Aran Khanna, a Harvard student, was hired for an internship at Facebook. Facebook, some will remember, was created in the dorm room of a few Harvard students. Interestingly, Khanna created a Facebook app out of his very own Harvard dorm room but lost his internship as a result.
Facebook offered the 21 year old an internship a few months ago. As part of his work, he created an extension for Chrome that he named Marauders Map. The goal of this extension was to use location data that is available on Facebook Messenger so that people could see where users were when a message is sent.
Facebook Messenger already automatically sends a location whenever a message is sent. It is so precise, even, that the whereabouts of the sender can be pinpointed to a distance of less than one meter. This was according to a blog post by Khanna himself on the Medium platform.
The first thing I noticed when I started to write my code was that the latitude and longitude coordinates of the message locations have more than 5 decimal places of precision, making it possible to pinpoint the sender’s location to less than a meter.
He delved deeper into the details he had found. By sifting through the chat data of the past week, he was able to completely replicate the weekly schedule of the friends he had chosen for his experiment. What he also discovered, which was perhaps slightly more worrying, was that he could do the same for anybody, even if they weren’t one of his Facebook friends.
Khanna took the information he had gathered to write a case study, which has recently been published in the Harvard Journal of Technology Science. In it, he explains that the app he had created didn’t actually expose new information. Rather, it demonstrated that there is a significant privacy issue that people were unlikely to even know about. Yet, this is the type of privacy issue that he felt people should know about.
I used data that was already there, and just displayed it in a different way. I think that highlighting a privacy issue with the intent of showing people how much they are putting out there is a service to others.
Facebook, however, disagreed with him. Khanna Tweeted about his new app on May 26. He also made a post on both Medium and Reddit about the issue. It took no time whatsoever for the app to go viral. Within three days, the app had been downloaded thousands of times and Facebook started to pay attention. They immediately told Khanna to take the app down. He complied straight away and the official app version was deactivated, as requested by Facebook.
So far so good, until Khanna came to expect his second internship offer. Having been awarded the spring internship, he was expecting that a summer internship offer would also come. Not only did it not come, it was actually withdrawn. An official statement was received on this matter from Facebook spokesman Matt Steinfeld. He stated that Khanna’s mapping tool:
Scraped Facebook data in a way that violated our terms and those terms exist to protect people’s privacy and safety.
According to Steinfeld, Khanna also did not actually take the tool down, even when he was asked several times to take the tool down. This, to him, was the ultimate insult. He wanted to make it clear that employees would never be dismissed for exposing any kind of privacy flaw. In fact, some people make a very decent living out of finding these flaws, for which they are financially and publicly rewarded. Facebook, however, felt that Khanna had misused user data and, in so doing, had put people at risk. This, to them, was more than enough reason to dismiss him.
No specific details were received on the case against Khanna. However, they quoted section 3.2 of Facebook’s Terms and Services, where it clearly states that Khanna’s actions were against the rules.
You will not collect users’ content or information, or otherwise access Facebook, using automated means (such as harvesting bots, robots, spiders, or scrapers) without our prior permission.
Just nine days after Khanna’s app had been released, it was updated by someone else in Facebook. The result was that people now have to opt in if they want to share their geo-location. As such, users now have the ability to decide themselves whether or not they want to share where they are in the world. According to Steinfeld, this was not only in response to Khanna’s app, but also due to the fact that they had already been working for several months on a system that improved the current location sharing methods. This was in response to requests from active Facebook Messenger users.
Facebook often has to deal with problems in relation to their data sharing methods and users are always keen to point them out. Just a few months ago, the company received a lot of criticism over their facial recognition software. This software means that individuals in digital images are automatically recognized by looking at features in the newly uploaded images and those on the Facebook database. The result is that the computer can automatically link a person’s Facebook account to the faces that appear in videos and photos. It is a form of automatic tagging, in other words.
According to Khanna, his time with Facebook was meaningful and he learned a lot from their ‘back and forth’ procedures. He said that his initial interest for the company came from the ‘hacker culture’ that still underpins it. When Mark Zuckerberg, creator of Facebook, wrote his first letter to investors, he referenced this very ‘hacker culture’.
Meanwhile, Khanna hasn’t sat still. He was immediately offered a new summer internship with a Silicon Valley tech start-up company. He feels that the time he spent at Facebook showed him that the ‘hacker culture’ was not actually as limitless, open and free as what he had understood it to be. He simply hopes that people have also learned that they could unintentionally be sharing private data with third parties and that he has played a part in making this less of a problem.