The Guardian witnessed this practice on a three-day visit to the company’s Los Angeles headquarters last month, as part of a trip to explore the possibility of an expanded journalistic relationship with Whisper.
Whisper later explained that when it wants to establish the location of users who have disabled their geolocation services, the company uses their IP location.
Whisper does not collect nor store any personally identifiable information (PII) from users and is anonymous. To be clear, Whisper does not collect nor store: name, physical address, phone number, email address, or any other form of PII. The privacy of our users is not violated in any of the circumstances suggested in the Guardian story.
We neither receive nor store geographical coordinates from users who opt out of geolocation services. User IP addresses may allow very coarse location to be determined to the city, state, or country level.
Even for users who opt into geolocation services, the location information that we do store is obscured to within 500 meters of their smartphone device’s actual location.
There is nothing in our geolocation data that can be tied to an individual user and a user’s anonymity is never compromised.
Whisper does not follow or track users. Whisper does not request or store any personally identifiable information from users, therefore there is never a breach of anonymity. From time to time, when a user makes a claim of a newsworthy nature, we review the user’s past activity to help determine veracity.
Again, Whisper does not have any personally identifiable information from users that can be shared.
Whisper does not collect nor store any personal identifiable information from users therefore their privacy and anonymity are always protected.
But Zimmerman, fuming at the accusations, said such backdoors are “technically impossible.”
Separately, Whisper has been following a user claiming to be a sex-obsessed lobbyist in Washington DC. The company’s tracking tools allow staff to monitor which areas of the capital the lobbyist visits. “He’s a guy that we’ll track for the rest of his life and he’ll have no idea we’ll be watching him,” the same Whisper executive said.
“Based on your own comments here, it sounds like the [Guardian’s] reporting is entirely accurate,” Marlinspike wrote. “You're attempting to justify why you're tracking your users, but you're still tracking them. You've highlighted many of the hard problems in this space: how do you achieve anonymity and unlinkability while doing things like IP hiding, spam filtering, and relevance matching? The issue is that you haven't solved the problems, and are instead suggesting you should get a pass because the problems are hard. It seems simple to me: if you haven't designed something that gives you truly unlinkable anonymity, don't claim to provide it. If you have to track your users to make your app work, don't claim not to track your users.”
Marlinspike said that Whisper and apps like it—including the similar Secret unsigned social media app—“end up poisoning the well and confusing users” about privacy, to the detriment of projects like Tor that “are approaching these problems seriously...There's a huge difference between "can't" track and "won't" track. Right now you're claiming "can't," but it sounds like you're squarely in the "won't" category of having your servers "avert their eyes." I think this understandably makes people uneasy, particularly given the data mining direction it sounds like the company is headed.”
« Older 10 Centuries of Music in 4 Minutes | It takes a village Newer »
This thread has been archived and is closed to new comments