Harvard Student Creates App Using Messenger Privacy Flaw; Facebook Cancels Internship
Being a network with as many users as Facebook does bring a whole lot of responsibility and unwanted media attention. Also, being a social network, Facebook is always under the microscope for privacy concerns and many times, it really is Facebook’s fault. The company has been criticized a lot for its privacy policies and although they do usually patch privacy flaws pretty quick, they continue to make mistakes. Take the case of this Harvard student who created an extension for Google’s Chrome browser which took advantage of the privacy flaws in Facebook’s Messenger app to show precise location of the people on Facebook, but in the end, this cost him dearly as the social-networking giant revoked their internship offer for him.
Aran Khanna is a computer science and mathematics student at the prestigious Harvard University and back in May, he noticed a flaw in Facebook’s Messenger, which allowed any user to find out the location of any other Facebook user, even the ones which aren’t friends with them. Basically, the Messenger app automatically shares the location of its users every time they message by default. Although this feature had been a part of it for quite some time, it hadn’t got enough media attention for Facebook to take it seriously. Khanna went ahead and used this flaw to create a Google Chrome extension called “Marauder’s Map”, taking inspiration from the Marauder’s Map in Harry Potter books which let anyone see where everyone in Hogwarts was.
What’s even more worrying is that this extension was accurate to within a meter and allowed any Facebook user to see the location of other users, even the ones which aren’t friends with them. The app instantly gained a lot of interest, totaling 85,000 downloads and caught the eye of the people at Facebook. Within three days of the Medium blog-post Khanna published announcing the extension’s launch, Facebook contacted him, made him take down the extension along with the blog post and also told him to not talk to the press. According to Khanna, obliged to all the requests by Facebook and yet, on the third day, he was told that the summer internship offer he had received earlier from Facebook had been cancelled.
Facebook released a Messenger updated just a week after that fixing the privacy flaw. They also told Khanna that his internship was cancelled because he violated the privacy terms of the site by scraping data.
Here is the full statement by the Facebook spokesperson,
“This mapping tool scraped Facebook data in a way that violated our terms, and those terms exist to protect people’s privacy and safety … Despite being asked repeatedly to remove the code, the creator of this tool left it up. This is wrong and it’s inconsistent with how we think about serving our community.”
There seems to be two sides to the story: One in which Khanna says that he took down the app within an hour of Facebook requesting him to, while the other from Facebook’s spokesperson saying that despite asking him repeatedly to take it down, he left it up. For now, he remains the one losing from this confusion as he got his internship offer cancelled. While for Facebook, they did get a lot of bad press, but this did push them into putting out the new update which is good for the privacy of its users.