Someone pretty well up there in the hierarchy at work is proposing to use a “secret” Facebook group as an intra-directory for business keeping-in-touch information. This kind of information we would *not *want to be available to outsiders, although we’re not talking about industry secrets – more like a “Who do I talk to in the company about X?” directory, maybe with a “How have you solved problem Y?” forum or two.
I’m one of those dopes who let an application mine my personal email book for people to “invite” to Facebook without realizing I’d done so, so I’m touchy on the subject of FB privacy and security. The co-worker notes that if you don’t make mistakes like I did you can set the privacy controls to keep, for example, your kids safe on FB. I’m of the opinion that it’s all too easy for users to slip up.
Assuming the group stays by invitation only, what are the pitfalls? Is this guy high, or am I paranoid? Is it possible to set options such that leaks can’t happen?
Please note the forum – not looking for opinions but for informed discussion; TIA.
It’s the wrong question. What happens when (not if) somebody does screw up, and is it minor enough that it’s not worth developing your own system? All you really have to do is grab some wiki software, set up an internal server, and you’re good to go.
Why put something company critical or sensitive outside of your control if you don’t need to? Facebook isn’t mature enough IMO for this usage; it really hasn’t been tested for security in this manner.
I’d probably go with something more like Google Groups, if you don’t want to hassle with setting up your own server.
There are plenty of free solutions on the web that are fully hosted that are built for group-based organisation and communication. Facebook, while having “friends” and whatnot isn’t really intended for what your company is considering for, so there’s always going to be some wonkiness with it, even if its not a security issue.
I don’t hang out on FaceBook enough to really understand all the ins and outs, but it doesn’t seem like the right kind of medium for sharing internal company information. Why not set up a wiki? (As ultrafilter suggested). The software for that is free, and if you have no links from outside should be more secure than FaceBook.
What is the advantage? If you’re going to be posting files, you’re going to have to host them anyway, so you might as well have the host be the forum, as well.
My rugby club uses Google Groups to disseminate top secret game plans before matches. We also have our own domain that we set up lists for planning socials and parties. For example, I get all emails sent to “party@rugbyclub.com”, and “social@rugbyclub.com”. Seems like either of these would be better, more secure options. Hosting the site on your own domain is even better.
Can’t speak for my co-worker but I can think of two reasons not to set up a Wiki, myself.
Facebook already exists. Our hypothetical Wiki does not; it would have to be built. The delays inherent in getting ANYTHING “techy” accomplished at this corporation are mind-boggling. If we had to make it ourselves or contract a vendor to do it, I would seriously be shocked if it took less than a year to implement.
Many of our group members are technophobic enough as it is, and overcoming their reluctance to use new tech is (as we say) a nontrivial obstacle. This is not a group you can order to just freakin’ learn it, already, much as I may wish that could happen. However, many others of our users *are *tech-savvy. Facebook is less threatening to the first group (“hey, kids use it all the time!”) and already has a well-tested, friendly UI, but is powerful enough to serve both groups.
What are you going to get out of facebook, though? All you can do is post pictures to it, link to documents, and carry on threaded discussions (which I don’t believe you can search through).
Honestly, I’m not sure. I think maybe the guy wants an easy intra-Yellow Pages – in the sense that we might be able to get people to write their own directory entries using Facebook, rather than trying to pay someone to do it for everyone, especially since for many reasons, no one is sure who does what around here any more.
If your people are all technophobes, then putting them on Facebook is not going to be a good idea. I’m a technophile and I can barely follow how the damn thing works.
Why don’t you try out something that’s already built, but built for this sort of thing (business instead of pleasure.) Here’s a random example
Some are 'phobes, some are 'philes, most are in the middle somewhere. It’s a big and very geographically diverse company.
I don’t think I made this part clear: the guy who’s proposed this is an exec type. I am not. I get no say. I can advise, though; he basically grabbed five or six people who already use Facebook to make a demonstration run, and since I happen to be one of them, I get to say what I think about it.
I appreciate the advice being offered about what things OTHER than Facebook might be better, but I’m not actually asking for it… I’m asking for informed discussion about how secure Facebook can or can not be expected to be.
Having served as a system admin for a large company the real problem is passwords. As long as your not worried about internal people busting in you’ll be OK. It’s stupid people who will put their password on their computer or go to fast when they access the program from home and put “save password on your computer.” Thus their kids or anyone can get in on it
That’s like asking us what we think of the capacity of a Prius for hauling rock, and then not wanting to hear that a F-150 would do the job for the same price.
You say the exec wants to know what you think of facebook as a tool? Tell him it sucks, and that there are better ones out there.
ETA: More tactfully than I did, though, of course. :smack:
No, seriously, please assume *I’m already convinced *a Prius ain’t the right beast for the job – I’m looking for ammo in the fight here: **how do I convince my co-worker? **Assuming he’s sane and reasonable, which I have every reason (at least I did before this shiner, that is) to believe he is. Assume I don’t have the rating to just say “Son, you’re deluded,” and assume logic and evidence will help.
There are other people here who can put this better, but the fundamental issue is that making Facebook secure requires the members of your group to do everything right. That’s not going to happen in any realistic scenario.
Facebook is a social networking site, not designed with security in mind. It has primitive security features that rely on all users doing the right thing at all times. A single mistaken setting can expose your entire setup to strangers without your knowledge. If anyone leaves your company the information is no longer under your control. Facebook doesn’t have tools for effectively sharing documents and information. Facebook uptime is poor; it’s not enterprise level availability. Features are still in flux; there’s no guarantee that what you are using today will be available tomorrow.
Here’s one that will make ice water course through his veins: Facebook has already faced legal challenges and companies with applications on Facebook have received legal judgments forcing them to remove the content. In the example I’m thinking of – Scrabulous vs. Hasbro – it was an intellectual property issue. But the fact remains that their servers are under their control and not yours, and any Facebook user with a lawyer (a shareholder, perhaps?) could wreak havoc by insisting that your Facebook presence is “public” and therefore fair game for Behavior X (which you really wish they wouldn’t do).
Put a slightly different way: your LAN and your intranet is probably hosted on your company’s machines. Your company’s internet site may be on rented machines, or leased machines, but at any rate, it is in a place where a contract guarantees your access to them (and the custodians are bound by contract to deter unauthorized access). Facebook offers nothing – nothing – in writing that remotely implies that “your” data is exclusively yours.