The Facebook team promptly asked Khanna to remove the Chrome extension after spotting the chatter around it online in May, which he did. Nine days later, Facebook released an update for Messenger’s location sharing, so even though Khanna got screwed, his jettisoned summer gig resulted in an actual privacy improvement from Facebook. A day after he posted Marauder’s Map, his would-be manager at Facebook asked him not to talk to press, which was followed by a similar message from Facebook’s global communications lead for privacy and public policy.
Advertisement
According to the report, “Khanna complied, redirecting all press inquiries back to Facebook. He did, but also updated his Medium post and the extension’s description to make it clear that Facebook asked him to disable the map”. Khanna said he was told that he violated the Facebook user agreement when he scraped the site for data.
The app capitalized on a privacy flaw that Facebook had been aware of for about three years: the Facebook Messenger app automatically shared users’ locations with anyone who they messaged. “It is possible that before my extension and blog post, the degree of location data collection and sharing by Facebook Messenger was hard for an average user to notice and thus did not raise significant concern”. Khanna did as he was told, but that apparently wasn’t enough for the leadership over at headquarters.
Khanna has since published a case study on how Facebook responded to the incident and landed an internship at another Silicon Valley tech firm.
So in Facebook World, there was no problem to begin with, and Khanna is the villain for creating a tool that pointed out how much data the company collects on you…
He concludes with a set of questions: “What does this say about privacy protection? This is wrong and it’s inconsistent with how we think about serving our community”.
“The word “hacker” has an unfairly negative connotation from being portrayed in the media as people who break into computers”, he wrote.
“I decided to write this extension, because we are constantly being told how we are losing privacy with the increasing digitisation of our lives, however the consequences never seem tangible”.
As for Khanna, he’s already secured an alternative internship at another company.
It is likely Facebook was referring to section 3.3 of its terms and conditions, which states: “You will not collect users’ content or information, or otherwise access Facebook, using automated means (such as harvesting bots, robots, spiders, or scrapers) without our prior permission”.
He concluded that letter with a list of Facebook’s core values – the fifth of which was “be bold”.
Advertisement
But not too bold.
