Facebook axes a future intern for exposing a privacy flaw

13.08.2015
After being accepted for an internship at Facebook, Harvard University student Aran Khanna continued to embrace the same entrepreneurial spirit that helped launch the site on the very same campus over a decade ago. Ironically, his efforts cost him his chance at working at the company.

Khanna discovered a privacy flaw in the default settings of Facebook's Messenger app for Android that automatically shared users' detailed location data. To draw attention to the flaw, Khanna launched an Android app called Marauder's Map that mapped Facebook users' locations based on their activity on Messenger in May, according to Boston.com. The app showed that the location sharing was accurate to within a three-foot distance and shared users' location data even with Facebook users they were not Friends with.

One day after he launched the app, Facebook asked Khanna not to talk to the press, and he complied, directing all press inquiries to Facebook's communications department, according to Boston.com. After three days and more than 85,000 downloads, Facebook asked Khanna to take the app down, and he complied again, even though Facebook resolved the flaw that provided the location data that made Khanna's app work, according to the report.

Despite the fact that Khanna's work led Facebook to resolve a privacy flaw, the company withdrew its internship for the student.

According to Boston.com, Facebook told Khanna that it withdrew the internship offer not because Khanna developed the app, but because he had blogged about Facebook in a derogatory way.

However, in subsequent statements to both Boston.com and Gizmodo, Facebook claims Khanna's app violated Facebook's terms of service agreement, even though Khanna says he used data from his own messages.

Further, Facebook's statement to Gizmodo implies that the company was already working on location sharing in Messenger in some fashion (although what it was working on remains unclear) months before Khanna's app drew attention to it.

Indeed, as Boston.com pointed out, Messenger has automatically shared location data since at least 2011, with CNET having addressed it with a 2012 video showing how to disable the setting.

But it wasn't until a future Facebook intern used that data in a clever (and definitely creepy) way that the company changed how it handles location.

(www.networkworld.com)

Colin Neagle

Zur Startseite