Aran Khanna a Harvard student was slated to spend his summer as an intern at Facebook. But Khanna made the mistake of launching a browser application from his dorm room. It angered Facebook.
Khanna came up with an application titled The Marauder’s Map. The chrome extension used data from the Facebook Messenger to map the exact location of users. The map showed the location to an accuracy of three feet.
The app worked on a privacy flaw in the Messenger which automatically shared user location. The location of anyone on the Messenger could be determined if they were messaging each other. Facebook had apparently been aware of the flaw for three years.
Khanna tweeted about the app on the 26th of May. Khann even posted about it on Reddit and Medium. And it was downloaded 85,000 times.
Check out this blog + extension I wrote about how your friends can track you from Facebook Messenger https://t.co/ufWhvifNLV
— Aran Khanna (@arankhanna) May 26, 2015
“I used data that was already there, and just displayed it in a different way,” Khanna, who detailed the experience in a case study published Tuesday for the Harvard Journal of Technology Science, told USA TODAY . “I think that highlighting a privacy issue with the intent of showing people how much they are putting out there is a service to others.”
As the app started going viral Facebook caught up with the trend. After three days Facebook contacted Khanna to disable the app. Finally Facebook even deactivated location sharing on the Messenger.
A week later Facebook released an update. Which allowed users to control their location information. Facebook didn’t even mention the default settings previously. According to Facebook they had been working on an update even before Khanna published his app.
“This mapping tool scraped Facebook data in a way that violated our terms, and those terms exist to protect people’s privacy and safety,” Facebook spokesman Matt Steinfeld said in a statement. “Despite being asked repeatedly to remove the code, the creator of this tool left it up. This is wrong and it’s inconsistent with how we think about serving our community.”
Similarly two hours before Khanna was supposed to begin his internship at Facebook it was terminated. Khanna received a call telling him he had violated user privacy agreements by Facebook.
“We don’t dismiss employees for exposing privacy flaws, but we do take it seriously when someone misuses user data and puts people at risk,” Steinfeld said.
Ironically Zuckerberg talked about Facebook’s positive approach to hacking in 2012. For them hacking means building something to push the limits. But it seems Khanna’s app pushed Facebook’s limit too far. Khanna later published the experience in the form of a research paper. He also interned at a tech start-up in Silicon Valley.
Originally posted in i4u News