How much do you trust the apps that promise to protect your anonymity? That question is at the center of a controversial article published today by the Guardian, which claims that Whisper—the secret-sharing app that bills itself as a completely anonymous experience—is actually actively tracking its users. But whether you believe Whisper has intentionally misled its users or not, you deserve to know how apps that claim to protect your identity could very well exploit it.
More pointedly: You deserve to know how apps you expressly do not share your location with… are finding it anyway.
When you first make a Whisper account, you are given the option to allow the app to track your location. Doing so makes it easier for the app to tell you when someone in your immediate area posts something that you might be interested in. If you choose to not allow tracking and not use the location feature, you probably think that means Whisper can access exactly none of your location information. Whisper claims that is easier said than done.
Chad DePue, Whisper’s CTO, admits that some type of location tracking is done regardless of whether or not the user explicitly condones it. “The whisper [post] needs to actually appear in the app, and it won’t appear without some general location,” he claims in a post on Y Combinator. “The [percent] of all Whispers which are tagged as somewhere in the middle of Kansas because we don’t really know where they are (but we know they are in the U.S.) is very high. This is not a scandal.”
This tracking tool Whisper allegedly uses is an outdated version of GeoIP by MaxMind, which uses your IP address to estimate your location on a map. DePue says the tool is “so inaccurate as to be laughable,” suggesting that determining something as broad as your country or state won’t bother the basic user (and he could be right, but what is and isn’t an upsetting degree of user information is another argument entirely).
But while it can be “laughable,” IP location tracking can also be extremely accurate. Want proof? Visiting the homepage of IP Location—a site that serves the sole purpose of determining where you are—will produce a list of location estimates aggregated from various readily-available Web tools. Three of the four readings for my own IP address not only nailed my specific city, but provided GPS coordinates accurate to within five miles of my address.
This is the same type of software Whisper is using, though how accurate their own location estimates are is something only they know for sure. If you believe DePue, and trust that the location tracking for users who opt-out of the feature is only accurate to a state or country, then it’s probably not that big of a deal. If you’re a bit more skeptical, well, I don’t think anyone would blame you right now.
Users that willingly accept the location tracking proposal from Whisper’s app are tracked to within 500 meters via GPS, according to Whisper editor-in-chief Neetzan Zimmerman. This is different from the IP tracking in that it could well track you right to your front door, if that’s the way it was designed. Whisper says that’s not the case, and that the location data is “fuzzed,” as Zimmerman puts it, meaning that it’s intentionally vague and not pin-pointed for reasons of privacy.
Privacy is exactly what users expect from Whisper, especially those who deny the app’s request to track their location. For the military whistleblowers and government insiders who have used the app as a convenient means of getting information out without a lot of red tape, the allegations published by the Guardian will certainly be cause for concern.
At the moment, it’s all become a bit of a “he said, she said” situation between Whisper and the Guardian. The newspaper claims that users are being intentionally tracked if they have a history of whistle-blowing, regardless of their wishes, and that they were shown the computer systems at Whisper’s HQ that allow them to do that very thing. Whisper, on the other hand, says any location tracking shown was from users who have opted-in, and that the data itself was only actually accurate to within 500 meters anyway.
It’s about trust. It’s clear at this point that you can be tracked whether you want to or not, but whether the company holding that data has ill intentions is something of a toss-up. Should you trust an app with your darkest secrets? We spoke to Kyle Drake, founder of Neocities, who has worked on geolocation startups in the past, to try to get a better handle on how companies actually treat your location data and to understand how nervous we should or shouldn’t be.
“There are a lot of fake secrecy apps out there that claim to remove your data and then secretly store it away somewhere in a data center,” Drake explains. “Users lack the technical knowledge to realize this, and thus assume that these are safe systems to send information they want to keep private, when in fact they are not.”
Secret CEO David Byttow (the other secret-sharing app that is a direct competitor to Whisper) explained via email how apps in this vein treat location:
If location services is enabled on a device (Android/iOS) the phone uses GPS signal to obtain a lat/long (accurate within 10 meters) accessible by the app. The app can then send that up to the server. If a user ‘opts-out of location’ via a setting on the service, it may or may not disable location tracking on the device. In the case of Whisper, it seems like it might not have. The only foolproof way is to disable Location Services on an iOS device, or to turn it off or uninstall the app (in the case of Android). Once that happens, the service may still collect IP address-based location … ‘Fuzzing’ the data is up to the service provider to honor their word that they actually do it. That simply means to take a GPS location and ‘randomly move it’ with some level of of inaccuracy.
Determining which technologies to trust is the difficult part, and something that you can’t be faulted for getting wrong. Whisper’s App Store description users words like “anonymous,” “trust,” and “honesty,” and it’s clear that perhaps the untrackable nature of the posts on the app may have been overstated (or that the interpretation is different to Whisper than it is to some users).
Is an app that tracks you to your state borders (or closer, if you choose not to buy Whisper’s claims of poor IP location tracking) really anonymous? It might not even matter, as Drake reminds us that the data itself won’t necessarily stay in the hands of the company that collected it anyway: “When a datacenter is keeping all your content, and it’s not being encrypted on your own computer, your location or private data is a government order, hacker, or bad corporate policy away from being disclosed.”
Update 1:42pm CT Oct. 17: While Whisper said its tracking capabilities were accurate to around 500 meters, new research claims that users can be traced to within 100 meters (or even less). Whisper has yet to respond to these new allegations.
Illustration by Jason Reed