Hacking is a legitimate business nowadays because companies like Google and Microsoft are willing to pay cash for people to find exploits in their services and report them. It’s a great way for these companies to remain secure while encouraging people to report security flaws rather than exploit them. Facebook must not have the same mindset, however, as the company recently booted an intern for discovering a pretty significant privacy flaw with Messenger.
Three months ago, Harvard student Aran Khanna was preparing to start a coveted internship at Facebook when he launched a browser application from his dorm room that angered the social media behemoth. His application, called Marauder’s Map — a clever name that Harry Potter fans will appreciate — was a Chrome extension that used data from Facebook Messenger to map where users were when they sent messages. The app also showed the locations, which were accurate to within three feet, in a group chat with people he barely knew. That meant complete strangers could hypothetically see that he had messaged them from a Starbucks around the corner, while he could see that they had messaged from their dorms. The app capitalized on a privacy flaw that Facebook had been aware of for about three years: the Facebook Messenger app automatically shared users’ locations with anyone who they messaged.