Embattled secret-sharing app Whisper has repeatedly claimed that any location data gleaned from users is “fuzzed”—meaning intentionally made less accurate—to an area of 500 meters, making it very difficult for the company to track users with a level of precision that would cause worry. In light of the recent news, forensic researcher and self-proclaimed hacker Jonathan Zdziarski took an in-depth look at the app and revealed his findings on his personal blog.
According to Zdziarski, as far as Whisper is concerned, your location is being tracked as accurately as possible, with no intentional “fuzzing” taking place. The app requests location data from your iPhone, and specifies that the accuracy be within 100 meters. As Zdziarski notes, Apple’s iOS location tools allow for much broader location requests, but Whisper’s code clearly requests a far more accurate reading.
As the app only specifies a maximum radius for the location reading, the actual results can be much more accurate than that. Zdziarksi’s testing produced a result that was within 65 meters of his location, which is enough not just to nail down a neighborhood, but pinpoint a user to within a few specific homes on a crowded street. In more rural areas, there may be just one location to pick from, so the reading would be essentially all you’d need to determine a person or small group of people that sent any given message.
Whisper CTO Chad DePue, who has been quite vocal about the controversy thus far, claimed on Twitter than the data is being “fuzzed” after it’s received on Whisper’s servers. The idea being that while your location data might be quite accurate when it reaches Whisper, the company takes care of anonymizing you on the back-end of things.
As Zdziarski notes, we have absolutely no idea if Whisper is telling the truth about any of this, and unless they were to open their doors to an audit from a neutral party, we’ll quite literally never know for sure. All we know with certainty is that your location is being reported by the Whisper app to the Whisper servers—even if you didn’t agree to allow location tracking—and that data may or may not be as anonymous and secure as the company claims.
Photo via Category5 / Flickr (CC 2.0)