MENUMENU

Harvard student loses Facebook internship after exposing privacy flaw

Harvard logo with Facebook thumbs-down

Aran Khanna’s app told you exactly where your Facebook friends were messaging from.

Facebook, a company born in a Harvard dorm room, has dismissed an inbound intern over something he created in his own Harvard dorm.

Computer science student Aran Khanna made headlines a few months ago by releasing a Chrome browser extension called Marauder’s Map. The software visualizes on a map where your Facebook friends are when they send you messages through the network’s Messenger chat app. It’s accurate to within three feet, and by Khanna’s own admission, it’s a “slightly creepy” capability for software to display—though that didn’t stop it from being downloaded 85,000 times in its first three days.

Khanna presented the app as something of an activist reaction to Facebook’s data policies. He wrote, “[Y]ou should keep in mind … that the mobile app for Facebook Messenger defaults to sending a location with all messages.” 

Marauder’s Map made it abundantly clear that users send more data to Facebook than they might realize, and Khanna suggests people don’t actually consider the implications of having one’s location data so easily harvested: “Because there are no readily visible consequences to sharing your location, users are never incentivized to devote attention to what this default of sharing is actually revealing about them.”

Chrome Web Store

Access to such a wealth of location data meant Khanna (or anyone using the app) could easily track the hour-by-hour movements of his friends around the world. If he were to chat with strangers in a group, he could also see their locations, regardless of friendship status. 

Facebook was predictably peeved at the actions of its would-be intern. Boston.com reports that the company rescinded Khanna’s internship two hours before he was due to travel join the company. It asked him to take down the app (which he claims he did). On June 4, Facebook disabled desktop location sharing across its network, a technical detail that rendered Marauder’s Map useless.

A Facebook spokesperson explained that Khanna’s app violated the company’s terms of service, due to how it collected the location data. “This mapping tool scraped Facebook data in a way that violated our terms, and those terms exist to protect people’s privacy and safety,” the spokesperson wrote. “Despite being asked repeatedly to remove the code, the creator of this tool left it up. This is wrong and it’s inconsistent with how we think about serving our community.”

Facebook has hired hacker-types in the past who demonstrate unconventional skills behind a keyboard, but something about Khanna’s efforts clearly missed the mark. This spokesperson explained, “[W]e don’t dismiss employees for exposing privacy flaws, but we do take it seriously when someone misuses user data and puts people at risk.”

Khanna did not return request for comment, but he has written extensively on his Facebook “case study” and has already landed an alternate internship, according to the Next Web

“What seems to have made the difference was transparency,” Khanna wrote. “It is possible that before my extension and blog post, the degree of location data collection and sharing by Facebook Messenger was hard for an average user to notice and thus did not raise significant concern. Without public pressure, Facebook may have lacked significant incentive to change. My extension and blog post made the data collection and sharing practice real and transparent.” 

Illustration by Jason Reed

Dylan Love

Dylan Love

Dylan Love is an editorial consultant and journalist whose reporting interests include emergent technology, digital media, and Russian language and culture. He is a former staff writer for the Daily Dot, and his work has been published by Business Insider, International Business Times, Men's Journal, and the Next Web.