The Guardian reported yesterday on a whole slew of privacy violations from the supposedly anonymous messaging app Whisper. Whisper fervently denied the allegations in a five-page statement, and editor-in-chief Neetzan Zimmerman tweeted up a storm, rejecting the paper’s claims. Now, The Guardian has published a response to Whisper’s response.
Whisper’s attempts to flat-out deny some of the allegations, and ignore others. Zimmerman went so far as calling part of the article an “egregious lie” and “100% fabricated.” But The Guardian says “the evidence is clear.” The paper’s initial report said that Whisper has an in-house mapping tool that uses GPS data, and found approximate locations using smartphone IP addresses of users that did not give the app permission to use geo-location data. From The Guardian:
Both of those statements are undeniably true. So what does Whisper claim is false?
To start with, Whisper is denying some things which haven’t been alleged. Zimmerman tweets that no “exact location data” is ever stored by Whisper and “the Guardian’s suggestion to the contrary is FALSE”. The Guardian never suggested that Whisper collated the exact location data of its users.
But Zimmerman goes further. He states that data identifying the location of users who have disabled their services “is NEVER collected nor stored, period”, even adding that it is a “a technical impossibility” for Whisper to ascertain the location of these users.
The privacy section of Whisper’s terms of service puts it differently.
Whisper’s chief technology officer is also in damage control mode, participating in a thread at Hacker News. He calls the allegations “really bad reporting,” and offers several points about the specifics of the app’s location tracking. A user, moxie, calls him out, writing (emphasis ours):
Based on your own comments here, it sounds like the reporting is entirely accurate. You’re attempting to justify why you’re tracking your users, but you’re still tracking them.
You’ve highlighted many of the hard problems in this space: how do you achieve anonymity and unlinkability while doing things like IP hiding, spam filtering, and relevance matching? The issue is that you haven’t solved the problems, and are instead suggesting you should get a pass because the problems are hard. It seems simple to me: if you haven’t designed something that gives you truly unlinkable anonymity, don’t claim to provide it. If you have to track your users to make your app work, don’t claim not to track your users.
There are projects like Tor that are approaching these types of problems seriously, but apps like Whisper or Secret end up poisoning the well and confusing users. There’s a huge difference between “can’t” track and “won’t” track. Right now you’re claiming “can’t,” but it sounds like you’re squarely in the “won’t” category of having your servers “avert their eyes.” I think this understandably makes people uneasy, particularly given the data mining direction it sounds like the company is headed.
Whisper’s denials and evasions will probably make this whole thing worse in the long run. BuzzFeed and Fusion have temporarily suspended their partnerships with the app, and privacy experts are calling for an FTC investigation.
As user r0h1n wrote on Hacker News:
What kind of a company invites journalists from a newspaper known for its investigative/muckraking skills, and then hands over their secret sauce along with such gems:
>Separately, Whisper has been following a user claiming to be a sex-obsessed lobbyist in Washington DC. The company’s tracking tools allow staff to monitor which areas of the capital the lobbyist visits. “He’s a guy that we’ll track for the rest of his life and he’ll have no idea we’ll be watching him,” the same Whisper executive said.
Read The Guardian’s full response here.