The Facebook social network guide canceled an internship in his office of a Harvard student after he created a plugin for Google Chrome, which revealed significant flaws in the privacy system of messages on the FB.
In May of this year, Aran Khanna, a student of the Faculty of Informatics and Mathematics, created Marauder’s Map (a “marauder map”), a browser plugin that worked on the basis of Facebook Messenger users sharing their location with all their interlocutors.
But after installing the plugin, users could use it to track the movement (up to a meter!) Of the person with whom they corresponded, even if this person was not on the list of friends.
The application quickly spread and was downloaded 85 thousand times. Only three days later, when all the press spoke about it, the Facebook administration told Khanna to disable the plugin, and a week later the company released a new version of the Facebook Messenger messenger, changing the settings for how users share their locations.
And this week, Khanna described his such experience in a scientific journal at Harvard University, here is a small excerpt:
“I was asked not to talk to the press about this, they didn’t want such a story harmful to the image to spread. I disabled the plugin so that all current and future users will no longer be able to download the map to display geo-data about the location of other people.
And then, after another three days, they contacted me again from Facebook and said that they were canceling my internship. The summer practice was canceled, allegedly because of a violation of the Facebook user agreement on interference with the site. Later, I received an email saying that my blog does not reflect the “high ethical standards” about user privacy expected from the interns. Based on the letter, the problem is allegedly not with the Facebook Messenger privacy system, but with my blog or code describing how Facebook collects and exchanges user geodata. ”
For its part, the administration of the social network said that they are simply constantly improving their service, and “do not dismiss employees for revealing the shortcomings of confidentiality,” “but we take it seriously when someone uses user data and puts people at risk”, - added to FB.
Khanna himself notes that FB stirred only because the press was involved in the issue. “It is possible that before my blog post, Facebook intends to leave such a hole in the confidentiality system. The average user without special knowledge is not available, but my plugin made the data exchange transparent. ”