Wednesday, April 20, 2011

Facebook Security Glitch in Groups

It's not REALLY a secret, but we got your attention, huh?
This is important stuff to understand, folks!

There's been some sort of change in the way Facebook posts group activity to your own wall, and it impacts the group security of our FarmVille Link-Sharing Groups.


In a nutshell, this glitch allows you to view the wall of a group member on your friends list, and view their postings to that group, including comments and links posted, even if you may not be a group member.  Previously you could see these posts, but could not click-through to the original group posting.

Snapshot taken while viewing my wall by an account which is not a member of any of these groups.  All links were clickable and the data/posts could be viewed/collected without group membership, but they may not "Like" or comment on the post.
If a link sharing group is an "Open" or "Closed" group, these posts show up on group members' walls.  If a group's security is set to "Secret", these posts do not appear.  Only the administrators of a group can change the security status of a group, which applies to all members.

This means that if you're a member of an "Open" or a "Closed" group, your group posts are likely showing up on your wall and are viewable/collectable by any of those on your friends list, not just Group members.

Note that this is NOT consistent.  Some times posts will appear on someone's wall, and then you refresh and either a whole new set appears or none appear at all.

This means that the question of 'Who collected my lamb?' has an easy answer with a qualification:  It was collected by someone on your Facebook friends list.  That much is guaranteed.  With this glaring hole in Facebook group security now, you can't tell whether that lamb was collected by a group member (as you intended when you posted it there) or by someone who was just browsing your wall because they noticed you were producing a lot of lambs.
Here's another example:

Because the SFC Sheep's group settings were set to 'Closed', non-group members could view Cristol's wall and collect her posts in that group without the ability to Like or comment on them.  This is caused by the Facebook Group Security glitch.
For most people, this may reveal why you're not getting the 'Likes' or comments you've been seeking in link-sharing groups.  While the problem of folks not saying thanks has never been a problem over which a group's Admins have control, misunderstanding this can cause some people to decide that groups are not for them.  The responsibility and control lies strictly with the group member, because you are the only one who has control over your own Facebook friends list.

We were not able to click-through on these links appearing on walls before. This impacts the security of the group's postings and the overall integrity of the group because someone who is not a group member (but on your friends' list) can actually access a link you've posted in a link sharing group (via your wall if you belong to an "Open" or "Closed" group), but not 'Like' or comment on it.

If you're a member of an SFC-managed group, this means a temporary change in our groups, which I will explain below.  There's no real need to give the SFC Admins feedback on this, because we've already decided what action to take to prevent the exploitation of this glaring hole in Facebook's security.

The fact is that nobody can collect anything from you (with the single exception of a dairy-born calf) unless they are on your Facebook friends list.  If you have group members collecting your bonuses and not thanking you, it's because you have non-thanking friends on your Facebook friends list.  You can post things on your own wall or on the moon and if they're not going to thank you in the group it's likely they're also not going to thank you on your own wall (or the moon).

Effective immediately, and until Facebook patches this glitch, all SFC Managed groups are going to change their security status to 'Secret'.  What does that mean to you?:


  • Posts made to a group will not be visible on your wall.  This means non-group members will no longer have access to your group postings.  If they want to collect from the things you post to a group, they will have to join that group.  That's pretty much the whole purpose of a link-sharing group.


  • Because changing the security status to 'Secret' on a group effectively makes it invite-only, non-members will no longer be able to request to join a group by going to that group's home page.  Only group administrators are able to issue invitations to a 'Secret' group, and in order to do that, they must be Facebook friends with the person they are inviting.  If you have a friend you'd like to join you in one of these groups, you must have them contact an Admin for that group.


  • SFC Groups will no longer be 'searchable' in Facebook.  That means you will want to bookmark the home page of the groups to which you belong.  Links to all SFC groups can be found at http://bit.ly/SFCInfo .

We're hopeful that Facebook will fix this security hole soon.  Until then, the Management Team at SFC will continue to do everything we can to ensure the safety and integrity of all posts appearing on our group walls.

Special Thanks go out to Tuti Agustin for helping me with research for this post. 

Happy Farming!

Farmer John Brown
Chief Cook and Bottle Washer
Sharing Foals and Calves Group
Posted by Farmer Brown at 3:36 AM
Labels: , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Web Analytics