diff --git a/app/controllers/favorite_groups_controller.rb b/app/controllers/favorite_groups_controller.rb
index 21b4afc0b..e56958e51 100644
--- a/app/controllers/favorite_groups_controller.rb
+++ b/app/controllers/favorite_groups_controller.rb
@@ -13,6 +13,7 @@ class FavoriteGroupsController < ApplicationController
 
   def show
     @favorite_group = FavoriteGroup.find(params[:id])
+    check_read_privilege(@favorite_group)
     @post_set = PostSets::FavoriteGroup.new(@favorite_group, params[:page])
     respond_with(@favorite_group)
   end
@@ -37,13 +38,13 @@ class FavoriteGroupsController < ApplicationController
 
   def edit
     @favorite_group = FavoriteGroup.find(params[:id])
-    check_privilege(@favorite_group)
+    check_write_privilege(@favorite_group)
     respond_with(@favorite_group)
   end
 
   def update
     @favorite_group = FavoriteGroup.find(params[:id])
-    check_privilege(@favorite_group)
+    check_write_privilege(@favorite_group)
     @favorite_group.update_attributes(params[:favorite_group])
     unless @favorite_group.errors.any?
       flash[:notice] = "Favorite group updated"
@@ -53,7 +54,7 @@ class FavoriteGroupsController < ApplicationController
 
   def destroy
     @favorite_group = FavoriteGroup.find(params[:id])
-    check_privilege(@favorite_group)
+    check_write_privilege(@favorite_group)
     @favorite_group.destroy
     flash[:notice] = "Favorite group deleted"
     redirect_to favorite_groups_path
@@ -61,13 +62,17 @@ class FavoriteGroupsController < ApplicationController
 
   def add_post
     @favorite_group = FavoriteGroup.find(params[:id])
-    check_privilege(@favorite_group)
+    check_write_privilege(@favorite_group)
     @post = Post.find(params[:post_id])
     @favorite_group.add!(@post.id)
   end
 
 private
-  def check_privilege(favgroup)
+  def check_write_privilege(favgroup)
     raise User::PrivilegeError unless favgroup.editable_by?(CurrentUser.user)
   end
+
+  def check_read_privilege(favgroup)
+    raise User::PrivilegeError unless favgroup.viewable_by?(CurrentUser.user)
+  end
 end
diff --git a/app/models/favorite_group.rb b/app/models/favorite_group.rb
index f6047e9e2..e547ec871 100644
--- a/app/models/favorite_group.rb
+++ b/app/models/favorite_group.rb
@@ -237,4 +237,8 @@ class FavoriteGroup < ApplicationRecord
   def editable_by?(user)
     creator_id == user.id
   end
+
+  def viewable_by?(user)
+    creator_id == user.id || !creator.hide_favorites?
+  end
 end
diff --git a/app/models/tag.rb b/app/models/tag.rb
index 9e1c8cb4d..0cae27734 100644
--- a/app/models/tag.rb
+++ b/app/models/tag.rb
@@ -608,11 +608,23 @@ class Tag < ApplicationRecord
 
           when "-favgroup"
             favgroup_id = FavoriteGroup.name_to_id(g2)
+            favgroup = FavoriteGroup.find(favgroup_id)
+
+            if !favgroup.viewable_by?(CurrentUser.user)
+              raise User::PrivilegeError.new
+            end
+
             q[:favgroups_neg] ||= []
             q[:favgroups_neg] << favgroup_id
 
           when "favgroup"
             favgroup_id = FavoriteGroup.name_to_id(g2)
+            favgroup = FavoriteGroup.find(favgroup_id)
+
+            if !favgroup.viewable_by?(CurrentUser.user)
+              raise User::PrivilegeError.new
+            end
+
             q[:favgroups] ||= []
             q[:favgroups] << favgroup_id