Advice if you want to work for Facebook: Don’t rock the boat. A student lost his internship with Facebook after provoking the company into updating its location sharing settings for Messenger.
Harvard student Aran Khanna had an internship lined up at Facebook, but Khanna wasn’t going to sit around with his thumb up his butt until that happened. Instead, he got ready for his time at Facebook by creating a Chrome extension to showcase how the company gathers location data using Messenger’s Android app.
The default setting meant anyone using Messenger for Android was sharing their detailed location data with anyone who they were in a message thread with, even if they weren’t Facebook friends.
Khanna called the extension “Marauder’s Map” and it did exactly what he hoped: It drew attention to Facebook’s extensive location tracking. A lot of attention. People were freaked out by how closely Messenger could track your movements if you left its default location sharing settings on. Khanna wrote a Medium post describing his reasons for creating the app:
I decided to write this extension, because we are constantly being told how we are losing privacy with the increasing digitization of our lives, however the consequences never seem tangible
Within a day, Facebook asked Khanna not to talk to the press. He complied. Within two days, Facebook asked Khanna to deactivate the extension. He complied. Within three days, Khanna had lost his coveted internship. Nine days later, Facebook released an update for Messenger’s location sharing, so even though Khanna got screwed, his jettisoned summer gig resulted in an actual privacy improvement from Facebook.
Boston.com talked to Khanna, who said he was initially told that he lost the internship for scraping Facebook’s site data. But when he pointed out that he’d only used publicly available data, the company came up with another excuse, blaming the Medium post he wrote to explain why he deactivated his extension:
Khanna then received an email from Facebook’s head of global human resources and recruiting, who told him that his Medium post didn’t meet the high ethical standards expected of interns. Khanna was told that the issue wasn’t the Messenger app itself, but instead the way his blog described how Facebook collected and shared user data.
I asked Facebook about the Khanna situation. The company doesn’t see its original Messenger settings as a security flaw at all.
“This is revisionist history that conveniently omits a few important points. First, we began developing improvements to location sharing months ago, based on input from people who use Messenger,” a Facebook spokesperson said.
“Second, this mapping tool scraped Facebook data in a way that violated our terms, and those terms exist to protect people’s privacy and safety. Despite being asked repeatedly to remove the code, the creator of this tool left it up. This is wrong and it’s inconsistent with how we think about serving our community.”
So in Facebook World, there was no problem to begin with, and Khanna is the villain for creating a tool that pointed out how much data the company collects on you... Even though it updated its policy anyways. Riiiight.
It’s just more evidence that Mark Zuckerberg’s lip service to hackers and people who “move fast and break things” is just that—lip service.