- Gendry is making a new weapon for Arya Stark—but what is it? 9 Months Ago
- The live-action Halo series could be Showtime’s most ambitious project yet 9 Months Ago
- How to watch Turner Classic Movies for free Today 5:30 AM
- How to watch Real Madrid vs. Athletic Bilbao online for free Today 5:00 AM
- ‘Star Trek’s Jonathan Frakes calls out your lies with this new meme Saturday 3:46 PM
- #JusticeForLucca trends after video shows police slam Black teen’s head into pavement Saturday 3:11 PM
- The internet is shocked to learn that Goombas do, in fact, have arms Saturday 2:02 PM
- PayPal, GoFundMe cut off armed militia that detains migrants at border Saturday 1:16 PM
- Barnwood theft may be on the rise because of ‘Fixer Upper’—and fans aren’t having it Saturday 12:23 PM
- Literary Twitter calls out Dzanc Books for Islamophobic, racist novel Saturday 11:40 AM
- How to watch Crawford vs. Khan online Saturday 10:00 AM
- Beyoncé has 2 more projects coming to Netflix after ‘Homecoming’ Saturday 9:53 AM
- How to watch Danny Garcia vs. Adrian Granados for free Saturday 9:00 AM
- The ‘Feeling Cute Challenge’ turns ugly after correctional officers abuse it Saturday 7:30 AM
- How to watch ‘How High 2’ for free Saturday 7:00 AM
Facebook closes loophole that released private group members’ info
Facebook recently closed a serious privacy loophole that gave marketers the ability to discover the members of private groups on the social network.
Andrea Downing, the moderator of a private Facebook group for women with the BRCA gene mutation (which is associated with a higher-risk breast cancer), discovered the existence of a Chrome extension called Grouply.io. This extension made it possible to download names, email addresses, employers, locations, and other details of the BRCA Sisterhood’s 9,000 private group members. Downing, and group members, were understandably rattled by the revelation—while the group wasn’t secret on Facebook (that is, it is searchable), many of its members did not want their identities publicly known.
Downing contacted a security issue to check if her concerns were valid, and he found that the extension did make it possible for third parties to discover the members of “closed” Facebook groups. This extension, in particular, was built to harvest that data for marketers, but the information could also be gleaned manually.
The researcher, Fred Trotter, reported his findings to Facebook May 29. On June 20, a Facebook spokesperson told them: “Our Groups team has been exploring potential changes related to group membership and privacy controls for groups, with the goal of understanding whether providing different options can better align the controls with the expectations of group administrators and members. That work is ongoing and may lead to changes that address some of your concerns going forward.”
Facebook completely shut down third parties’ ability to harvest closed group members’ details this way on June 29.
- Here’s who unfriended you on Facebook
- Can you really see who is looking at your Facebook page?
- What does a Facebook ‘poke’ really mean?
The situation highlights an interesting problem: While genetic information such as a BRCA test result is protected under the Health Insurance Portability and Accountability Act (HIPAA), information on social networks is not. If you choose to share private health information on a social network, that information is not legally regulated like it would if it were part of a medical health record.
Still, the members of the BRCA Sisterhood private group may have grounds for some sort of recourse, at least under GDPR law in the EU. The group members may have had a reasonable expectation of privacy from their closed group setting, which Facebook’s security loophole allowed apps like Grouply.io to exploit.
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.