Get All Access for $5/mo

Student Loses Facebook Internship After Highlighting Major Privacy Flaw in Messenger Aran Khanna's Marauder's Map plugin showed the location of Facebook Messenger users, accurate to within a meter.

By Rob Price

This story originally appeared on Business Insider

Facebook canceled a Harvard student's internship after he created a Google Chrome plugin that highlighted serious privacy flaws in the social network's messaging service, Boston.com reports.

In May, computer science and mathematics student Aran Khanna built Marauder's Map. It was a browser plugin that made use of the fact that people who use the Facebook Messenger share their location with everyone they message with by default.

Upon installing the plugin, users could use it to precisely track the movements of anyone they were in a conversation thread with. This included users who they were not friends with on Facebook — and it was accurate to within a meter.

The app went viral, was downloaded 85,000 times, and saw widespread press coverage by The Guardian, The Daily Mail, Huffington Post and elsewhere. Three days after he launched it via a Medium post, Khanna disabled the plugin after Facebook told him to. At the social network's request, he refused to speak to press, and the company released a new version of Messenger a week later, changing how users share their locations.

Earlier this week, Khanna published a case study for the Harvard Journal of Technology Science about his experience. Here's the student on Facebook's initial response:

[On] the afternoon of the 27th, one day after the Medium blog post's publication, Facebook contacted me. My future manager phoned and asked me not to speak to any press; however, I was told that I could keep my blog post up. By that evening, the global communications lead for privacy and public policy at Facebook called me to clarify Facebook's expectations that I not speak to the press, saying that his objective was to hamper the spread of what had become a damaging story.

By midday of the 28th, the global communications lead for privacy and public policy at Facebook requested by email that I disable the extension. I complied within the hour by deactivating the Mapbox API key associated with the extension so that all current and future users could no longer load the map used to display geo-location data.

Then, three days later, Facebook got in touch again — to say it was canceling his internship:

On the afternoon of the 29th, three days after my initial posts, Facebook phoned me to inform me that it was rescinding the offer of a summer internship, citing as a reason that the extension violated the Facebook user agreement by "scraping" the site. The head of global human resources and recruiting followed up with an email message stating that my blog post did not reflect the "high ethical standards" around user privacy expected of interns. According to the email, the privacy issue was not with Facebook Messenger, but rather with my blog post and code describing how Facebook collected and shared users' geo-location data.

Business Insider has reached out to Facebook for comment and will update when it responds. A spokesperson told Boston.com that "this mapping tool scraped Facebook data in a way that violated our terms, and those terms exist to protect people's privacy and safety ... Despite being asked repeatedly to remove the code, the creator of this tool left it up. This is wrong and it's inconsistent with how we think about serving our community."

The spokesperson also adds that the update wasn't developed just in response to Khanna's plugin. "This isn't the sort of thing that can happen in a week ... Even though we move very fast here, they'd been working on it for a few months."

In the case study, Khanna writes that he thinks it is the media attention that forced Facebook to act when it did. "It is possible that before my extension and blog post, the degree of location data collection and sharing by Facebook Messenger was hard for an average user to notice and thus did not raise significant concern. Without public pressure, Facebook may have lacked significant incentive to change. My extension and blog post made the data collection and sharing practice real and transparent."

He concludes with a set of questions: "What does this say about privacy protection? Can we reasonably expect Facebook or others with an interest in collecting and sharing personal data to be responsible guardians of privacy? Could this work have been done inside Facebook to understand how its users view the collection and sharing of their data?

"Must future privacy guardians always be on the outside?"

Rob Price is a technology reporter for Business Insider.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Starting a Business

He Started a Business That Surpassed $100 Million in Under 3 Years: 'Consistent Revenue Right Out of the Gate'

Ryan Close, founder and CEO of Bartesian, had run a few small businesses on the side — but none of them excited him as much as the idea for a home cocktail machine.

Business Solutions

Get Down to Business with Lifetime Access to Microsoft Office 2021 for Mac for 70% Off

Unlock essential Office tools with a one-time purchase — ideal for entrepreneurs and professionals looking to streamline their workflow.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business News

Looking for a Remote Job? Here Are the Most In-Demand Skills to Have on Your Resume, According to Employers.

Employers are looking for interpersonal skills like teamwork as well as specific coding skills.

Franchise

The Top 10 Coffee Franchises in 2024

From a classic cup of joe to a creamy latte, grab your favorite mug and get ready to brew up success with the best coffee franchises.

Business News

'Do You Sell Cars?': Tesla CEO Elon Musk Trolls Jaguar Rebrand on X

The team running Jaguar's X account was working hard on social media this week.