recommended reading

Facebook Dumped a Harvard Intern After he Exposed a Privacy Flaw

Gil C/Shutterstock.com

Arun Khanna found out the hard way that Facebook doesn’t particularly appreciate it when potential employees reveal embarrassing privacy gaps.

The Harvard student was all set to be a summer intern at the tech firm until his exposure of a flaw in the company’s Messenger app went viral in a blog post on Medium in May. Three days after the post and two hours before he was supposed to leave for his internship, he was informed that the offer was being rescinded, according to a case studyon the saga he published at the Journal of Technology Science.

At issue: Khanna posted a Chrome extension called “Maurauder’s Map” (a Harry Potter reference) that revealed and exploited the fact that Facebook automatically attached location data to messages, making it extremely easy to map out someone’s location if they used default settings. A week after the post, the company updated the app so that users had to opt in to share location data.

The post and tool became very popular very quickly. There were “over 85,000 downloads of my tool, more than 170 news articles, and 3.6 million Twitter users exposed,” according to Khanna.

Facebook told Boston.com it had been working on such an update long before the blog post came out. It asked Khanna to disable the extension, which he did, in addition to updating his blog post. But that wasn’t the end of the episode. When his offer was rescinded, Khanna was told he violated Facebook’s user agreement by scraping that location data, and, later in an email from the company’s head of HR, that his post didn’t meet the ethical standards required of interns.

“According to the email, the privacy issue was not with Facebook Messenger, but rather with my blog post and code describing how Facebook collected and shared users’ geo-location data,” Khanna writes.

His takeaway? The privacy issue wasn’t a new one to Facebook or the media. But the average user, of Messenger in particular, was probably unaware of how much data they were sharing. All it took was transparency and media attention, to make—or at least significantly accelerate—a significant change.

In case you were wondering, he ended up spending his summer at another startup.

(Image via Gil C/ Shutterstock.com)

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov