SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
13 Aug 2015

Student loses Facebook internship after pointing out privacy flaws

Three months ago, Harvard student Aran Khanna was preparing to start a coveted internship at Facebook when he launched a browser application from his dorm room that angered the social media behemoth.

His application, called Marauder’s Map — a clever name that Harry Potter fans will appreciate — was a Chrome extension that used data from Facebook Messenger to map where users were when they sent messages.

The app also showed the locations, which were accurate to within three feet, in a group chat with people he barely knew. That meant complete strangers could hypothetically see that he had messaged them from a Starbucks around the corner, while he could see that they had messaged from their dorms. The app capitalized on a privacy flaw that Facebook had been aware of for about three years: the Facebook Messenger app automatically shared users’ locations with anyone who they messaged. Khanna tweeted about the app on May 26 and posted about it on Reddit and Medium. Marauder’s Map began to go viral. Facebook, never one to miss a trend, quickly caught on.

Within three days, Facebook asked Khanna to disable the app. The company also deactivated location sharing from desktops, which meant Khanna’s app wouldn’t work even if he hadn’t taken it down. And the company that Mark Zuckerberg famously launched from his Harvard dorm room withdrew its internship offer from this Harvard student, who apparently made the mistake of...launching an app from his dorm room.

Before it was disabled, the extension was downloaded more than 85,000 times, Khanna said. About a week later, Facebook released a Messenger app update trumpeted as follows in a news release: “With this update, you have full control over when and how you share your location information.” The description didn’t mention the previous default settings. Nor did it point out that users who didn’t activate the update would continue to share their locations by default unless they manually altered their privacy settings.

Matt Steinfeld, a Facebook spokesman, said the company had been working on a Messenger update long before Khanna’s blog post was published. “This isn’t the sort of thing that can happen in a week,” Steinfeld told. “Even though we move very fast here, they’d been working on it for a few months.”

Khanna, who detailed the experience in a case study published Tuesday for the Harvard Journal of Technology Science, told Boston.com he created the app to show the consequences of unintentionally sharing data. That way, he said, users could decide for themselves whether or not it was a violation of their privacy.

Facebook Messenger, the company’s mobile messaging app, had been set up with automatic geolocation sharing since it launched in 2011. Experts drew attention to the issue in 2012 and showed users how to switch off location services. Various updates to the app improved its usability and even introduced fun cat emoji stickers, but the geolocation sharing remained.

Khanna used Messenger frequently when he started studying at Harvard, but didn’t realize how much information he was unintentionally sharing until he began to look at his message history. The day after Marauder’s Map was posted, Khanna said his future manager at Facebook called him and asked him not to talk to the press. That evening, Khanna received a call from Facebook’s global communications lead for privacy, security and public policy, who reiterated that Khanna shouldn’t talk to the press because the story had become damaging.

Khanna complied, redirecting all press inquiries back to Facebook. The next day, Facebook asked him to deactivate the extension. He did, but also updated his Medium post and the extension’s description to make it clear that Facebook asked him to disable the map.

Three days after the extension was posted, and two hours before he was supposed to leave to start his internship, Khanna received a call from a Facebook employee telling him that the company was rescinding his summer internship offer. Khanna said he was told that he violated the Facebook user agreement when he scraped the site for data. However, Khanna told Boston.com that the data was from his own messages, which meant he used information accessible to all Facebook users, not just to employees.

Khanna then received an email from Facebook’s head of global human resources and recruiting, who told him that his Medium post didn’t meet the high ethical standards expected of interns. Khanna was told that the issue wasn’t the Messenger app itself, but instead the way his blog described how Facebook collected and shared user data.

“This mapping tool scraped Facebook data in a way that violated our terms, and those terms exist to protect people’s privacy and safety,” Steinfeld told Boston.com. “Despite being asked repeatedly to remove the code, the creator of this tool left it up. This is wrong and it’s inconsistent with how we think about serving our community.”

In his first letter to investors back in 2012, Mark Zuckerberg said that Facebook follows an approach they coined the “Hacker Way.” “The word ‘hacker’ has an unfairly negative connotation from being portrayed in the media as people who break into computers,” he wrote. “In reality, hacking just means building something quickly or testing the boundaries of what can be done.” Khanna thought his extension — which he built quickly and which tested boundaries — was performing a public good by showing users how their data was being used.

“I didn’t write the program to be malicious,” he said. In the end, Khanna had a pretty great summer after all. He accepted another internship with a tech start-up in Silicon Valley. And, he said, the back-and-forth with Facebook turned out to be an “internship experience” in itself that taught him a great deal. In the closing of his letter to investors, Zuckerberg said one of the five core values of Facebook is for its employees to “be bold.” But not too bold.

Tags:
surveillance Facebook
Source:
Boston.com
2243
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015