This week's overhaul of Facebook groups quickly led to an outcry over the way the service works, but the bigger lesson may be simply this: Be careful who you befriend.
The problems started on Thursday, the day after Facebook revamped groups, giving users a way to compartmentalize their Facebook lives and post certain items to pre-designated groups of people. That's when technology blogger Michael Arrington, Facebook CEO Mark Zuckerberg, and Mahalo founder Jason Calacanis all found themselves added to a group called NAMBLA. It wasn't immediately clear what this page was set up for, but NAMBLA is an acronym for the completely unsavory North American Man/Boy Love Association. (For South Park fans, it refers to the National Association of Marlon Brando Look-Alikes).
Mahalo CEO Calacanis quickly fired off an email to Zuckerberg Calacanis quickly fired off an email to Zuckerberg saying that he was troubled to have been added to the group without being given the opportunity to opt in.
That was followed by general confusion, with some reporting that Facebook's new feature could be used to unilaterally add anyone to a group.
But that isn't the case. The groups feature now lets users automatically add existing friends to groups, but they can't do this with people they don't know.
How did Zuckerberg get added to NAMBLA then? That's all down to tech blogger Arrington. "I typed in his name and hit enter,' Arrington wrote on TechCrunch. "He's my Facebook friend, I therefore have the right to add him."
Arrington added that "as soon as Zuckerberg unsubscribed I lost the ability to add him to any further groups at all, another protection against spamming and pranks."
A Facebook spokeswoman confirmed that group members can only add their friends to the group. "If you have a friend that is adding you to groups you do not want to belong to, or they are behaving in a way that bothers you, you can tell them to stop doing it, block them or remove them as a friend -- and they will no longer ever have the ability to add you to any group," she wrote in an e-mail. "If you don't trust someone to look out for you when making these types of decisions on the site, we'd suggest that you shouldn't be friends on Facebook."
Facebook Friends can also send messages and tag photos of other friends. Neither of these features has generated any type of outcry.
Arrington himself was added to the group by someone named Jon Fisher, one of Arrington's 4,824 Facebook friends. Fisher is also one of Calacanis's 4,740 friends.
Still, there is something disquieting about the way groups works, according to Chet Wisniewski, a senior security advisor with Sophos. He's concerned with the fact that people cannot opt out of the groups sign-up feature. "I'm uncomfortable with the idea that other people can determine what I display," he said. "The fact that it can't be opted out of, to me, seems a bit strange."
Facebook's groups Help Center confirms that there's simply no way to prevent people from adding you to groups. And the critics say that rather than being added automatically, friends should be given the choice to opt into any groups.
In a sign that Calacanis and Wisniewski may be onto something, online affiliate marketers have begun speculating about how the feature could be misused to drive traffic to marketing Web sites -- a current favorite form of Facebook abuse. "If you were to make a group named AT&T and decided to make a few 'official' Facebook spokesperson accounts to add to the fun, you could essentially launch a campaign offering FREE WIRELESS SERVICE FOR EVERYONE DURING THE MONTH OF OCTOBER," wrote a poster named Jon to the Wickedfire.com Internet marketing forum.
This Jon also claimed to have set up a fake NAMBLA page.
"Seeing as how crowd manipulation and influence over the interwebz is sooooooo easy already, plus tack on this as a social parody of sorts, and poof, you have yourself a publicity nightmare on a scale that would be spreading far more rapidly than any BP oil spill ever could," he added.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.