Yeah, but this is nothing new. I run several sites whose (non-public) links are regularly scanned by Facebook after someone types them in a chat. Presumably they're doing this to scan and flag malicious websites/pages.
That seems like quite a generous interpretation. Yes, that is an ostensible reason for the scanning [1], but to imagine that that is all they are doing with the information gleaned from the scans seems a bit naive. I would posit that sender, recipient, link, time, the page's content, and the conversation's context are forever stored in a database somewhere, waiting to be fed into the data analysis/advertising program du jour at some point in the future. Who owns that database or where the information ends up is probably a trip down the rabbit hole, and the posted article is a first step into it.
The third-party does threat intelligence... I don't see how it's unreasonable to think that Facebook has hired them to perform malware/scam detection on links sent through chat. Given Facebook's policy, someone has to do it.
They could be intercepting the traffic anywhere between the author's network and Facebook though, not necessarily with any complicity on the part Facebook.
