AUSTIN, Texas—Bobbi Duncan desperately wanted her father not to know she is lesbian. Facebook told him anyway.
One evening last fall, the president of the Queer Chorus, a choir group she had recently joined, inadvertently exposed Ms. Duncan's sexuality to her nearly 200 Facebook friends, including her father, by adding her to a Facebook Inc. discussion group. That night, Ms. Duncan's father left vitriolic messages on her phone, demanding she renounce same-sex relationships, she says, and threatening to sever family ties.
The 22-year-old cried all night on a friend's couch. "I felt like someone had hit me in the stomach with a bat," she says.
[More from WSJ.com:
Three Facebook Privacy Loopholes]
Soon, she learned that another choir member, Taylor McCormick, had been outed the very same way, upsetting his world as well.
The president of the chorus, a student organization at the University of Texas campus here, had added Ms. Duncan and Mr. McCormick to the choir's Facebook group. The president didn't know the software would automatically tell their Facebook friends that they were now members of the chorus.
The two students were casualties of a privacy loophole on Facebook—the fact that anyone can be added to a group by a friend without their approval. As a result, the two lost control over their secrets, even though both were sophisticated users who had attempted to use Facebook's privacy settings to shield some of their activities from their parents.
"Our hearts go out to these young people," says Facebook spokesman Andrew Noyes. "Their unfortunate experience reminds us that we must continue our work to empower and educate users about our robust privacy controls."
In the era of social networks like Facebook and Google Inc.'s Google+, companies that catalog people's activities for a profit routinely share, store and broadcast everyday details of people's lives. This creates a challenge for individuals navigating the personal-data economy: how to keep anything private in an era when it is difficult to predict where your information will end up.
Many people have been stung by accidentally revealing secrets online that were easier kept in the past. In Quebec, Canada, in 2009, Nathalie Blanchard lost her disability-insurance benefits for depression after she posted photos on Facebook showing her having fun at the beach and at a nightclub with male exotic dancers. After seeing the photos, her insurer, Manulife Financial, hired a private investigator and asked a doctor to re-evaluate her diagnosis, according to Ms. Blanchard's lawyer.
Ms. Blanchard didn't realize her photos were visible to the public, according to the lawyer, who added that depressed people often try to disguise their illness to family and friends. Ms. Blanchard sued to have her benefits reinstated. The matter was settled out of court.
A Manulife spokeswoman declined to discuss the case, saying "we would not deny or terminate a valid claim solely based on information published on websites such as Facebook."
Losing control online is more than a technology problem—it's a sociological turning point. For much of human history, personal information spread slowly, person-to-person if at all.
)
