In May, Khanna released Marauder’s Map, a Chrome extension that used location data to show you exactly where your friends were. It was downloaded 85,000 times in three days, before Facebook asked him to disable it.
Facebook also disabled location sharing from desktops and subsequently updated Messenger for mobile, giving users the option to control their GPS data. Prior to that, the app had been sharing users’ locations by default since it launched in 2011.
Khanna was then informed by a Facebook employee that the company was rescinding his summer internship offer, as he had violated its user agreement when he scraped the site for location data.
A Facebook spokesman told Boston.com:
This mapping tool scraped Facebook data in a way that violated our terms, and those terms exist to protect people’s privacy and safety.
Despite being asked repeatedly to remove the code, the creator of this tool left it up. This is wrong and it’s inconsistent with how we think about serving our community.
Khanna has since published a case study on how Facebook responded to the incident and landed an internship at another Silicon Valley tech firm.
When companies routinely reward volunteers for reporting security flaws and encourage such investigation, Facebook is taking a step back into the dark ages, having forgotten its origins as an app hacked together by a student in his dorm room.
We’ve contacted Facebook for comment and will update this post when we hear back.