Two gay college students were outed on Facebook because of a privacy flaw in Facebook Groups. Users can be added to Facebook Groups by friends without the user's permission or approval. If you happen to be added to a Group that you don't want to be associated with, then your only option is to leave. This is obviously not an effective privacy control, as shown in the scenario below. The two University of Texas in Austin students had been careful to keep their parents from finding about about their lifestyles. However, when they were added to a Facebook discussion group for Queer Chorus, a choir group on campus, a notification popped up and informed all of their friends. The group's creator had the group set on "open" settings, so everyone could see it. ("Secret" group settings hide Facebook groups from everyone, while "closed" groups still allow the names of users to be seen, but not what they're posting in the group.) The two students had taken great pains to hide their Facebook profiles, yet their lifestyles were still revealed by this simple privacy flaw. "Our hearts go out to these young people," says Facebook spokesman Andrew Noyes in a Wall Street Journal article. "Their unfortunate experience reminds us that we must continue our work to empower and educate users about our robust privacy controls." The problem here isn't educating users about often cumbersome privacy controls ? the problem is that the privacy controls regarding this issue with Facebook Groups is fundamentally flawed. Even if you were to educate all Facebook members that anyone can be added to a public group, what is to stop situations like this from occurring? It's outrageous for Facebook to blame the lack of user education in this instance! All condolences are too little, too late for these two students, who are now facing angry reactions from their families.