We already know that the anonymity promises of anonymous social networks are ... questionable. If you make an account with a service, it has identifying information for you. When you use the app, it can track you. Companies like to claim that they won't take advantage of their customer data. But you can see how it would be tempting to just take a quick peek. The Guardian is reporting that Whisper has caved to that temptation.
Whisper is a social network for anonymously posting secrets about anything. Its co-founder and CEO Michael Heyward has said that the service is the “safest place on internet.” But when the Guardian—which was considering partnering with Whisper on journalism projects—did some investigating, it made some weird discoveries. It reports that the company is tracking user movements, following certain users' posts carefully if they claimed to work or live in particular places, sharing information with the Department of Defense when people using smartphones on military bases post about suicide and self-harm, and storing user data indefinitely, even when people delete their accounts.
Maybe. The Guardian reports that Whisper denied that it was doing anything wrong multiple times in comments before the article went live, saying that it “does not follow or track users” and that the suggestion that it tracks users is “not true” and “false.”
The Guardian also notes that a few days after it learned about the newspaper's intent to publish, Whisper revised its terms of service and added language that explicitly allows the company to do broad tracking on users (specifically using tools like IP addresses according to the Guardian).
When the article went live, Whisper editor-in-chief Neetzan Zimmerman tweeted:
First response: The Guardian’s piece is lousy with falsehoods, and we will be debunking them all. Much more to come.— Neetzan Zimmerman (@neetzan) October 16, 2014
.@kevinroose a pack of vicious lies. we will be responding in full shortly.— Neetzan Zimmerman (@neetzan) October 16, 2014
And three hours after the Guardian article was published, the company said in a statement that:
Whisper does not collect nor store any personally identifiable information from users and is anonymous. There is nothing in our geolocation data that can be tied to an individual user and a user’s anonymity is never compromised. Whisper does not follow or track users. The Guardian’s assumptions that Whisper is gathering information about users and violating user’s privacy are false.
On Twitter, Zimmerman continued to defend the service, noting a particular problem with the Guardian story: The article says that, "Whisper’s targeted monitoring of some people who use the app—even some of those who have declared they do not want to be followed by opting out of geolocation—is likely to surprise its users." But Zimmerman explains that every Whisper user is opted out of geolocation tracking by default, and that in fact users are only tracked when they opt in to share their whereabouts. Furthermore, he says that even then their exact location is "fuzzed" within 500 meters. That's a technical term.
2/Users must OPT IN to location, not OPT OUT. If a user does not OPT IN, their location information is NEVER collected nor stored, period.— Neetzan Zimmerman (@neetzan) October 16, 2014
The situation is odd. In its piece the newspaper noted, hilariously, that, "The Guardian is no longer pursuing a relationship with Whisper." But Whisper's response is also strange. The company knew that the article was coming, yet it took three hours after publication to respond. And when it did the response wasn't particularly tailored to article. Zimmerman did publish Whisper's original, detailed responses to the Guardian on Scribd.
Taking a step back, though, it was already public knowledge that Whisper does some user tracking and is considering targeted advertising. None of this is that surprising even if Whisper's marketing to users was overly reassuring. As with the Snapchat leak last week, the main thing this incident highlights is how important it is to be skeptical of any and all privacy claims made by digital services.
Consumers have the right to be treated fairly and to receive the services they are promised in the way they are promised. So depending on what shakes out from all of this, it would be valid if you felt motivated to leave Whisper or cut way back on all the whispering you’ve been doing. But any claim of anonymity should immediately raise a red flag. If you create something, it is extremely difficult to completely sever its connection to you. This was true before the digital age, and it's certainly true now on a secret-sharing app that's mainly meant to provide entertainment.