Whisper’s promise of anonymity while sharing secrets via its app rings less true today than it did last week, thanks to a searing report from The Guardian about the app’s questionable tracking and use of user data. Among the revelations were that WhisperText (the company behind the app) tracks the location of users who have opted out of geolocation services and has shared user data with the FBI, MI5 and U.S. Department of Defense.
During a three-day visit to WhisperText’s Los Angeles headquarters to explore a broader journalistic relationship, two reporters from The Guardian discovered a number of unsavory things about how the company collects, tracks and shares user data.
Among the findings reported by The Guardian is that Whisper has created an in-house mapping tool that enables its employees to filter and search GPS data to location posters within 500 meters from where they shared their secrets. “The technology, for example, enables the company to monitor all the geolocated messages sent from the Pentagon and National Security Agency,” according to The Guardian. “It also allows Whisper to track an individual user’s movements over time.”
The news organization also reveals that Whisper posts users may believe to be deleted are collected, along with other user data, in a searchable database that goes all the way back to the app’s launch in 2012. While user names and phone numbers aren’t stored there, time and location stamps are.
The Guardian also learned that there have been occasions where the company has shared information with the FBI and MI5. Both cases involved threats to life, but Whisper’s terms of service (which have since been updated) indicated “the company appeared to require a lower legal threshold for providing user information to authorities than other tech companies.”
Whisper is also sharing information with researchers with the Department of Defense, who are examining mentions of suicide or self-harm that come from Whisper posts shared within U.S. military bases.
The company has since rewritten parts of its terms of service and rolled out a new privacy policy. The new policy tells Whisper’s users to “please bear in mind that, even if you have disabled location services, we may still determine your city, state, and country location based on your IP address (but not your exact location).”
Michael Heyward, CEO of WhisperText, responded to The Guardian on Saturday by saying, “We realize that we’re not infallible, and that reasonable people can disagree about a new and quickly evolving area like online anonymity. So we’re grateful to those who have shared thoughtful feedback over the last few days.”
As if publishing the report didn’t make it clear, The Guardian says it is no longer pursuing a relationship with Whisper.