The Problem with Whispers and Secrets (and Snapchats)
Anonymity is different from privacy
At Firestorm, we have reviewed a variety of emerging applications including Whisper, Secret and Snapchat. We are not fans. The “promise” of anonymity, of images and conversations that disappear, poses a threat to schools, businesses and reputations alike.
Most recently, it has been alleged that some of these apps that promise complete privacy deliver anything but. Whether you are discussing this issue with students, employees, suppliers, vendors or customers, it is important to understand the inherent risks.
What’s worse than no privacy? Fake, malfunctioning “privacy” apps.
A slew of anonymous apps and ephemeral messaging services have popped up in the last few years — some in direct response to news of data collection by the National Security Agency. But while well-intentioned, few consumer-level apps are actually anonymous — and they may be endangering your information.
Last week an investigative story the Guardian revealed that anonymous social feed Whisper is actually collecting user locations based on geo-location and IP addresses.
The report also says that Whisper is saving posts and their location information to a searchable database, despite its promise to be “the safest place on the Internet.” But the revelation about Whisper is just the latest in a string of incidents that remind users that many, if not all, of the consumer apps on the market that promise anonymity and security fail to deliver.
Secret has shown it’s vulnerable to hacking, though the company does have a bug bounty program that has successfully kept Secret out of the news, as Wired reported. But the same can’t be said for Snapchat, which repeatedly finds its way into the news, most recently for a leak of 200,000 user photos that ended up on Internet forum 4chan. Though Snapchat’s servers weren’t hacked in this particular event, the ephemeral messaging service has been found to be less secure — and less ephemeral — than it advertises. The company settled charges with the Federal Trade Commission in May for overstated claims of user anonymity and security.
Whisper co-founder and CEO Michael Heyward discussed the issue onstage this past Tuesday at the Wall Street Journal’s WSJ.D Live conference, and responded to allegations that a Whisper Editor threatened a user with “Tracking for Life.” Heyward said that the unknown employee who promised to track the user will be fired, assuming reports about what the employee said are true. Heyward, who was speaking at the WSJD Live event in Southern California, addressed a report in The Guardian this month that said Whisper monitors some users’ locations even after they opt out of tracking. Heyward called the report deeply misleading, and said Whisper is simply incapable of tracking users in the manner suggested by the newspaper.
Neetzan Zimmerman formerly of Gawker and current Editor-in-Chief at Whisper, took to SCRIBD to respond to allegations. You can read the entire, lengthy response here.
“Whisper does not collect nor store any personally identifiable information (PII) from users and is anonymous. To be clear, Whisper does not collect nor store: name, physical address, phone number, email address, or any other form of PII. The privacy of our users is not violated in any of the circumstances suggested in the Guardian story. The Guardian staff, including its CEO and multiple members of the US editorial team, have met with, partnered, and worked with Whisper since February 2014 and published multiple stories utilizing Whispers, with full understanding of our guidelines. The Guardian’s assumptions that Whisper is gathering information about users and violating user’s privacy are false.”
This is a complicated space. Managing risks requires understanding of the complexity of issues specific to each threat. As reported in Gigaom, most users don’t clearly understand the difference “…between anonymity and privacy. Although Whisper is an anonymous network, it is also clearly public, so users know that their posts will be seen and can be searched and so on. In fact, that’s a big part of why they use Whisper in the first place: because they want their stories to be heard, or they want to find other users.”
Your organization may be a target for reputation damage, confidentiality breech, or other risks stemming from the use of emerging technologies. If you have questions, let us help. Contact Us.