Facebook Cancelled A Harvard Student’s Internship After He Exposed A Massive Glitch In Their System

“They stated that my actions were not up to the ‘high ethical standards’ expected of interns,” Aran Khanna told BuzzFeed News.

1. Harvard student Aran Khanna was supposed to intern with Facebook starting in June. However, after he pointed out a massive flaw in Facebook’s messenger app on Android devices, his internship was revoked.

Aran Khanna

2. Upon realising that people using the Facebook Messenger app share their location with everyone they message by default, Khanna built a Google Chrome plugin that could accurately track the movement of anyone that users had messaged on Facebook.

Aran Khanna

“Facebook was defaulting users into sending their location data with every message from the Android application,” Khanna said in an email to BuzzFeed. “As an avid user of Messenger this feature had frustrated me for a while, so I built an extension that displayed the location data that Messenger was sharing with you on a map (though you didn’t need an extension for this; you could do it with a pencil and a piece of paper), and I shared this project with friends and family to see what they thought about this feature revealing all this data, not expecting the app to go viral the way it did.”

3. Khanna dubbed the app “Marauder’s Map” and it was downloaded 85,000 times when it was released.

Aran Kanna

He released the app via a Medium post named “Stalking Your Friends with Facebook Messenger.”

4. In the post, Khanna explains that Facebook provides screenshots of how Messenger collects location data.

Via Medium

Via Medium

 

5. According to Khanna, within three days of launching the app, Facebook told him to take down the plugin and then rescinded his internship invitation.

Aran Khanna

“Facebook’s response to the blog post and extension was to ask me to not speak to the press about it and then to disable the extension,” Khanna said. “Finally they rescinded my internship offer, citing the fact that my code broke Facebook’s user agreement (which every FB user signs when they join the site) by ‘scraping’ the site. They additionally stated that my actions were not up to the ‘high ethical standards’ expected of interns.”

Update

A Facebook spokesperson told BuzzFeed in an email:

“This is revisionist history that conveniently omits a few important points. First, we began developing improvements to location sharing months ago, based on input from people who use Messenger. Second, this mapping tool scraped Facebook data in a way that violated our terms, and those terms exist to protect people’s privacy and safety. Despite being asked repeatedly to remove the code, the creator of this tool left it up. This is wrong and it’s inconsistent with how we think about serving our community.

“We don’t dismiss employees for exposing privacy flaws, but we do take it seriously when someone misuses user data and puts people at risk.”

Check out more articles on BuzzFeed.com!

Andre Borges is a social news reporter for BuzzFeed and is based in Mumbai.
 
  Your Reaction?
  REACT WITH GIF
 

    Starting soon, you'll only be able to post a comment on BuzzFeed using a Facebook account or via our app. If you have questions or thoughts, email us here.

    Contributions

    Now Buzzing