Aran Khanna won’t be heading to Menlo Park, California, the headquarters of Facebook, any time soon.
Although Khanna, a Harvard student, was offered an internship at Facebook, it was rescinded after he developed a browser extension called Marauder’s Map that revealed a security flaw in the social media site’s Messenger function.
“As you may know, when you send a message from the Messenger app there is an option to send your location with it,” Khanna wrote in a blog post on Medium. “That I realized was that almost every other message in my chats had a location attached to it, so I decided to have some fun with this data. I wrote a Chrome extension for the Facebook Messenger page… that scrapes all this location data and plots it on a map.”
The application, which is still available, revealed serious security issues. Facebook’s default was to attach the precise location of a Facebook user sending a meter within a meter of the geographical position. “This means that if a few people who I am chatting with separately collude and send each other the locations I share with them, they would be able to track me very accurately without me ever knowing,” Khanna explained.
Facebook has since asked Khanna to develop the app. In an update to the Chrome extension, Khanna wrote “Facebook has deactivated location sharing from the desktop webpage so this code will not work. however, it seems locations are still being shared on the mobile app and sharing is still enabled by default.”
Facebook initially asked Khanna not to talk to the press and informed him his post on Medium violated their ethical standards. “This mapping tool scraped Facebook data in a way that violated our terms, and those terms exist to protect people’s privacy and safety,” Matt Steinfeld, a Facebook spokesman, told Boston.com “Despite being asked repeatedly to remove the code, the creator of this tool left it up. This is wrong and it’s inconsistent with how we think about serving our community.”
Steinfeld also said his company was aware of the security issue and was working to fix it before Khanna created the app.
Khanna has accepted a different internship with a Silicon Valley tech firm.