Source: Anthony Quintano, Flikr| CC BY 2.0 | Cropped & Resized

According to a CNBC report, Facebook has been using its apps to track users it deems a threat to its employees. Citing a dozen former employees, the publication paints a picture of the ethically gray practice.

The sources say Facebook scans its platform for threats and adds users to its own ‘BOLO’ watch list. The list reportedly contains hundreds of people and the company notifies its physical security team with their name, photo, and location.

Some see it as a necessary solution, but other former employees say there are no clear guidelines about who makes the list. Naturally, those who publically threaten the offices or employees make the list.

However, offenses include threating CEO Mark Zuckerberg and COO Sheryl Sandberg. There, sources say the bar can be very low. Posts saying as little as ‘F*** you, Mark’, can make the list, or ‘F*** Facebook’.

A Facebook spokesperson contested this assertion, saying users are only added after a “rigorous review”. Sources add that users are only location tracked if it’s deemed a ‘credible threat’, with attack details or timings. In this case, Facebook’s team can request to track them periodically.

Former Employees Included

Using data from your platform to track threats is a common practice, some say, but Facebook’s reach makes many uncomfortable. Users are largely unaware they’re being tracked in this way, and some would argue credible threats should be left to law enforcement or monitored using external tools.

Whatever the case, it seems users aren’t the only target for Facebook’s list. CNBC says former employees are also present. Former employees say that some of these are due to poor behavior, theft, or other offenses.

Facebook says former employees are only added under ‘very specific circumstances’, but that’s contested. Three sources say the process is subjective, that almost every former employee is on the list, and that contractors can be added for getting emotional when their work isn’t extended.

In one instance, a manager requested the tracking of employees when they didn’t log in to work from home and were unresponsive. When ‘pinging’ their location turned up no useful results, the information team dug into their private messages and found they were skipping work for a camping trip.

The report comes as Facebook may reportedly face a $87 million FTC for sharing user’s data inappropriately. The fine relates to Cambridge Analytica, which exposed the personal information of 87 million users.