A hot potato: Location tracking is a controversial subject, but is the practice justifiable if it helps keep people safe? That’s the argument put forward by Facebook, which, according to a new report, monitors and tracks people who it believes pose a threat to the company.

According to CNBC, which spoke to several ex-employees, the social network maintains a “be on the lookout,” or “BOLO,” list of individuals. Created in 2008, it is updated once a week and contains hundreds of names.

There are several ways someone could find themselves on the BOLO list. Threatening emails and repeatedly showing up on company property will do it, but even leaving comments such as “F— you, Mark,” “F— Facebook” or “I’m gonna go kick your a—,” in the comments of posts from Mark Zuckerberg and COO Sheryl Sandberg can land you on the list. Most of the people Facebook fires get added, too.

Facebook notifies its security team whenever a new name gets put on the list, handing over a report that includes their photo, general location, and a short description of why they were added.

If a BOLO-listed user’s threats are deemed credible, Facebook can track their position using location data gathered through the Facebook app, or their IP address using the website. In some cases, the tracking isn’t very extensive—if, for instance, a person threatened to attack a specific place but their location shows them nowhere near it, the tracking might cease.

“But if the BOLO user is nearby, the information security team can continue to monitor their location periodically and keep other security teams on alert,” writes CNBC.

“Our physical security team exists to keep Facebook employees safe,” a Facebook spokesman said in a statement. “They use industry-standard measures to assess and address credible threats of violence against our employees and our company and refer these threats to law enforcement when necessary. We have strict processes designed to protect people’s privacy and adhere to all data privacy laws and Facebook’s terms of service. Any suggestion our onsite physical security team has overstepped is absolutely false.”