
Harvard student loses Facebook internship after pointing out privacy flaws - huac
http://www.boston.com/news/nation/2015/08/12/harvard-student-loses-facebook-internship-after-pointing-out-privacy-flaws/zASZFdUjn6PoliUiR9kVHJ/story.html
======
stephenr
Yeah, this is hardly surprising.

Facebook and Zuckerberg honestly are a good example of "Do as I say not as I
do".

Facebook doesn't track your location constantly so you can know where your
wife or sister is when you message them - they track you so they can serve you
ads.

It's good to hear that he got a job somewhere else, but honestly I would
question the morals/ethics/human decency/whatever you want to call it, of
anyone that would go to work for Facebook, given how user-hostile the company
is when it comes to privacy.

~~~
craftkiller
I wouldn't question their ethics since Facebook isn't exactly invading your
privacy, you're giving away your privacy by using them. This isn't like Lenovo
or the NSA spying on you since in those instances there was a reasonable
expectation of privacy. Facebook is a platform designed around you sharing as
much information as possible, so it should be assumed they're tracking your
location to advertise at you.

~~~
stephenr
Facebook don't invade my privacy because I don't use it.

However there are _numerous_ cases where people have been caught out because
Facebook was sharing information they expected to be private or limited to
their friends.

Yes there is an aspect of personal responsibility here, but there is also a
strong aspect of basic human decency which is pretty much at odds with
Facebook's business model.

Good companies don't ask "what information can we get from users and how can
we make money from it?"

Good companies ask "what is the minimum amount of information we can collect
to provide our product/service. OK, are we sure we need that much? How do we
protect that information?"

------
Mikushi
>this mapping tool scraped Facebook data in a way that violated our terms, and
those terms exist to protect people’s privacy and safety

Really? They're not even trying at Facebook anymore. Terms mean jack shit to a
malicious attacker, which is exactly who would exploit such appalling code.

~~~
argonaut
It's hardly an exploit. All it really is is a feature that this guy happened
to disagree with, and he demonstrated his disagreement by showing how it could
be used to track your location on a map. To "exploit" this, _you the user_
would have to proactively send chat messages over a prolonged period of time
to the "attacker," so I hardly call this an attack.

------
nickpsecurity
A bit ironic given Zuckerberg's own actions at his University.

~~~
stephenr
This isn't irony, it's hypocrisy.

~~~
nickpsecurity
Agreed

------
nso95
Can you really call it a flaw when they did it on purpose?

------
kelukelugames
The moral of the story is never upset your employer. Being right doesn't
matter.

~~~
mehrdada
FB wasn't his employer, yet.

Actually, the moral of the story, as I see it, is these days you can upset
whoever you want as long as you are a good engineer. He got another job;
probably less boring than a random internship offered to hundreds of people.
_Do the right thing.[1]_

[1]: [http://paulgraham.com/good.html](http://paulgraham.com/good.html)

~~~
argonaut
Yes, which is why they didn't fire him, they only rescinded his offer.

Also, "probably?" We have no idea. It sounds like you're just trying to
justify the intern's actions.

