Facebook cancels student's internship who pointed out flaws

An Indian-origin Harvard student's internship at Facebook was cancelled after he developed an app that pointed out the privacy flaws in the popular social media's messenger service, a media report has said.

Aran Khanna was preparing to start the coveted internship at Facebook three months ago when he launched a browser application called Marauder's Map that used data from Facebook Messenger to map where users were when they sent messages, a report on Boston.com said.

The app “capitalised on a privacy flaw that Facebook had been aware of for about three years: the Facebook Messenger app automatically shared users' locations with anyone who they messaged,” the report said.

Khanna tweeted about the app on May 26 and soon it went viral. However, within three days, Facebook asked Khanna to disable the app and then withdrew its internship offer to him, the report said.

The company also deactivated location sharing from desktops, which meant Khanna's app wouldn't work even if he hadn't taken it down.

Before it was disabled, the extension was downloaded more than 85,000 times, Khanna said.

Khanna detailed the experience in a case study published this week for the Harvard Journal of Technology Science.

He said that he created the app to show the consequences of unintentionally sharing data so that users could decide for themselves whether or not it was a violation of their privacy.

Khanna also received a call from Facebook's global communications lead for privacy and public policy, who reiterated that Khanna shouldn't talk to the press because the story had become damaging, the report added.

Khanna complied, redirecting all press inquiries back to Facebook but Facebook still asked him to deactivate the extension, which he did.

Khanna however also updated an online post in which he said that Facebook asked him to disable the map.

Khanna said he was told that he violated the Facebook user agreement when he scraped the site for data.

However, Khanna told Boston.com that the data was from his own messages, which meant he used information accessible to all Facebook users, not just to employees.

The report said Khanna also received an email from Facebook's head of global human resources and recruiting, who told him that his online post didn't meet the high ethical standards expected of interns.

Matt Steinfeld, a Facebook spokesman, said that the mapping tool scraped Facebook data in a way that violated its terms, and those terms exist to protect people's privacy and safety.

“Despite being asked repeatedly to remove the code, the creator of this tool left it up. This is wrong and it's inconsistent with how we think about serving our community,” Steinfeld said.

Khanna maintains that the app was aimed at showing users how their data was being used.

“I didn't write the programme to be malicious,” he said.