For Aran Khanna, landing a highly sought-after internship at Facebook didn’t quite turn out to be the experience he expected.
In fact, the computer science student at Harvard University didn’t even get the chance to start working for the social media giant before they turned him away after he exposed a privacy problem for Facebook users.
Khanna had demonstrated the flaw in a widely publicized browser application he created that allowed people to track their friends based on location data from Facebook’s Messenger app. He wrote a script that pulled geo-location information from Facebook — available to anyone using the Messenger app — and used it to develop a Chrome extension called “Marauder’s Map” (if you don’t get the joke, here’s some help).
The extension allowed people to see on a map exactly where their friends sent messages, accurate within three feet. For Khanna, the extension — published on his blog May 26 — was a chance to underscore the privacy implications of the “invasive” collection of geo-location data, something that has become ubiquitous in the digital world.
But that didn’t sit well with Facebook.
According to an article Khanna wrote on the experience for the Harvard Journal of Technology Science, Facebook asked him to deactivate the application, an extension for use with browsers, within a few days of it attracting a lot of media coverage — including from The Washington Post — and more than 85,000 downloads. The company also asked him not to talk to the media.
He complied with their requests, but on May 29, the company called him up and rescinded the internship offer just a few days before he was supposed to start, Khanna wrote in his article. A week later, Facebook released an update for their Messenger app, which allowed users to choose when to share their location.
Khanna wrote in his article that Facebook rescinded his summer internship because his blog post didn’t meet the company’s “high ethical standards.”
Facebook spokesman Matt Steinfeld said in a statement to Boston.com that Khanna’s map scraped Facebook data in a way that violated the company’s terms.
“Those terms exist to protect people’s privacy and safety,” Steinfeld said in the statement. “Despite being asked repeatedly to remove the code, the creator of this tool left it up. This is wrong and it’s inconsistent with how we think about serving our community.”
Steinfeld also said that the company’s release of the update was not a result of Khanna’s application, adding that the company was working on it for a couple of months and would not have been able to develop it in a week.
Location data is a frequent source of concern about privacy. Prior to Facebook’s update, some critics complained that the onerous process of turning off the location feature put the burden on consumers. Others have just expressed discomfort with the company having information on their whereabouts.
But the debate has extended to more than just privacy on Facebook. A group of researchers from the University of California-Berkeley argued in a study that geo-tagged information online potentially poses a threat to the safety to users. Content uploaded to sites such as YouTube or Flickr may automatically include information on exactly where videos or photos were created.
“Many people are either unaware of the fact that photos and videos taken with their cell phones contain geo-location, especially with such accuracy,” the researchers wrote in the study.
Khanna said in his article that his extension was not intended to be malicious, but he did say it made the data collection more transparent to the average user. He also suggested that without public pressure, Facebook may not have had the incentive to change.
“What does this say about privacy protection?” he said in the article. “Can we reasonably expect Facebook or others with an interest in collecting and sharing personal data, to be responsible guardians of privacy?”