Whisper’s No Good, Very Bad Day

After a potential business partnership went south, The Guardian is accusing Whisper of gathering intelligence on prominent users.

Whisper’s No Good, Very Bad Day
[Photo: Flickr user Theud-bald]

Is one of the most popular anonymous secrets apps around keeping a secret of its own… and collecting intelligence on their users? In a story published earlier today, U.K. newspaper The Guardian accused Whisper of tracking the location of users who have opted out of geolocation services, of specifically targeting users who appear to work at Disney Hill, Yahoo, and on Capitol Hill, and of sharing information left anonymously with partners including the FBI, the Department of Defense, and British intelligence agency MI5.


The Guardian alleges to have found out about Whisper’s practices during a trip to the company’s Los Angeles headquarters to explore a possible business relationship (which, obviously, will not be happening anytime soon). The newspaper reports that “at no stage during the visit were the [visiting] journalists told they could not report on the information shared with them,” and did not give any additional context around their decision to abandon the potential partnership and instead go public with the alleged full extent of the app’s tracking of users. During the Guardian’s visit, they claim they were showed how the app could be used to follow high-value users such as Israeli troops serving on the front line in Gaza and an alleged “sex-obsessed lobbyist in Washington DC.” In a screenshot, a geotagged message appears to show a White House employee saying “I’m so glad this app is anonymous. The press would have a field day if they knew some of the stuff I post on here.”

In a series of tweets, Whisper editor-in-chief Neetzan Zimmerman strongly disputed the allegations and made vague threats toward the newspaper. Here’s a transcript of what he said:

First response: The Guardian’s piece is lousy with falsehoods, and we will be debunking them all. Much more to come.

Second response: The Guardian made a mistake posting that story and they will regret it.

1/This cannot be overemphasized: @Whisper has never nor will ever collect nor store ANY personally identifiable information from its users.

2/Users must OPT IN to location, not OPT OUT. If a user does not OPT IN, their location information is NEVER collected nor stored, period.

3/Users who OPT IN — meaning elect to make their location public — have their location HEAVILY FUZZED by @Whisper to 500 meters away.

4/No exact location data is EVER stored or is accessible by @Whisper or its employees. The Guardian’s suggestion to the contrary is FALSE.

5/Again, users who have OPTED IN to making their location PUBLIC have their location proactively fuzzed to 500 meters by @Whisper.

6/As there is no personally identifiable information (name, phone, email, address) collected or stored, fuzzed location data is meaningless.

7/Users who do not opt in to location send NO GPS information. It is a technical impossibility for us to determine their location.

8/To sum: Users must OPT IN to location; location is ALWAYS fuzzed to 500 meters; Users who don’t opt in provide NO GPS data.

Whisper later released a statement with a point-by-point attack on the supposed inaccuracies in The Guardian‘s piece.

Regardless of the newspaper’s allegations, remember: If you don’t want someone tracking and monetizing information you volunteer for free, it’s best not to put it online.