According to Rob Price of Business Insider and Allison Pohle of Boston.com, Harvard student Aran Khanna had secured a highly prized summer internship with Facebook a few months ago when he released an app he'd created called Marauder's Map. This app would go viral, lead to Khanna losing his internship, focus a great deal of attention on Facebook's problems with privacy, and serve as a warning for how risky it is for us to share data online, especially when we're not even aware we are doing so.
The problem lies in the settings of the Facebook Messenger app. Until recently, by default when a message is sent, the app shares the geographical location of the sender with the receiver. This is an issue that been known for a least three years, with CNET even releasing a video demonstrating how to turn off location sharing for the app. Nevertheless, even through years of updates, location sharing remained the automatic default.
Khanna's Marauder's Map app used that data to track the movement in real time, of anyone a user was in a message conversation with, being able to pinpoint their location down to the meter. It even worked on people the user wasn't even friends with on Facebook.
The Marauder's Map app that Khanna released quickly went viral, and garnered attention from multiple news and media outlets. Facebook's response was to ask Khanna to disable his new app, which he did, ask him not speak to the press about it, a request he complied with aside from a blog post he claims his future boss said was okay, and release an update to the Facebook Messenger app that changed how users share their locations with each other.
It seems like Facebook would be happy about what Khanna had accomplished. Using his own ingenuity, he found a creative way to highlight a security flaw that most users of the Facebook Messenger app were completely unaware of, and spurred Facebook to make a change that institutional inertia had likely prevented them from fixing in the first place.
But, because no good deed goes unpunished, soon after the whole brouhaha happened, Khanna was told that his internship was no longer available. According to the case study that Khanna published in the Harvard Journal of Technology Science, Facebook informed him that he had violated the Facebook user agreement by scraping the location data from the app, and that his actions did not meet the "high ethical standards" regarding user privacy that interns were expected to have.
There's a great deal of irony to be found in this, if that was the actual motivation for Khanna's internship being rescinded, but most likely it is just the usual habit large companies have of shooting the messenger. And hey, if the Marauder's Map app was still up, they'd be able to track exactly where it was that the messenger was shot!
Khanna ends his case study with a few questions that we would all do well to consider, especially in an age where almost every app, from messenger services to games to everything else, wants to know our location at all times and have access to all our data. He asks "Can we reasonably expect Facebook or others with an interest in collecting and sharing personal data to be responsible guardians of privacy? Could this work have been done inside Facebook to understand how its users view the collection and sharing of their data?"
And most importantly: "Must future privacy guardians always be on the outside?"