Facebook Groups: Reducing Risks

Last reviewed: 

Facebook groups are used to bring together people with a common interest for the purpose of communicating, sharing news, and collaborating on projects. Many different kinds of groups exist, and their uses range from organizing a fan fiction gathering to spreading the word about a political rally or cause. Facebook groups were not designed for secure collaboration, but as the popularity of Facebook grows, they are inevitably used by many to coordinate work that may be vulnerable to sabotage or surveillance by other, malicious Facebook users or governments.

Facebook has sometimes deleted large, politically-active Facebook groups without warning, and the company has a reputation for changing privacy settings in unclear ways. If you are discussing sensitive issues, it may be better to consider other tools or sites that make security and privacy a priority. That may not be feasible if your audience is unwilling or unable to move from Facebook. So, if you've been tasked with creating a Facebook group for a sensitive topic or vulnerable community, or are the administrator of one, here are a few things you should consider.


Adjust your group’s privacy settings Anchor link

Before creating a group, think about your purpose and goals. Are you hoping to use a group to discuss a controversial topic? Start a political movement? Who do you wish to publicize your group to? Will group members want to keep their membership confidential? From whom? These considerations will help you determine your privacy policies and which privacy setting is best for you.

Unlike Facebook pages, which are used to publicly represent a brand, business, organization, or public figure, groups are not always publicly viewable to anyone on Facebook. When you create a group, you can choose one of three privacy settings—Public, Closed, or Secret. This chart Facebook provides shows who can join these groups and what people can see about them according to the privacy setting that is chosen.

If you've determined a Facebook page is more appropriate for your cause, remember that Pages are public spaces. This means that even people without a Facebook account can see them. According to Facebook, “Pages you like are listed in the About section of your profile below Likes. A post that you liked on a Page may appear in News Feed. You may be displayed on the Page you liked or in ads about that Page.”

Public Facebook groups are visible to anyone on Facebook, including unfriendly users or government actors. And both Public and Closed Facebook groups can be found in search. This is particularly important to keep in mind if your Facebook group is being used for a political purpose.

If you've already created a group and would like to adjust its privacy settings, all administrators of the group have the ability to change the settings. However, the privacy of groups with 5,000 members or more can only be changed to a more restrictive setting (example: Public to Closed, or Closed to Secret) to protect members of these groups from having their posts shared with audiences they didn't intend. If you decide to change your group's privacy to a more restrictive setting, you only have 24 hours to change it back before it's locked into place. No matter the size of the group, all members will receive a notification when the privacy settings are changed.

No matter how restrictive the privacy setting of your group is, Facebook has access to everything that is posted to its platform. The company may be served with an order that requires it to turn over content to law enforcement. Additionally, users can report or flag content inside of groups, even if they're secret. Reported content may be removed if it violates the Community Standards and users might receive temporary bans for content violations.

Note that malicious flagging, according to Facebook, does not result in removal of content if the content does not violate Facebook’s Community Standards. However, erroneous takedowns do still happen. Facebook might also be compelled to hand over the list of group members or take down content through a legal order.


Establish group rules Anchor link

Remember that—as with any other content online—anyone with access to your group can make copies of group conversations, or take screenshots of content and share those screenshots publicly. There is no technical way to prevent this type of information leaking, though group administrators may want to add rules prohibiting screenshots to their group’s description, and tell their members that sharing screenshots will result in a ban from the group.

You may consider establishing other rules or guidelines for your group to encourage constructive engagement and help protect the privacy of your group members. While group rules can be difficult (or even impossible) to enforce, they help define the purpose of your group and determine what conversations are best had in the group versus elsewhere. Your members should know that in addition to any rules you’ve established within the group, they are also subject to Facebook’s Community Standards and Terms of Use. Remember that group members may blatantly disregard rules, so in order to determine what security solutions will work best for your group, we suggest conducting a risk assessment. Check out our guide to Assessing Your Risks for more details.


Know your group’s admins and moderators Anchor link

Administrators have a great deal of power over the privacy settings and membership of groups. Only a group admin can appoint other group members to be admins. Admins can change a group's settings, manage content, and control the membership of the community. There can be multiple admins per group, so it’s important to know who holds that role.

An admin is different from a moderator. Moderators can manage content and membership, but can’t change group settings. Click here to learn how to remove admins or moderators from their roles.

Admins can turn on the membership approval feature in a group’s settings for all Public, Closed, and Secret groups. This requires an admin to approve every new person that gets added to a group.

If an admin adds someone to a Public or Closed group, contacts in that individual’s network may see, via News Feed or search, that the individual has been invited to or joined a group. This is important to remember in situations where a person does not want others to know they associate with your group, or it is illegal for them to do so. As such, you may want to consider setting your group privacy to “Secret.”

If the group admin allows, group members may add anyone they are friends with to the group. Users don’t get a choice when they are added to a group. That means that someone could maliciously add you to a defamatory group (“The Terrible People Who Are Plotting The Downfall of The Government Group”). However, you can always leave a group.


A note on Facebook’s authentic names policy, and the anonymity of administrators Anchor link

Facebook does not allow the use of pseudonyms. Users can only use their “authentic identities”—the name their friends call them in everyday life that acceptable identification forms can show. While group admins often have good reason for wanting to protect their identities, a group admin who does use a pseudonym could be reported and subsequently suspended for violating Facebook’s authentic identity policy. If this happens and no admins remain in the group, Facebook checks whether any moderators remain in the group. If yes, all current moderators are offered the role of admin until one person accepts the role.  If the group has no moderators either, all group members receive a “Make me an Admin” option or a “Suggest an Admin” option. Because of this, at least one administrator might want to have a known name: potentially someone who can safely attach his or her identity to the group.


Block unwelcomed users Anchor link

You may have good reason to block a group member. Maybe they are a community member who violated the group rules or an outsider who has managed to join the group. Only an admin can remove or block someone from a group. Group admins who want to ensure their group is not visible to a former member should block that user. Members who are blocked by a group’s admin can no longer see the group or any information about it. Check out this chart for more information.

Former members who have voluntarily left a group may still have access to some of its information, such as its name, description, and tags. For example, former members of a Secret group can still find the group in search, see the group's description, and see the group tags.


Know what happens to content on Facebook when it is deleted Anchor link

Facebook reserves the right to delete Facebook groups that violate its (extremely broad) terms of service. If this happens to your group, you could not only lose previous messages and discussions from your group members, but you could also lose access to your membership list. This means that, unless you have kept separate track of your members’ names, you will be unable to re-contact your supporters or community following the deletion of a group.

There's still a lot we don't know about the removal requests Facebook receives from governments, law enforcement, and individuals. However, we do know that such requests can often be political in nature—especially in places around the world where the right to free speech and association is not always honored.

You can also choose to deliberately delete a group. A group creator can delete a group by removing all of its members and then themself. Deleting a group is a permanent action and it cannot be reversed. Admins can’t delete a group they didn’t create unless the creator chooses to leave the group first. Admins can, however, archive a group. Archiving a group means it won't appear in search results to non-members, and no new members can join the group. Groups can be unarchived by any admin. To learn more about the differences between archiving and deleting groups, click here.

Additional information about what happens to content on Facebook when it is deleted can be found in Facebook’s data policy. Even if you’ve deleted data, it may still be accessible for Facebook—particularly if a law enforcement agency has requested the data be preserved. Facebook’s Guide for Law Enforcement Authorities (current as of 10-29-2018) states, “We do not retain data for law enforcement purposes unless we receive a valid preservation request before a user has deleted that content from our service.”

With these considerations, you are now able to make a more informed decision to determine whether a Facebook group is the appropriate tool for your needs.

JavaScript license information