Talk about being too good at your non-job. A Harvard University junior lost his Facebook internship two hours before he had planned to travel to it after he exploited a privacy issue in the social network's Messenger system. Aran Khanna discussed his experience and findings in a paper published in Harvard's Technology Science journal. "From 2011 to the start of this study in May 2015, Facebook Messenger collected and shared user geo-locations as the default setting for every message sent from the Android mobile app," he writes. The flaw was that those locations could be seen by anyone in a group chat, even if the person who sent the message wasn't friends with everyone else in the group. And so Khanna developed a browser app called Marauder's Map that exposed, on a map, the geo-location data that was being shared.
He tweeted about his Chrome extension and posted about it on Medium on May 26. By the 28th, CNN, the Washington Post, and many others had covered his findings; the extension was downloaded 85,000 times. That same day, Facebook asked Khanna to disable the app; he did. The company also deactivated location sharing on desktops and released a June 4 update that required users to opt in to location sharing. It also withdrew Khanna's internship, which was to start on June 1. The official reason given was a violation of the "high ethical standards expected of interns," according to Boston.com. "This mapping tool scraped Facebook data in a way that violated our terms," a Facebook rep tells the site. Khanna says his app was created using his own Messenger history, not data scraping. "I didn't write the program to be malicious," he says. Khanna ended up securing an internship with another Silicon Valley firm. (This alleged intern tale of woe involves the Olsen twins.)