This spring, undergraduate coder and incoming Facebook intern Aran Khanna published a problem with Facebook Messenger, the most popular app on the entire iTunes Store: it was transmitting your location to everyone and you probably had no idea. Instead of rewarding his vigilance, Facebook fired him.

It’s important to make a few things clear: at no point did Khanna “hack” Facebook, or publish any new exploitative code that would allow someone malicious the company’s software. Rather, he explained how a deliberate feature of Facebook’s widely used IM app had some uncomfortable consequences for privacy, and he devised an app of his own that illustrated the problem:

But in a new paper for Harvard’s Journal of Technology Science, Khanna explains how Facebook—whose motto was up until recently “move fast and break things” and literally fucking resides at an address of its own making called “1 Hacker Way”—treated him like a criminal:

On the afternoon of the 29th, three days after my initial posts, Facebook phoned me to inform me that it was rescinding the offer of a summer internship, citing as a reason that the extension violated the Facebook user agreement by “scraping” the site. The head of global human resources and recruiting followed up with an email message stating that my blog post did not reflect the “high ethical standards” around user privacy expected of interns. According to the email, the privacy issue was not with Facebook Messenger, but rather with my blog post and code describing how Facebook collected and shared users’ geo-location data.

That response is bullshit. Not only is the airing of software security vulnerabilities an honored (and rewarded!) practice at technology firms, Facebook has above all its peers spread the myth of the virtuous hacker, the company that made “hackathon” standard jargon for MBAs. Before the company went public, Mark Zuckerberg wrote a ponderous letter to investors titled “The Way of the Hacker”:

“Hacker culture is … extremely open and meritocratic. Hackers believe that the best idea and implementation should always win.”

Unless the best idea embarrasses Facebook, that is. Khanna told me over the phone that it was exactly this “hacker culture” that drew him in to the internship to begin with. But after exemplifying that culture by calling out his employer for loose privacy practices—as if he were the first!—Facebook told him he “clearly didn’t care about user privacy,” and the offer was rescinded. The irony of Facebook canning a young Harvard student for breaking the rules with his computer is off the fucking charts.

But it’s also scary that Facebook would rather preserve its image than admit wrongdoing and, say, give Aran Khanna a full-time job offer for showing initiative and an obvious interest in user privacy. Lucky for Aran, he’s clearly smart as shit, and I’m sure another, less craven tech firm will make use of him soon. His resume is on his website.

Contact the author at biddle@gawker.com.
Public PGP key
PGP fingerprint: E93A 40D1 FA38 4B2B 1477 C855 3DEA F030 F340 E2C7