Mischief Managed: The Facebook Privacy Nightmare Caused By One Chrome Extension
I solemnly swear that I am up to no good. That about sums things up.
For a short while, a Chrome extension called the Marauder’s Map was letting Facebook users track their friends’ exact locations. Here’s what you need to know about this Facebook privacy breach.
The Marauder’s Map
The name comes from Harry Potter, where the Marauder’s Map shows the exact locations of everyone in Hogwarts. In reality, this extension was not far removed from this, in that you could see all of your friends pinpointed on a map, tracked in real time. Scary stuff.
It has been noted that this could track Facebook users’ location coordinates down to 5 decimal places. So, it could tell you where people were down to the meter.
It’s Been Axed — Sort Of
The official Chrome extension of the Marauder’s Map has recently been removed at Facebook’s request. However, it still exists on GitHub and could easily be recreated by anyone who knows how to code browser extensions for Facebook.
What this means for users is that the privacy issue has temporarily abated, as Facebook has not yet done anything to stop this information being exposed in the first place. It’s still quite easy for similar tools to do the same job: exposing the whereabouts of all of your Facebook friends.
“The latitude and longitude coordinates of the message locations have more than 5 decimal places of precision, making it possible to pinpoint the sender’s location to less than a meter.” — Aran Khanna
It Uses Data From the Facebook Messenger App
The way this extension worked was to get Facebook location data from the Facebook messenger app, which tracks users in real time. The user would need to be viewing the Facebook messenger web app for it to work.
Any Facebook user who has opted not to use the Facebook messenger app because of invasive permissions , or chosen to opt-out of location sharing would have shared their location information less frequently. These people would only be located by check-ins, photo locations , their home location, and — oh, everything else.
“Creepily track your friends from FB messages” — Marauder’s Map Extension Description
This Is Actually a Big Deal
Now, many of you may be thinking this is no big deal as you’re only showing the information to your friends. This is true to some extent. In fact, there can be good reasons to track loved ones .
But think about how many of your Facebook friends are “close” friends, and how many are work colleagues and acquaintances. And how many of your crazy exes are still friends with good friends of yours? Couldn’t they potentially find out where your friend is and hope to see you there?
They could. And that’s why this extension and its future imitators are a stalker’s dream and a privacy advocate’s nightmare.
Creepily Track Your Friends
Aran Khanna, the student developer of this extension, knows full well how dangerous this could be. It’s actually quite interesting to read his original Medium post about the development of this extension. And although he removed the extension from the Chrome store, it’s really up to Facebook to fix this.
“I found that I could infer a schedule for almost everyone in this chat as well as the other active chats I am in.” — Aran Khanna
Facebook says it’s working on a fix, but in the meantime all they can suggest is that you opt out of sending your location information by clicking on the blue arrow in Facebook Messenger.
Do You Share Location Data With Facebook?
If you don’t want to share your location data with Facebook, be sure to disable it in the messenger app on your mobile device. Or, if you’re really concerned, use an alternative Facebook messaging app or even a different messaging app altogether .
As Aran Khanna himself asks, why do so many people give up their location data so readily on Messenger? Do you?