Facebook's response seems predictable if the intern had just thought about it a bit. I'm not arguing that FB did the right thing, only that they took a predictable action.
What is the real harm of not rescinding this guy's internship? Seems punitive and petty. It's not like anyone actually believes that FB cares about privacy. Whatever reputation or brand damage there was done a long time ago by FB's repeated violations of user privacy, which is just the natural state of things given their advertising-based business model.
FB could have turned this around and scored a marketing coup: "look we're hiring the hacker who exposed a security flaw, he'll be patching up the hole he found this summer - because at FB we're committed to user privacy and saving baby harp seals!"
But then again, is this really a big surprise? Just another data point in the growing contradiction between what SV is and what SV wants to be.
> But most people hope that individual Facebook employees have limited strictly audited access to user data.
Any reason to think this is at all the case?
I recall Google getting into trouble over this in the past [1]. I can definitely see data scientists and other employees at FB taking a peek... if anything just finding out who looked at your profile/photos/etc would be pretty tempting.
At this point, FB is just too valuable as a source of intel. I just assume that the US Govt (and others) has direct and easy access. Use at your own risk.
> Way back in 2005, a kid named Chris Putnam wrote a computer virus that rapidly spread across Facebook. [...] Pretty quickly, Facebook's COO, Dustin Moscovitz, was able to figure out Putnam was behind the attack. But instead of having Putnam arrested, Facebook hired him.
> "I will be forever grateful that the company was so sympathetic toward people like myself. It's one of the things that really sets Facebook apart with its passion for scrappy, hacker-type engineers."
Everybody loves a cool hacker persona. Except when it's directed against you :) And, facebook, imo, is more of "get shit done", rather than "break shit". This was more of the latter.
But really, if you work for a company, even if just as an intern, you really should be looking out for their interests. If you aren't, then why would they keep you?
but then, it really isn't a smart PR move from facebook. Now we know that not only do they mess up with privacy big times, but that they're not hiring anyone that wants to raise public awareness on that subject. As if public awareness was detrimental to facebook.
Which it obviously is, but by hiring that personn anyway, and have him work on privacy and ethic inside fb they could have shown some good will.
What was predictable about it? The author didn't do anything illegal or unethical. So he violated the ToS. I violate ToS's probably daily and I think most people would agree they have become a cultural joke.
If anything I'd think the appropriate response would be sitting him down and saying "look we appreciate you are an enterprising risk-taker but we have certain expectations here at mega-corp" Once he was a sufficiently brow-beaten corporate drone then they could have pile monotonous work in him/her ad infinitum. Win Win in my mind.
