Facebook Cancels Internship Of Harvard Student After Disclosure Of Privacy Flaw

Facebook Cancels Internship Of Harvard Student After Disclosure Of Privacy Flaw
Facebook Messenger app camera Kārlis Dambrāns / Flickr CC BY 2.0

Facebook cancelled a Harvard student’s internship after he created an app that brought to surface a flaw in the messenger service of the widely popular social media website, media reports say.


Strangers would be able to see user’s location

Aran Khanna developed a Chrome extension – called Marauders Map, a magical document from the Harry Potter series – after receiving his offer for an internship with Facebook. The app used the location data collected from Facebook Messenger and displayed where users were when they sent a message.

The user’s location, accurate to within three feet, could also be seen in a group chat. Participants of the chat, even if they were strangers to the user, could see the location the message had been sent from.

Also read: Breaking News: Facebook to Launch ‘Breaking News’ Notification App

Marauder’s Map became massively popular soon after Khanna tweeted about the app, and posted about it on Reddit and Medium.

Like us on Facebook

Khanna said his app highlighted the flaw that had been around for quite some time.

“I used data that was already there, and just displayed it in a different way,” he said, as reported by USA Today.

“I think that highlighting a privacy issue with the intent of showing people how much they are putting out there is a service to others.”

There were “over 85,000 downloads of my tool, more than 170 news articles, and 3.6 million Twitter users exposed,” he said.

Also read: Facebook Will Now Allow Brands To Send Direct Message To Users

Marauder’s Map violated Facebook’s terms

The app caught Facebook’s attention within three days of its release, who demanded that Khanna remove the tool. He abided by the order, but soon thereafter his internship with Facebook was rescinded, according to a case study he published at the Journal of Technology Science.

In a statement, Facebook spokesman Matt Steinfeld said that Marauder’s Map “scraped Facebook data in a way that violated our terms and those terms exist to protect people’s privacy and safety.”

Steinfeld added that Khanna did not take down the tool, though he was asked repeatedly to do so.

“We don’t dismiss employees for exposing privacy flaws, but we do take it seriously when someone misuses user data and puts people at risk,” Steinfeld said.

Following Khanna’s disclosure of the flaw, Facebook released an update to its app that made the geo-location data an optional feature.

It gave users “full control over when and how you share your location information.”

Steinfeld said that Facebook had “began developing improvements to location sharing months ago, based on input from people who use Messenger.”

Also read: Facebook Earnings Is Up Due To Advertising

‘I didn’t write the program to be malicious’

However, Facebook’s update did not say anything about the previous settings. In actuality, users who didn’t install the update would continue to have their locations shared unless they manually changed the privacy settings.

Khanna was asked by his to-be manager at Facebook not to talk to the press. The same was reinstated by the social media website’s global communications lead for privacy and public policy in a call that Khanna received the same evening.

Khanna said that his aim was to show people how their data was being used.

“I didn’t write the programme to be malicious,” he said.

You might also be interested in: Chelsea Manning Could Face Indefinite Solitary Confinement Over Expired Toothpaste Tube