Aran Khanna, 21 year old student of Computer Science and Mathematics at Harvard University, was to start his internship at Facebook this spring, but instead had his offer rescinded by the organization, over a Google Chrome extension – Marauder’s Map – that he developed a while ago.
The Chrome extension enabled the users to find out the whereabouts of their friends, based on the location data that was available from the Facebook Messenger. Aran discovered that once someone sent you a message, regardless of the person’s existence in your friend list, it was very easy to map the location from where the message came from. On further probing, he realized that he could document a detailed everyday schedule of people that he was chatting with for a few weeks, using the Messenger.
He published his findings on his blog on Medium, where he also mentioned the Chrome Extension he had built.
“The main problem is that every time you open your phone and send a single message it’s so easy to forget about your location data being attached to it. Furthermore, it seems so harmless to attach a location with a single message, but the problem is over time the information from these messages adds up,” he wrote in the post, commenting on how the default settings of the Facebook Messenger allowed your location to be automatically attached to the messages you send.
He also shared the same on Reddit and on Twitter, where it soon picked up and went viral.
Check out this blog + extension I wrote about how your friends can track you from Facebook Messenger https://t.co/ufWhvifNLV
— Aran Khanna (@arankhanna) May 26, 2015
Three days later, Aran was contacted by Facebook to take down the Extension immediately from the Chrome Store, to which he complied, however that did not stop Facebook from withdrawing his internship offer.
In an official statement to USA Today, Matt Seinfield, the spokesperson of Facebook said, “We don’t dismiss employees for exposing privacy flaws, but we do take it seriously when someone misuses user data and puts people at risk,” as he believed that Marauder’s Map, “scraped Facebook data in a way that violated our terms and those terms exist to protect people’s privacy and safety.”