‘Whisper is an anonymous social network that allows people to express themselves, connect with like-minded individuals, and discover the unseen world around us. With Whisper, you can anonymously share your thoughts and emotions with the world, and form lasting and meaningful relationships in a community built around trust and honesty. If you have ever had something too intimate to share on traditional social networks, simply share it on Whisper!’
Publishing 2.6 million messages a day and valued at over $200 million, Whisper is a social network app that has gained popularity as an alternative to Facebook, where users can post a photo overwritten by a ‘secret’ that they would not divulge on more traditional social networks such a Facebook or Twitter.
Its big selling point is that it provides privacy and anonymity, giving users the freedom to be honest in their posts. However, a new series of Guardian reports describe some deeply worrying things the paper has discovered about the service:
- Whisper actively tracks users it considers ‘newsworthy’
- It tracks users’ physical location even when they have opted out geolocation services
- All posts and metadata are hoovered up and stored indefinitely in a searchable database
- Whisper shares data with the FBI and MI5
- It also cooperates with the US Department of Defense
The Guardian obtained this information when it visited Whisper’s offices in LA, with an aim to building a relationship with the company (who have been very accommodating when it comes to sharing its users’ information with journalists), but it was shocked at what it found,
‘Furnished with an extremely simple password, we were given access to the company’s vast library of texts and photographs and, in most cases, the location of their authors. The company’s developers have created a back-end analytics tool to conduct more refined searches of the database, the most powerful of which pinpoints location.’
Despite stating last week that Whisper ‘does not follow or track users,’ and that any suggestion it monitored users without their consent was ‘not true’ and ‘false’, the Guardian journalists were told by a Whisper executive that the company was tracking ‘a sex-obsessed lobbyist in Washington DC’,
‘He’s a guy that we’ll track for the rest of his life and he’ll have no idea we’ll be watching him.’
They were also told that Whisper was monitoring Israeli Defense Force personnel during Israel’s recent offensive against Gaza…
‘We had 13 or 14 soldiers who we were tracking – every whisper they did.’
… and that it could ascertain the dates US marines were deployed to specific military bases in Afghanistan (for the benefit of journalists who might want to track them down.)
Whisper executives also stated that they were proud of working with the US Department of Defense to reduce suicide rates among military personal (with whom the app’s promise of anonymity has proved particularly popular), and divulged that the company had shared information with both the FBI and MI5.
Perhaps one of the most shocking revelations is that even the 20 percent of users who have explicitly opted out of sharing geo-location data are still tracked through IP data emitted by their smartphone, and which is used to follow and record their movement over time.
Needless to say that the Guardian will no longer be working with Whisper, and it is interesting to note that Whisper changed its Terms of Service (which Guardian lawyers said ‘appeared to require a lower legal threshold for providing user information to authorities than other tech companies,’) just days in advance of the Guardian publishing its stories.
Unsurprisingly, Whisper is not happy with the Guardian, and its editor-in-chief, Neetzan Zimmerman, described the story to the Washington Post as,
‘[A] pack of vicious lies… the Guardian made a mistake posting that story and they will regret it.’
He described the claims made Guardian reporters about what they were told by Whisper staff as ‘technically impossible,’
‘That is false, that is 100 percent false. That was never said by anyone. I have no idea where that quote came from. I have no idea what they’re talking about. I have never, ever, ever asked anybody in my life, and would never ask anybody, for information on a user who opted out of user location. That cannot be overemphasized. That is a 100 percent lie.’
More concretely, he emphasised that Whisper never collects personally identifying information (i.e. their actual names). This is true (as far as we know) – they just the content, timestamps, IP addresses and geolocation data of all the posts users ever made to Whisper, but hey… its only metadata…