Harvard case study exposes Facebook’s slow response to privacy vulnerability in messaging app

2 min read

A new case study released today in the inaugural edition of Technology Science published by Harvard University examines Facebook’s response to the discovery of a glaring privacy vulnerability in its popular messenger app.

The case study comes from Harvard University senior Aran Khanna, who lost an internship with Facebook after discovering a vulnerability in the platform’s Android-based messenger app – a glaring gap which tracked, with unprecedented specificity, the geolocation of users as they sent messages. Khanna drew attention to the privacy gap with his Marauder’s Map, a tool that allows users to plot the actual locations of friends with whom they’re chatting. Over the long-term, this type of data would make it easy for anyone to predict an individual’s specific location on any given day and time.

News of this tool, which mapped out the locational data of others within a meter, spread rapidly. About 85,000 people downloaded it, much to Facebook’s annoyance. The company demanded that the tool be taken out of distribution, which Aran did, and within days Facebook made geolocational data an opt-in feature.

Sharing the geolocational tool prompted Facebook to remove its employment offer to Aran, saying the author fell short of the “high ethical standards” expected of interns. Aran’s experience raises the question of whether one can reasonably expect Facebook or others with an interest in collecting and sharing personal data to be responsible guardians of privacy.