Popular secret-sharing app Whisper is trying to backpedal in as many directions as possible. This week, the app fell victim to a Guardian exposé, in which the publication claimed Whisper was tracking user location, even if users were opting out.
According to the Guardian (as well as a forensic researcher who did his own research into Whisper’s code), the app is not only requesting users’ information, it wants precise location data. The Guardian says it’s using this to verify Whisper posts and track specific users.
Whisper has defied the claims via a myriad of platforms: Editor in chief Neetzan Zimmerman engaged in a days-long tweetstorm (starting an ominous message the Guardian would “regret” its story), and its CTO took to Hacker News to try and do some damage control. Zimmerman in particular has been rather aggressive in refuting the Guardian’s claims as well as responding to individuals calling Whisper out on Twitter, though the general rhetoric surrounding the app has remained dubious of its intentions at best.
Now one of the creators of Whisper are responding, via a Medium post that went up Saturday, Oct. 18. In a decidedly less infuriated voice, cofounder Michael Heywire says that “While we’re disappointed with the Guardian’s approach, we welcome the discussion.” Heywire says that instead of addressing the Guardian’s specific claims, he wants to reiterate the following points:
[Whisper does not] collect any personally identifiable information from users (names, email addresses, phone numbers, etc.).
We collect IP addresses, which make it possible to infer your city, state and country. Nearly all apps and websites collect this information to provide their service. (IP addresses are deleted after 7 days.)
By default, we do not have your GPS location.
If you opt-in to sharing your GPS location on a Whisper, we randomize it to help preserve your anonymity. We randomize the GPS location within a 500 meter radius when it is stored in our database. When your Whisper is posted in the app, its location has been further randomized.
Whisper is not a place for illegal activity. If we receive a valid legal request, or we learn that you tried to use Whisper to post content that exposes imminent danger to yourself or others, we will share the limited information we have, including IP address, with the appropriate authorities.
Heywire also explains that the map that’s used to track users that the Guardian referred to in its article is the same map that users see when they are using the app. According the the founder, any sort of user monitoring going on is to make sure someone isn’t going to do something dangerous (which is where it works with the Department of Defense, Heywire says, specifically to address suicide threats).
The post seemingly addresses what perhaps was the most infuriating piece of the Guardian article, in which an employee allegedly said Whisper would be tracking a lobbyist. “He’s a guy that we’ll track for the rest of his life and he’ll have no idea we’ll be watching him.” Heywire says: “We have zero tolerance for any employee who violates that trust.”
Heywire’s piece definitely does a better job addressing the initial fallout hitting Whisper; it’s less aggressive and defensive than most of what we’ve seen since the Guardian report (which, to be fair, came in response to fairly aggressive messages of anger being sent to Whisper’s employees and creators). But the crux of this entire thing seems to be that there’s a disconnect between what we, as users, see as personal information, and what app developers do.
Heywire says that Whisper “does not collect personally identifiable information from users” and lists examples like “names, email address, phone numbers, etc.” But in the next bullet, he addresses how Whisper collects IP addresses to help find someone’s city, state, and country. And to some of us… that sounds a lot like identifiable information.
It’s an argument that is going to continue as we continue to define our relationships with the apps we use, and determine how much they are allowed to use us.
Photo via Category5/Flickr (CC 2.0)