Un-friended by Facebook? Intern loses spot after privacy snafu

A screen of Marauders Map app showing location of user.
Source: Chrome

Facebook rescinded a student's summer internship offer after the candidate hacked a privacy loophole on the social media network—and now he wants to spread the word about privacy concerns on social media.

When Aran Khanna accepted an internship at Facebook in December, he got interested in the company's "hacker culture" and started looking into a known vulnerability in the social media site's Messenger app. Khanna published his findings in a case study in peer-reviewed academic journal Technology Science.

However, when the computer science and mathematics major took the experiment too far, his big break with Facebook ended before it began.

Read More Facebook enters the minimum wage fight

"I thought it was an interesting way to critique the feature and thought it would be in line with the company culture," Khanna said. "Unfortunately, Facebook didn't see it that way, but at least the public can view the facts and make up their minds themselves." originally broke Khanna's story.

Messages sent in Messenger included users' location data by default if they have "location services" enabled on their mobile device or desktop. Using that data, Khanna created a browser extension called "Marauders' Map," a tool to "creepily stalk" your Facebook friends, according to his post on social blogging site Medium.

Basically, the app took advantage of a design flaw about which Facebook previously was aware, but did nothing about: the sharing of user locations with anyone they are chatting with.

Read MoreThese internships pay more than 'real' jobs

The tool shows the current location on a map of anyone you message and went viral nearly immediately after Khanna posted it, having been downloaded 85,000 times.

The social network, however, wasn't pleased. After three days, Facebook asked Khanna to disable the app, Khanna said. As the glare of the press shone brighter on the app and its flaws, the company asked Khanna not to talk to the press, then eventually cut him for violating company standards.

Facebook spokesman Matt Steinfeld said he was unable to comment on personnel issues, but told CNBC that the tool violated Facebook's terms of use.

"Despite being asked repeatedly to remove the code, the creator of this tool left it up," Steinfeld said. "This is wrong and it's inconsistent with how we think about serving our community."

Read More What I learned as Facebook's first intern

As of June 4, users have more power over how they share their data, according to a statement by Facebook that came days after Khanna released "Marauder's Map." But Steinfeld said Facebook started altering location settings months before.

"This is revisionist history that conveniently omits a few important points," Steinfeld said.

Since Khanna never got to work at Facebook, he said he'll never know for sure what went on behind closed doors in the company. But after months reflecting on the experience, he said he stands by the questions raised in his experiment.

Read MoreThe best tech companies for internships

"There is something to take away from this entire experiment that I needed to share," Khanna said. "It raises some important questions about why it wasn't flagged internally years ago and why there was no public outcry."

Khanna said that the moral of his experiment was to publicly pressure for Facebook to be "responsible guardians of privacy"—adding that he never knew how much information he was unintentionally sharing until he looked at his messaging history.

"It is possible that before my extension and blog post, the degree of location data collection and sharing by Facebook Messenger was hard for an average user to notice and thus did not raise significant concern," Khanna wrote. "My extension and blog post made the data collection and sharing practice real and transparent."

Read MoreBarclays analyst to interns: 'Welcome to the Jungle'

Khanna's papers was one of the first published by Technology Science, and editor Latanya Sweeney told CNBC that answering the privacy questions Khanna raised will "require many more studies than one paper."

After losing his gig the a day before he was set to start, Khanna was able to find a new summer internship, making image-recognition programs for a start-up.

"The point of an internship is to try out the company to see if it's right for you, and vice versa," he said. "In that one day, I got what I wanted out of the Facebook internship. I knew the company wasn't for me, because the ethos wasn't present the way I thought it was."

Read More Inside Facebook's futuristic new headquarters