleaned manually.
The researcher, Fred Trotter, reported his findings to Facebook May 29. On June 20, a Facebook spokesperson told them: “Our Groups team has been exploring potential changes related to group membership and privacy controls for groups, with the goal of understanding whether providing different options can better align the controls with the expectations of group administrators and members. That work is ongoing and may lead to changes that address some of your concerns going forward.”
Facebook completely shut down third parties’ ability to harvest closed group members’ details this way on June 29.
- Here’s who unfriended you on Facebook
- Can you really see who is looking at your Facebook page?
- What does a Facebook ‘poke’ really mean?
The situation highlights an interesting problem: While genetic information such as a BRCA test result is protected under the Health Insurance Portability and Accountability Act (HIPAA), information on social networks is not. If you choose to share private health information on a social network, that information is not legally regulated like it would if it were part of a medical health record.
Still, the members of the BRCA Sisterhood private group may have grounds for some sort of recourse, at least under GDPR law in the EU. The group members may have had a reasonable expectation of privacy from their closed group setting, which Facebook’s security loophole allowed apps like Grouply.io to exploit.
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.