For Whisper users, anonymity is paramount; millions of messages are posted on this public confessional every day, which the authors would not feel comfortable sharing anywhere else. But The Guardian has revealed that Whisper users aren’t quite as anonymous as they assumed.
As a Whisper user, it’s impossible to tell who has posted a message, and it’s impossible to tell if any two messages were posted by the same person. The Whisper staff, however, have a bit more information at their disposal. In addition to tracking all posts by the same user, Whisper tracks the date, time, and approximate location of each message, in some cases even if the user has turned off geolocation. When a Whisper user claims to work for the National Security Agency, for example, Whisper editors will check to see if that person has in fact spent time at the NSA headquarters in Fort Meade, Maryland.
While real names are redacted from Whisper posts and are not tracked by Whisper’s internal system, the amount of other potentially identifying information collected by this app is clearly enough to cause a media uproar — The Guardian alone has published three articles about it at the time of this writing.
Privacy is a hot-button issue today, and unfortunately most consumers are far too willing to give up their information. A New York City artist was recently able to collect fingerprints, partial Social Security Numbers, and driver’s license numbers from hundreds of people in exchange for cookies.
Few smartphone users check to see exactly what private information access they are granting to the apps they download, which can lead people to download unauthorized branded apps that collect their phone numbers or track their whereabouts.
Private information can leak, though, and when it does the media firestorm casts a negative light on the brands involved. Snapchat recently fell victim to a third party service that leaked thousands of supposedly private photos, and Whisper is feeling the media heat at the mere suggestion that some of the data it collects could potentially be used to identify its users.
Brand owners can avoid situations like this by monitoring brand use in mobile apps ahead of time, and ensuring that only trusted developers are publishing apps for your brand.