- Trump complains about his Twitter follower count to Jack Dorsey Tuesday 6:34 PM
- ‘Avengers: Endgame’ sticks the devastating landing—and gives you time to grieve Tuesday 5:00 PM
- Teen hits Apple with $1 billion lawsuit over alleged face recognition arrest Tuesday 4:48 PM
- John Cornyn tried to attack Patton Oswalt for his old tweets and failed miserably Tuesday 4:29 PM
- Logan Paul is selling a pillow of his dead dog—for a good cause Tuesday 4:04 PM
- Study: Too much Netflix, not enough ‘chill’ Tuesday 3:36 PM
- Pete Buttigieg under fire for saying incarcerated Americans shouldn’t be allowed to vote Tuesday 2:54 PM
- Vine’s co-founder is beta testing a new app called Byte Tuesday 2:51 PM
- Report: Joe Biden’s first 2020 fundraiser will be with a Comcast executive Tuesday 2:49 PM
- Netflix’s ‘Sabrina’ appears to have an art-copying problem (updated) Tuesday 2:47 PM
- People are crying over these cats’ window-sill romance Tuesday 2:27 PM
- The ‘I’m baby’ meme is all about being comforted Tuesday 2:24 PM
- Parody video totally nails what men are like on Tinder Tuesday 1:57 PM
- Twitch star AriLove latest woman to be arbitrarily banned for ‘sexually suggestive’ attire Tuesday 1:47 PM
- The 18 best Korean beauty sheet masks Tuesday 1:25 PM
Harvard student loses Facebook internship after exposing privacy flaw
Aran Khanna’s app told you exactly where your Facebook friends were messaging from.
Facebook, a company born in a Harvard dorm room, has dismissed an inbound intern over something he created in his own Harvard dorm.
Computer science student Aran Khanna made headlines a few months ago by releasing a Chrome browser extension called Marauder’s Map. The software visualizes on a map where your Facebook friends are when they send you messages through the network’s Messenger chat app. It’s accurate to within three feet, and by Khanna’s own admission, it’s a “slightly creepy” capability for software to display—though that didn’t stop it from being downloaded 85,000 times in its first three days.
Khanna presented the app as something of an activist reaction to Facebook’s data policies. He wrote, “[Y]ou should keep in mind … that the mobile app for Facebook Messenger defaults to sending a location with all messages.”
Marauder’s Map made it abundantly clear that users send more data to Facebook than they might realize, and Khanna suggests people don’t actually consider the implications of having one’s location data so easily harvested: “Because there are no readily visible consequences to sharing your location, users are never incentivized to devote attention to what this default of sharing is actually revealing about them.”
Chrome Web Store
Access to such a wealth of location data meant Khanna (or anyone using the app) could easily track the hour-by-hour movements of his friends around the world. If he were to chat with strangers in a group, he could also see their locations, regardless of friendship status.
Facebook was predictably peeved at the actions of its would-be intern. Boston.com reports that the company rescinded Khanna’s internship two hours before he was due to travel join the company. It asked him to take down the app (which he claims he did). On June 4, Facebook disabled desktop location sharing across its network, a technical detail that rendered Marauder’s Map useless.
A Facebook spokesperson explained that Khanna’s app violated the company’s terms of service, due to how it collected the location data. “This mapping tool scraped Facebook data in a way that violated our terms, and those terms exist to protect people’s privacy and safety,” the spokesperson wrote. “Despite being asked repeatedly to remove the code, the creator of this tool left it up. This is wrong and it’s inconsistent with how we think about serving our community.”
Facebook has hired hacker-types in the past who demonstrate unconventional skills behind a keyboard, but something about Khanna’s efforts clearly missed the mark. This spokesperson explained, “[W]e don’t dismiss employees for exposing privacy flaws, but we do take it seriously when someone misuses user data and puts people at risk.”
“What seems to have made the difference was transparency,” Khanna wrote. “It is possible that before my extension and blog post, the degree of location data collection and sharing by Facebook Messenger was hard for an average user to notice and thus did not raise significant concern. Without public pressure, Facebook may have lacked significant incentive to change. My extension and blog post made the data collection and sharing practice real and transparent.”
Illustration by Jason Reed
Dylan Love is an editorial consultant and journalist whose reporting interests include emergent technology, digital media, and Russian language and culture. He is a former staff writer for the Daily Dot, and his work has been published by Business Insider, International Business Times, Men's Journal, and the Next Web.