Guardian walks back report of privacy violations by Whisper anonymity app

12 Mar, 2015 01:35 / Updated 10 years ago

The Guardian has walked back and clarified substantial portions of its reports on alleged privacy violations by the developers behind the Whisper app, which promises users a way to communicate anonymously over the internet.

The outlet has also entirely removed a column claiming that Whisper was misleading users, reiterating that it never accused those behind the app of breaking the law. As noted by The Wall Street Journal, the commentary article “argued that Whisper misled users into thinking they were communicating privately when, in fact, their comings and goings were tracked and profiled.”

Among the Guardian’s original allegations were that Whisper only revised its terms of service and privacy policy after it discovered the UK-based newspaper was going to write about issues surrounding privacy – that Whisper tracked users regardless of whether they enabled location services, that this information was being stored indefinitely, and that it was sharing data with government agencies.

READ MORE: Data black market: New free platform lets whistleblowers sell secrets for Bitcoins

On its website, Whisper describes itself as an “anonymous social network” that allows you to “anonymously share your thoughts and emotions with the world, and form lasting and meaningful relationships in a community built around trust and honesty.”

In a lengthy paragraph, the Guardian clarified much of its reporting, starting with the claim that Whisper was hastily modifying its policies in response to reporter inquiries.

“We confirm that Whisper had drafted the changes to its terms of service and privacy policy before Whisper became aware that the Guardian was intending to write about it,” the correction stated.

In the corrected article – originally titled 'Whisper app rewrites terms of service and privacy policy' – the newspaper specifically mentioned that Whisper first drafted updates to these two sections in August 2014, about two months before the Guardian published its report on the issue. Additionally, Whisper’s updated terms and privacy rules were posted online three days before the newspaper’s article was published.

Meanwhile, the outlet clarified that practices tied to Whisper – such as collecting IP addresses and information-sharing with law enforcement in cases where death or serious injury may be involved – is “both lawful and industry standard.”

In its correction, the Guardian stated that IP addresses are collected by all internet companies and that having the addresses themselves doesn’t mean a user’s location can be pinpointed, since IP addresses are “a very rough and unreliable indicator of location.” Whisper maintains that it does not collect personally identifiable information from users, and the newspaper said a user’s identity and location can only be tagged if the individual chooses to release such data.

READ MORE: Secret-sharing phone app ‘Whisper’ accused of tracking users, handing info to law enforcement

“The company has no access to users’ names or phone numbers, but is storing information about the precise time and approximate location of all previous messages posted through the app,” the Guardian wrote in its original report. “The data, which stretches back to the app’s launch in 2012, is being stored indefinitely, a practice seemingly at odds with Whisper’s stated policy of holding the data only for ‘a brief period of time.’”

In a response to the story last year, Whisper said private messages are stored for two days and IP addresses for seven.

Whisper also came under fire for sharing information with the Department of Defense’s Suicide Prevention Office, though the Guardian clarified that no personal information was handed over.

“We appreciate the Guardian issuing the corrections and setting the record straight,” Whisper’s chief executive, Michael Heyward, said to the WSJ. “For us, this isn’t about vindication. It is vital that our users and partners know that Whisper is and always has been totally committed to the privacy of everyone who uses our product.”

The UK-based paper’s original story sent waves through the app developer, with the company suspending staff and conducting an internal investigation. Whisper’s former news editor, Joshua Chavers, was also terminated. He tweeted about the Guardian’s correction on Wednesday.

Heck if it weren’t for The Guardian’s reporting, I wouldn’t be out fishing, going to the beach rn, and, well, standing in unemployment line.

— Joshua Chavers (@JoshuaChavers) March 11, 2015