"[On] the afternoon of the 27th, one day after the Medium blog post's publication, Facebook contacted me. My future manager phoned and asked me not to speak to any press; however, I was told that I could keep my blog post up. By that evening, the global communications lead for privacy and public policy at Facebook called me to clarify Facebook's expectations that I not speak to the press, saying that his objective was to hamper the spread of what had become a damaging story."

By midday of the 28th, the global communications lead for privacy and public policy at Facebook requested by email that I disable the extension. I complied within the hour by deactivating the Mapbox API key associated with the extension so that all current and future users could no longer load the map used to display geo-location data."

On the afternoon of the 29th, three days after my initial posts, Facebook phoned me to inform me that it was rescinding the offer of a summer internship, citing as a reason that the extension violated the Facebook user agreement by "scraping" the site. The head of global human resources and recruiting followed up with an email message stating that my blog post did not reflect the "high ethical standards" around user privacy expected of interns. According to the email, the privacy issue was not with Facebook Messenger, but rather with my blog post and code describing how Facebook collected and shared users' geo-location data.

"What does this say about privacy protection? Can we reasonably expect Facebook or others with an interest in collecting and sharing personal data, to be responsible guardians of privacy? Could this work have been done inside Facebook to understand how its users view the collection and sharing of their data? Must future privacy guardians always be on the outside?"