icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
14 Aug, 2015 13:59

Harvard student loses Facebook internship days after exposing privacy flaws

Harvard student loses Facebook internship days after exposing privacy flaws

A Harvard student lost an internship at Facebook after publicly revealing just how easy it was to track users' movements using the Messenger app. The social media giant withdrew its offer, saying the action didn't meet the site's "high ethical standards."

It all began in May, when Harvard computer and mathematics student Aran Khanna launched Marauder's Map, a Chrome extension that used data from Facebook Messenger to map the location of users when they sent their messages. It even allowed people to track users' movements, learning about their routines and weekly schedules.

Although the media had reported four years earlier that Messenger automatically shared users' location data with anyone they messaged, Facebook seemed unwilling to act – so Khanna decided to take matters into his own hands.

He built the extension, which he says was aimed at allowing users to see the “potentially invasive usage” of the information they share, so they could decide whether they should be worried about it.

RT

Named after the magical map in Harry Potter, Marauder's Map was posted in a blog post on Medium. It quickly picked up speed, with Facebook itself becoming aware of the extension.

It took just one day for Khanna's future manager at Facebook to contact him, asking him not to speak to the press. He was, however, told he could keep his blog post up.

That order was reiterated later that evening, when the global communications lead for privacy and public policy called to stress once again that he should not speak to the press, saying that the objective “was to hamper and spread what had become a damaging story.”

One day later, the same person sent an email requesting that Khanna disable the extension. He did so within the hour, but also updated his Medium post to make clear that Facebook had asked him take down Marauder's Map – which had already been downloaded 85,000 times at that point.

But despite the Harvard student's compliance, Facebook called the next day – just hours before his internship was set to begin – informing him that the offer was no longer on the table. He was told that the extension violated the Facebook user agreement by “scraping” the site, the student wrote in a case study published in the Harvard Journal of Technology Science.

“This mapping tool scraped Facebook data in a way that violated our terms, and those terms exist to protect people’s privacy and safety,” Facebook spokesman Matt Steinfeld told Boston.com. “Despite being asked repeatedly to remove the code, the creator of this tool left it up. This is wrong and it’s inconsistent with how we think about serving our community.”

However, Khanna said that the data he used was from his own messages with friends and acquaintances, which meant he only used information available to all users – not just to employees.

The phone call was later followed up with an email from the head of global human resources and recruiting, who told Khanna that the Medium post did not reflect the “high ethical standards” expected of interns.

The email went on to state that the privacy issue wasn't with Facebook Messenger, but “rather with my blog post and code describing how Facebook collected and shared users' geo-location data,” Khanna wrote.

But although Khanna will likely never work for Facebook, he did seem to incite change.

Nine days after he released the extension, Facebook released a Messenger app update and said: “With this update, you have full control over when and how you share your location information.” It made sharing geo-location data an opt-in feature, although all historical geo-location data is still archived and shared.

Khanna was seemingly pleased with his efforts, writing: “Without public pressure, Facebook may have lacked significant incentive to change. My extension and blog post made the data collection and sharing practice real and transparent. The resulting public attention...seemed to motivate Facebook to react.”

However, Steinfeld maintains that the company had been working on an update long before Khanna's post was published, implying that Khanna had nothing to do with the change made to Messenger.

“This isn’t the sort of thing that can happen in a week,” Steinfeld said. “Even though we move very fast here, they’d been working on it for a few months.”

Despite the snub from Facebook, Khanna managed to secure another internship with a tech start-up in Silicon Valley, saying that his experience with the social media behemoth turned out to be an “internship experience” in itself, teaching him valuable information about the real world.

Podcasts
0:00
26:12
0:00
29:12