Once upon a time, sophomore geek Mark Zuckerberg with his college roommates and fellow Harvard University students Eduardo Saverin, Andrew McCollum, Dustin Moskovitz and Chris Hughes founded the all time epic social networking website facebook from Harvard’s dormitory rooms. The website’s membership was initially limited to Harvard students, but gradually it was expanded to other colleges in US. In a year, the leads shifted there base of operations to California and made it available worldwide, for all internet users above 13 years old. In a few years, even though all other co-founders left Facebook, Mark Zuckerberg led the team out of all controversies and in the process, positioned himself as one of the richest self made billionaires. As of now, Facebook has over one billion active users !
Everything went well until hackers and bugs popped up. Tech aspirants started questioning how Facebook will secure the privacy of all users in midst of these issues. Soon many ideas were deployed by the in-house security engineers team.
As a part of these, Facebook introduced ‘Whitehat disclosure program’ (https://www.facebook.com/whitehat) to allure bug hunters for reporting vulnerabilities and within a few days, Facebook started receiving 1000s of such bug submissions each day. According to their stand, lion’s share of these are not legit and hence started ignoring reports which were sent to them.
Palestinian Ethical Hacker, Khalil Shreateh discovered a vulnerability that allowed him to post on the Timeline of people who weren’t his friends on Facebook. He reported this issue through the same Whitehat disclosure program, but repeatedly his words were ignored by the security engineers. Eventually he got frustrated and posted a note on Mark Zuckerberg’s facebook timeline !
“Sorry for breaking your privacy [to post] to your wall, i [had] no other choice to make after all the reports I sent to Facebook team”.
His post on the father of facebook’s timeline drew the attention of whole world and soon Facebook leads made a statement that theyshouldn’t have ignored his reports earlier. But Facebook considered his action a violation of its terms of service and of the rules of the whitehat program, which prohibit researchers from testing the bugs they find on other user’s profiles.
Hence Facebook’s chief Security officer added that they will not change their practice of refusing to pay rewards to researchers who have tested vulnerabilities compromising privacy of other users and they made Khalil walk away empty handed.
Since then, whole internet community started debating on various platforms whether or not facebook should pay him fairly ! Some even questioned that he may have broke those rules unknowingly – as their terms and conditions are available only in English, in which Khalil’s not fluent.
Nobody thinks that he has got nefarious intentions. Moreover, the majority is sticking to the point that he was trying his best to report it responsibly. If he was trying to earn with his research, he could have sold it to spammers. His act in deed hindered all possible threats to the security and privacy of users. These thoughts induced several users to support him. The famous online crowdsourced campaign GoFundMe raised $11,305(199 donors). CTO of the security firm ‘Beyond Trust’, Mr. Marc Maiffret initiated the campaign and finally they drew more than their initial goal in approximately one day.
GoFundMe is unique and it will continue its campaign until its creator decides to end it. As of now, Marc said that he wont end it, until he works out a plan to transfer the funds to Khalil.
In short, Facebook lead’s attitude to Khalil became blessing for him. And if I’m not wrong, Facebook’s rivals will hire him in soon because he has got skills and moreover he’s someone who ultimately aim to help the internet community at large.
PS: Happy news for Facebook bug hunters. Facebook leads have decided to improve their email messaging to make you send in what they need to validate a bug. Also they will be updating the whitechat page with more information on the best ways to submit a bug report.