Previously, we posted about a privacy issue in Facebook messenger; Aran Khanna, a Harvard University student, discovered 'A Marauder's Map' that could sense and give the geolocations of your friends on the messenger.
Khanna had received an opportunity to work as an intern for Facebook…
…But destiny had planned something else for him, as after publicly stating the risk associated with the app; Facebook withdrew his candidature as a summer intern.
Why Facebook Fired Him?
Khanna himself confessed to be an avid user of the Facebook Messenger app, as it is an integral part of his social life. However, one day, while going through his chat history he found that a location is attached to each message he has sent and received from his device.
Also, the location is shared with the 'power of default' even if you choose to turn the location sharing option off.
This made him look for the complete inside story, which brought him to a strange thing while writing the code.
"The latitude and longitude coordinates of the message locations have more than five decimal places of precision, making it possible to pinpoint the sender's location to less than a meter" as said by Khanna.
He even demonstrated the whole story by putting himself into the picture, i.e. he started a conversation with one of his brother's friend and could tell exactly where he was in his dorm and the exact location of his room!
Adding more to it, he said when a cluster of past chats were picked on the map he could tell the whole routine of the person. This goes right for the people with whom one is not friends but have a mutual group of conversation on the messenger.
Privacy is not private anymore!
In another 'test run' with his friend, he could even track hour by hour location of the person.
How did he do this?
He developed a chrome extension and named it 'Marauder's Map' and also made the source code available on Github.
Facebook told him that "the extension violated the Facebook user agreement by "scraping" the site".
According to him, Facebook had issues with him for sharing the whole story stepwise on his blog and code describing how Facebook collected and shared users' geolocation data.
He emphasized, "the main problem is that every time you open your phone and send a single message it is so easy to forget about your location data being attached to it.
Furthermore, it seems so harmless to assign a location with a single message, but the problem is over time the information from these messages adds up".
The users never came to know the real meaning of 'By Default'.
His primary concern over writing the code was to make people aware and the importance of the degree of private data being open to the world.
Lastly, being portrayed as the villain of the whole story, Facebook updated its privacy policy and fired him.