The ability to control how much information is available to the public has long been one of Facebook’s core principles. It was this very feature, for example, that Facebook used to distinguish itself from other social networks back when it first launched.
Of course, the ensuing years proved that protecting the privacy of its users was not exactly Facebook’s strong suit–especially when it came to digging up the advertising revenues necessary to justify its fantastical $15 billion valuation. There have been privacy issues with Facebook’s news-feed service, with its controversial Beacon advertising system, and with its terms of service, which granted popular applications access to far more personal user data than is necessary.
And now there’s another. A bug in permission restrictions in Facebook Groups allows members to upload content without first receiving permission from a Group admin. I know this firsthand, because over the past few days videos, photos and blog posts have been appearing on the All Things Digital Facebook Group, and neither Walt, Kara nor I–the only three people with admin privileges to the group–put them there (see screen below). Worse, while I was able to delete the photos and blog posts, I was unable to pull the videos off the page. There was no mechanism to remove them.
Worse still, the bug that makes this possible is not specific to the All Things Digital Facebook Group alone. It affects all Facebook Groups, site-wide.
We alerted Facebook to the issue and the company quickly identified the bug. Said spokesperson Brandee Barker: “Engineering has pushed out a fix that should go site wide shortly.”
UPDATE: Facebook engineers fixed the permissions bug, and we were able to remove the rogue videos from our page.