Exposing of privacy flaw in Facebook costs the Harvard student his internship

Marauder’s Map developer denied internship because he pointed out privacy flaws in Facebook

You cannot bite the hands that feeds you. That’s what happened with Harvard student Aran Khanna when he was refused internship at Facebook after the company found that one of the application created by him exposed a major flaw in its Messenger service.

Khanna’s application, called Marauder’s Map, a Chrome extension was released in May that used Facebook Messenger data to indicate where your friends were when they sent messages. The app also showed precise locations of strangers involved in a group chat who were within three feet of the app. This meant that Khanna and the strangers could ideally see the locations from where they are messaging each other.

The location of the users was automatically shared by the Facebook Messenger app with anyone whom the user messaged. Khanna’s app took advantage of this privacy flaw that Facebook had known for about three years since its launch in 2011.

Khanna tweeted about the app on May 26 and posted about it on Reddit and Medium. Marauder’s Map began to go viral. It was downloaded 85,000 times in three days, before he was asked to disable the app by Facebook.

The company also deactivated location sharing from desktops, which meant Khanna’s app wouldn’t work even if he hadn’t taken it down.  Later, Facebook updated Messenger for mobile allowing the users to use the option to control their GPS data.

Proclaiming widely in a news release about the Facebook Messenger update, the company said: “With this update, you have full control over when and how you share your location information.”

However, nothing was mentioned about the previous default settings nor whether the location details would be continued to sent if the users does not upgrade and does not change the settings manually.

The company had been working on a Messenger update long before Khanna’s blog post was published, said Matt Steinfeld, a Facebook spokesman.

“This isn’t the sort of thing that can happen in a week,” Steinfeld told Boston.com. “Even though we move very fast here, they’d been working on it for a few months.”

However, Khanna had a different point of view on this. Khanna, who detailed the experience in a case study published Tuesday for the Harvard Journal of Technology Science, told Boston.com he created the app to show the consequences of unintentionally sharing data. That way, he said, users could decide for themselves whether or not it was a violation of their privacy.

From the time Facebook Messenger was launched in 2011, the company’s mobile messaging app had been set up with automatic geolocation sharing. Various updates to the app improved its usability and even introduced fun cat emoji stickers, but the geolocation sharing remained.

When Khanna started studying at Harvard, he used to use the Facebook Messenger frequently. However, until he started looking at his message history, he did not realize how much information he had shared unintentionally.

Three days after his extension was posted, and two hours before he was supposed to leave to start his internship, he was informed by a Facebook employee that the company was revoking his summer internship offer, as he had violated its user agreement when he scraped the site for location data.

Khanna also received an email from Facebook’s Head of Global Human Resources and Recruiting, who told him that his Medium post didn’t meet the high ethical standards expected of interns. He was told that the problem was not the Messenger app itself, but the way in which his blog mentioned how Facebook accumulated and shared user data.

A Facebook spokesman told Boston.com:

This mapping tool scraped Facebook data in a way that violated our terms, and those terms exist to protect people’s privacy and safety. Despite being asked repeatedly to remove the code, the creator of this tool left it up. This is wrong and it’s inconsistent with how we think about serving our community.

As Boston aptly put it, “and the company that Mark Zuckerberg famously launched from his Harvard dorm room withdrew its internship offer from this Harvard student, who apparently made the mistake of…launching an app from his dorm room.”

However, Khanna is not that all unhappy. He has landed another internship with a tech startup in Silicon Valley. He said that he has learnt a great deal due to the ups and downs with Facebook that itself turned out to be an “internship experience”.


Please enter your comment!
Please enter your name here