Facebook Groups: Reducing Risks
There are many different kinds of Facebook groups, and their uses range from organizing a fan fiction gathering to spreading the word about a political rally or cause. Facebook groups were not designed for secure collaboration, but as the popularity of Facebook grows, they are inevitably used to coordinate work that may be vulnerable to sabotage or surveillance by other Facebook users, governments, and, of course, Facebook itself.
Facebook has in the past deleted large, politically active Facebook groups without warning, and the company has a reputation for changing privacy policies and settings in unclear ways. If you are discussing sensitive issues, it may be better to consider other tools or sites that make security and privacy a priority. However, that may not be feasible if your audience is unwilling or unable to move from Facebook. So, if you are creating, joining, or administering a Facebook group for a sensitive topic or vulnerable community, here are a few things you should consider.
Choose your group’s privacy settings anchor link
Before creating a group, think about your purpose and goals. Are you hoping to use a group to discuss a controversial topic? Who do you wish to publicize your group to? Will group members want to keep their membership confidential? From whom? These considerations will help you determine your privacy needs and which privacy setting is best for you.
In addition to choosing between public and private, you can also choose between “hidden in search” and “visible in search”—in other words, whether or not your group will turn up if someone searches for it or related topics on Facebook.
If you've already created a group and would like to adjust its privacy settings, all administrators of the group have the ability to change the settings. However, the privacy of groups with 5,000 members or more can only be changed to a more restrictive setting (i.e. public to private) to protect members of these groups from having their posts shared with audiences they didn't intend. If you decide to change your group's privacy to a more restrictive setting, you only have 24 hours to change it back before it's locked into place. No matter the size of the group, all members will receive a notification when the privacy settings are changed.
Regardless of your group’s privacy settings, Facebook has access to everything that is posted to its platform. The company may be served with a legal order that requires it to give content or member information to law enforcement, or to take down content.
Additionally, users can report or flag content inside of groups, even if they're private. Reported content may be removed if it violates the Community Standards and users might receive temporary bans for content violations.
Establish group rules anchor link
Anyone with access to your group can make copies of group conversations, or take screenshots of content and share those screenshots publicly. There is no technical way to prevent this type of information from leaking, but you can still consider establishing rules or guidelines for your group to encourage constructive engagement and help protect the privacy of your group members. While group rules can be difficult (or even impossible) to enforce, they help define the purpose of your group and determine what conversations are best had in the group versus elsewhere. For example, group administrators could add rules prohibiting screenshots to their group’s description, and tell their members that sharing screenshots or other content will result in a ban from the group. There are as many potential community rules as there are communities. Thinking through your group’s security and privacy priorities can help you create the right guidelines for our group.
Know your group’s admins and moderators anchor link
Administrators and moderators have a great deal of power over the privacy settings and membership of groups.
Only a group admin can appoint or remove other group members as admins, and only an admin can change a group’s settings.
An admin is different from a moderator. Moderators can manage content and membership, but can’t change group settings. There can be multiple admins and moderators per group, so it’s important to know who holds that role. Click here to learn how to remove admins or moderators from their roles.
Because of how Facebook’s admin and moderator identity policies work, it can be a good idea to have more than one admin, and to make sure at least one admin in your group uses their real, “authentic” name. If a group admin’s account is suspended (e.g. for using a pseudonym ), the following can happen:
- If there are other admins, the group structure remains the same.
- If no admins remain in the group, Facebook checks whether any moderators remain in the group. If yes, all current moderators are offered the role of admin until one person accepts the role.
- If the group has no moderators either, all group members receive a “Make me an Admin” option or a “Suggest an Admin” option.
With more than one admin, you can reduce your group’s chances of going through this kind of sudden restructuring.
Groups vs. Pages anchor link
Sometimes Facebook groups are confused with Facebook pages. Unlike Facebook pages, which are used to publicly represent a brand, business, organization, or public figure, groups are not always publicly viewable to anyone on Facebook.
If you've determined a Facebook page is more appropriate for your cause than a group, remember that Pages are public spaces. This means that even people without a Facebook account can see them. According to Facebook, “Pages you like are listed in the About section of your profile below Likes. A post that you liked on a Page may appear in News Feed. You may be displayed on the Page you liked or in ads about that Page.”
Facebook’s authentic names policy and administrator anonymity anchor link
Facebook does not allow the use of pseudonyms. Users can only use their “authentic identities”—the name their friends call them in everyday life that acceptable identification forms can show. While group admins often have good reason for wanting to protect their identities, a group admin who does use a pseudonym could be reported and subsequently suspended for violating Facebook’s authentic identity policy.
Blocking unwelcomed users anchor link
You may have good reason to block a group member. Maybe they are a community member who violated the group rules, or an outsider who has managed to join the group. Only an admin can remove or block someone from a group. Group admins who want to ensure their group is not visible to a former member should block that user. Members who are blocked by a group’s admin can no longer see the group or any information about it.
Know what happens to content on Facebook when it is deleted anchor link
Facebook reserves the right to delete Facebook groups that violates its terms of service. If this happens to your group, you could not only lose previous messages and discussions from your group members, but you could also lose access to your membership list. This means that, unless you have kept separate track of your members’ names, you will be unable to re-contact your supporters or community following the deletion of a group.
There's still a lot we don't know about the removal requests Facebook receives from governments, law enforcement, and individuals. However, we do know that such requests can often be political in nature—especially in places around the world where the right to free expression and association is not always honored.
You can also choose to deliberately delete a group. A group creator can delete a group by removing all of its members and then themselves. Deleting a group is a permanent action and it cannot be reversed. Admins can’t delete a group they didn’t create unless the creator chooses to leave the group first. Admins can, however, archive a group. Archiving a group means it won't appear in search results to non-members, and no new members can join the group. Groups can be unarchived by any admin.
Additional information about what happens to content on Facebook when it is deleted can be found in Facebook’s data policy. Even if you’ve deleted data, it may still be accessible for Facebook if a law enforcement agency has requested the data be preserved. Facebook’s Guide for Law Enforcement Authorities states, “We do not retain data for law enforcement purposes unless we receive a valid preservation request before a user has deleted that content from our service.”