Harvard student Aran Khanna was preparing for a Facebook internship when he did something to draw unwanted attention. If you are familiar with the Harry Potter book and movie series, you know of the Marauder’s Map. In the book, the map was something that told the real time location of people at any given time. What Khanna did was discover a security flaw in the Facebook Android app that allowed location settings to be displayed, even with people he was not friends with.
This app took advantage of a known three year old security flaw in Facebook’s software that caused the location of the person sending any message to automatically be shared. The map was accurate within three feet of where the the sender was posting from, and could be a very bad thing for people that were trying to keep their privacy.
Khanna posted about his app on Reddit, and it started to go viral. After four days and 85k downloads, Facebook got in touch with Khanna and requested him to take the app down, and to direct any questions to Facebook. Of course, Khanna complied. Facebook had no sympathy for the programmer from Harvard that launched the app from his dorm room. He did not think he had done anything wrong, because he did not make the app to be malicious, he thought he was doing it for the public good by showing members how their data was being used.
They promptly removed the offer for internship they had promised him. He stated that he only made the app to demonstrate the unintentional consequences of sharing information. Right before Khanna was scheduled to start the internship, they rescinded the offer. Khanna’s defense was he used his own messages to gain the information, which meant he used information accessible to all Facebook users, not just to employees. The email he received from the company stated not so much that Facebook had a problem with the app itself, but instead the way his post described how Facebook collected and shared user data. He had violated the extremely high standards that are expected from their interns.
Apparently, it is ok to make the app, but Facebook does not want you trashing them. Mark Zuckerberg, founder of Facebook, states he wants his employees to be bold. It is safe to say he did not mean that bold. Though Facebook states they have been working on a fix for some time, the timing of their new software release is suspicious.
Aran Khanna got another offer for an internship from a start up in Silicon Valley. He also stated that if nothing else, this encounter with Facebook has taught him a great deal about how things operate. It is true that sometimes the best knowledge is life experience. Perhaps Aran will go on to help other companies protect their users privacy in the future.