If you have used Facebook Messenger for any significant length of time, you would know already that by default, the app uses your location and

How Facebook dumped Intern who exposed privacy flaw in Messenger

Posted by

If you have used Facebook Messenger for any significant length of time, you would know already that by default, the app uses your location and shares it with everyone you are chatting with. You have to manually disable it if you do not want this to happen.

Well, a young lad (Aran Khanna) who was working as an intern at Facebook developed a Chrome extension that scrapes all this location data that Messenger shares and plots it on a map.

Facebook Messenger Marauder

Here is an excerpt from his findings:

I am in a pretty active group chat with some of my brother’s friends (who I am friends with on Facebook but don’t know too well). They are all fairly active on the chat, posting once a day or more.

Let’s pick on the one who goes to Stanford. By simply looking at the cluster of messages sent late at night you can tell exactly where his dorm is, and in fact approximately where his room is located in that dorm.

Furthermore, by gathering a couple weeks’ worth of chat data on the map and looking at the location clusters you can even figure out his weekly schedule. With this you can predict exactly which building he would be in at a given time.


Like he said in his blog post, attaching a location to a single message is not a big problem, but over time the information from each and every one of those messages adds up to become a powerful tool that can be used against the person in question. I think of apps/services like Uber, Google Now and the like, and shudder should all that location info fall into the hands of criminal minds.

Anyway, as expected, Facebook had a tete-a-tete with him, asking him not to speak to the press about it. They also requested that he deactivate the extension, and lastly they also deactivated location sharing from the desktop webpage. Oh; but not so lastly, according to this post, Facebook sent him away.

Oh, well. The more things change, the more things stay the same.


  1. Im a little bit confused here

    “But, because no good deed goes unpunished, soon after the whole brouhaha happened, Khanna was told that his internship was no longer available. According to the case study that Khanna published in the Harvard Journal of Technology Science, Facebook informed him that he had violated the Facebook user agreement by scraping the location data from the app, and that his actions did not meet the “high ethical standards” regarding user privacy that interns were expected to have.”

    Facebook Diana funny

  2. typical, big corporations rarely have a soft touch, it’s almost always the hammer
    but yeah, in the days of big data and data mining, his findings are interesting. Facebook’s approach to security (and privacy) has always been like this. patch the leak, but leave the faucet running

  3. So it’s okay for big organisations to track us, but not an individual? That is why I allow few apps to access my location.

    I’m curious as to why Facebook Messenger has a location option. Why do I want to know where someone is talking to me from….unless I’m a business with intentions.

  4. Too bad the lad was laid off. I never really used to pay attention to whether or not apps have access to my location, but as mentioned in this article over time it becomes a great tool that can be used against a person. I realize, i need to be more careful with the way i permit location access.

Leave a Reply

Your email address will not be published. Required fields are marked *