Facebook Intern Booted After Identifying Application Flaw
A student with Harvard University claims he lost his Facebook internship after he launched a browser application from his dorm, thereby exploiting major privacy flaws with the company’s mobile messenger.
Aran Khanna, who is of Indian origin, stated to news reporters that after exposing a very serious flaw in Facebook’s messenger system, his chance of working for the company as an intern was denied.
As explained by Aran, last May he released Marauder’s Map, which is a Google Chrome browser extension that uses location data for identifying places where friends are located. It was only after 85,000 people had downloaded the application in just a three-day period that Facebook asked him to shut it down.
Subsequently, location sharing from desktops was also disabled by Facebook and the Messenger for mobile users was updated, providing users with greater GPS data control. Before that update, users’ locations had been shared by default since being launched four years ago, an obvious flaw.
Aran was contacted by an employee of Facebook who notified him that his summer internship was being rescinded. The reason he was given is that by launching Marauder’s Map, the user agreement between he and the company was violated. According to the employee, Aran had scraped the site for location data.
In addition to the conversation with the Facebook employee, an email from the company’s head of global human resources and recruiting was received. In that email, Aran was advised that his post failed to meet the high ethical standards expected of people accepted into the Facebook internship program.
When asked for a direct response, a spokesperson with Facebook stated that the mapping tool launched by Aran scraped data in a way that violates company terms. This individual added that the terms are in place specifically to keep people’s’ information private but also safe.
The spokesperson also said that even though Aran had been asked numerous times to delete the code, he refused to do so. Obviously, this is not only wrong but it completely goes against the mindset and philosophy of Facebook and the way in which the community is served.
Aran believes he did nothing wrong and in fact, did Facebook a favor in revealing a flaw. Although the internship with Facebook fell through, he was accepted into another program for a tech start-up company in Silicon Valley.
As a conclusion to the story, Aran wrote a case study about his experience which he titled “Facebook’s Privacy Incident Response: A Study of Geolocation Sharing on Facebook Messenger”. That case study was published in the Harvard Journal of Technology Science.