‘Anonymous’ App Whisper Denies Tracking Claims

The chief executive of Whisper, a mobile social media application that claims to allow users to share secrets anonymously, has responded to accusations that the company tracks those who post via the service, defending Whisper’s practices and saying that they don’t contradict the company’s “values of honesty and transparency”.

Whisper says it publishes 2.6 million messages a day through its app, but in a report published last week, The Guardian claimed that Whisper is “tracking the location of its users, including some who have specifically asked not to be followed”.

No ‘active’ tracking

CEO Michael Heyward responded that the company does not “actively” track users, and justified some of the practices reported by The Guardian, such as reviewing individual users’ past activity in some cases and storing posts indefinitely in an internal database, as necessary to comply with US laws.

“Whisper is not a place for illegal activity,” he wrote.

The Guardian reported that Whisper uses an in-house tool capable of tracking all of its users, whether or not they have opted-in to provide details such as their GPS location.

While Heyward didn’t deny the existence of such a tool, he said that by default Whisper only collects details such as a user’s IP address, which only provides very approximate location data. The IP address is discarded after a few days, he said.

Whisper executives haven’t denied that they store posts indefinitely in a searchable internal database, seemingly in contradiction with the company’s term’s of service, which state that content “may be stored for a brief period of time”, clarifying that this statement only applies to content being stored on the publicly accessible service, and not to the company’s internal database.

“The internal database contains no personally identifiable information and is secure/access-audited, and not publicly accessible,” said Whisper editor-in-chief Neetzan Zimmerman in written responses to the newspaper’s allegations.

Trust

Likewise, Zimmerman’s statement that the company “does not collect nor store any personally identifiable information from users” does not apply to IP addresses, which he said allow only “very coarse location to be determined to the city, state, or country level”.

Zimmerman tweeted that the report was “riddled with outright lies and made-up quotes”.

The report claimed that Whisper’s tools for storing posts and reviewing user activity go against the spirit of anonymity. Heyward didn’t deny the practices, but said they are necessary for purposes of safety and security or “trust”.

“If a user claims to be a health care professional concerned about Ebola, we may review their recent posts to help assess the authenticity of the Whisper before featuring it,” he wrote.

Heyward admitted that Whisper has provided data to the US Department of Defence as part of a study aimed at lowering suicide rates and has referred thousands of users to a suicide prevention hotline.

He added that anonymity is “a new and quickly evolving area” about which “reasonable people can disagree”.

The Guardian said it has suspended its media-partner relationship with Whisper, and other media organisations including Buzzfeed and Fusion have also cut their ties to the service.

“We’re taking a break from our partnership until Whisper clarifies to us and its users the policy on user location and privacy,” Buzzfeed stated.

Are you a security pro? Try our quiz!