Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Your Rights Online

The Guardian Reveals That Whisper App Tracks "Anonymous" Users 180

New submitter qqod writes this story at The Guardian that raises privacy concerns over the Whisper app. "The company behind Whisper, the social media app that promises users anonymity and claims to be the “the safest place on the internet”, is tracking the location of its users, including some who have specifically asked not to be followed. The practice of monitoring the whereabouts of Whisper users – including those who have expressly opted out of geolocation services – will alarm users, who are encouraged to disclose intimate details about their private and professional lives. Whisper is also sharing information with the US Department of Defense gleaned from smartphones it knows are used from military bases, and developing a version of its app to conform with Chinese censorship laws."
This discussion has been archived. No new comments can be posted.

The Guardian Reveals That Whisper App Tracks "Anonymous" Users

Comments Filter:
  • Well (Score:5, Informative)

    by DaMattster ( 977781 ) on Friday October 17, 2014 @02:10AM (#48166675)
    Looks like I WILL NOT be trying this app at all. I was a bit curious.
    • Re:Well (Score:5, Interesting)

      by Anonymous Coward on Friday October 17, 2014 @02:35AM (#48166741)

      This is almost not certainly the app you have been curious about. The company called Whisper Systems was started by Moxie Marlinspike, a highly respected cypherphunk. Their app is called redphone. The "whisper" app, though, is made by a company called Whisper, which has close DoD ties and all sorts of red flags.

      The similarity in names is no coincidence. I think this is actually a deliberate attempt to spread distrust about phone crypto apps.

      • Re: Well (Score:5, Informative)

        by Anonymous Coward on Friday October 17, 2014 @03:16AM (#48166849)

        The app is called Signal - Private Messenger in the Apple App Store. The android version is RedPhone. Just in case anyone is interested. It is a neat little end to end encryption app however I haven't checked the source code so I can't vouch for it.

      • Yep, this would be right out of their play book [nytimes.com], where step 1 would be to discredit "security applications" and create distrust of encryption - to change the public opinion of it.

        The director of the F.B.I., James B. Comey, said on Thursday that the “post-Snowden pendulum” that has driven Apple and Google to offer fully encrypted cellphones had “gone too far.” He hinted that as a result, the administration might seek regulations and laws forcing companies to create a way for the gov
    • Looks like I WILL NOT be trying this app at all. I was a bit curious.

      The unfolding of privacy around most of the popular social media apps (that ironically promise it) should have killed your curiosity long ago.

      Hell, the cat is a rotting corpse at this point.

      • I am unconcerned if facebook computers are trying to determine if I want to buy Pampers or Depends so computers can sell electrons to other computers to shove electrons in front of my face.

        But claiming you have privacy from...just what now? Government, when you are feeding it back to government because government demands it?

        What. The. Fuck.

        That is the historical abuser of privacy we should be afraid of. Even privacy apps collapse immediately with just a wink from the onrushing government computerized pa

        • I am unconcerned if facebook computers are trying to determine if I want to buy Pampers or Depends so computers can sell electrons to other computers to shove electrons in front of my face.

          But claiming you have privacy from...just what now? Government, when you are feeding it back to government because government demands it?

          What. The. Fuck.

          That is the historical abuser of privacy we should be afraid of. Even privacy apps collapse immediately with just a wink from the onrushing government computerized panopticon juggernaut?

          It's time for some kind of constitutional amendment to extend and require warrants to virtual property and locations online, to get around the loophole that it's "on some company's server somewhere, so you 'have no expectation of privacy.' "

          And keep an eye on the weasel politicians who would water it down.

          Government has little to do with it when 99% of app users merrily hand over their privacy when agreeing to the corporate EULA.

          Consumer data is valuable. The Government is merely a rude customer of the corporations.

          A Constitutional Amendment is likely needed, alright. But ensure you are targeting the right people.

          • I believe that he pointed out rather clearly that he did not give a shit about what companies are selling to companies to get him to buy shit.

            Where his rational fear comes from is when an entity with guns and prisons comes for you. This is what the constitution is meant to protect us from, "The Tyranny of the Government". I also do not give a fuck that P&G knows how many times a day I take a crap. I do care when the police violate my privacy in an attempt to take away my freedom or my life.

            We have the

            • The government can already do what you're claiming to be so worried about. Happens every day. Shit, you could be driving to your mom's house and get pulled over. The cop thinks you might have drugs in the car, so they confiscate it, and take your cash while your at it. Good luck getting all that back without hiring an expensive attorney.

              So in other words, the Constitution doesn't mean anything when you don't have the means to actually claim your constitutional rights. There are a million things the gov
              • I am not asking for an new amendment just that I have no worries about what a private company knows about me.

                And we do have the power to fix it. As a people though Americans have become lazy and spoiled and will give up the freedoms that were paid for in blood for convenience.

                • I am not asking for an new amendment just that I have no worries about what a private company knows about me.

                  Why? Private companies cooperate with the government, so if a private company has your information, they'll usually hand it over to the government upon request. But even private companies can screw with your life.

                  • The problem there is the Government. What people choose to give to a private company is their business. Smart or not. What the government can compel others to divulge is a problem.
                    • Nope. The problem is both. The government isn't even truly compelling many companies; they give up with little to no resistance. Furthermore, even if they were fighting hard, the reality is that if you give private companies your data, it will be sucked up by the government.

                    • Last time I but my head against this wall.

                      You do not want to restrict what the companies can collect as long as the do it honestly. Restricting what companies can collect honestly only serves to reduce what the can offer and increase the costs of offering it.

                      Restrictions should be enforced upon what the government can compel or even ask of private companies. restriction of government power in this area protects people and their freedoms. Being protected from your own choices has not the same level of impo

                    • Restrictions should be enforced upon what the government can compel or even ask of private companies.

                      Yes.

                      But you don't seem to understand. I am talking about the the current reality! The current reality is that if you give your information to private companies, the government will get it, and you should be wary of giving your information to private companies for the time being.

    • It's like some kind of disease spreading through Silicon Valley: any company touched by venture capital immediately compromises the ethics and value their product might have had to anonymity, or privacy the moment they start being popular.

      Or maybe it's the inverse. Companies claiming to uphold the sharing of ideas or their user's privacy are merely waiting for the money to roll in before they sell-out their users.

      Either way it makes you highly suspect of any app on Google Play or the App store claimin
  • by telleropnul ( 2637009 ) on Friday October 17, 2014 @02:12AM (#48166679)

    We could have been so good together
    We could have lived this dance forever

  • by Nyder ( 754090 ) on Friday October 17, 2014 @02:17AM (#48166697) Journal

    It's getting to the point where you can't trust anything these days, because the NSA or other criminals seem to have access to your data.

    And remember, the FBI head dude doesn't want you to use encryption.

    Is this the America we are supposed to be proud of?

    • by Anonymous Coward on Friday October 17, 2014 @02:22AM (#48166705)

      The check is in the post
      I won't come in your mouth
      I promise we won't track you

    • by Anne Thwacks ( 531696 ) on Friday October 17, 2014 @02:59AM (#48166793)
      If you want people with secrets worth investigating, surely advertising as providing secrecy is the best way to recruit them.

      If you are hiding a needle in a haystack, you might want to make sure the hay is magnetic first.

    • by vikingpower ( 768921 ) on Friday October 17, 2014 @03:18AM (#48166855) Homepage Journal
      Mod parent up into the sky, please. As a European, I am watching at the sideline, with ever-growing incredulity, how US Americans take all this, and worse, and more, from their so-called "government", from their unbelievably brutal "law enforcement", from what once was their state. What do you people need for an incentive to kick off a revolution ? Maybe if the US government put almost 1% of your population into prison, you would finally protest. Oh no, shit, wait.... [wikipedia.org]
      • by DirePickle ( 796986 ) on Friday October 17, 2014 @03:35AM (#48166903)
        Europeans should have a pretty damn good understanding that things can get really, really, really bad without people revolting.
        • As a European, as a matter of fact, I do have that understanding. Hence, my post. ( The French Revolution, 1789 - 1792, began for less than what is going in the US today, BTW. )
          • by weilawei ( 897823 ) on Friday October 17, 2014 @05:30AM (#48167245)

            We're all spread out. There's hotspots of issues and then huge swaths of relatively uninhabited areas without anything resembling a critical mass.

            The people in the cities are out in the streets. The people in the suburbs and farms still have something to lose.

          • The American Revolution started for less than what is going on now. We just have a bunch of pussies and wusses who are too afraid that they might have to give up their iPhones. The same people are hell bent on making sure that if and when it gets "bad enough" to revolt, we are completely disarmed and cannot.

            The worst part, is both the (D) and (R) people are slow walking us towards the tyranny we all see coming, in the name of "protecting freedom".

            • The American revolution happened when wealthy people grew dissatisfied with the status quo. Most people would have been perfectly happy for things to continue as they were.
    • This is because we (society as a whole) don't view cyber crime as a threat. Cyber Crime doesn't hurt anyone (except the victims). Cyber Criminals are in hard to reach places like Russia. There is nothing we can do. So, it exists.

      IF and WHEN we view Cyber crime properly, the laws for ID theft will change to put the pressure on those extending credit, safe guarding our banks and otherwise those in charge of data collection for the purposes of commerce. When those changes are made, we'll sacrifice a little bit

    • Maybe you should blame your neighbor. We keep voting in the same people all the time.
      • by GPierce ( 123599 )

        You can get rid of the politicians , but that doesn't get rid of the people who own them.

  • When I tell you that privacy policies are pure BS? It doesn't matter if it's Whisper, Apple, or Google. They are tracking you, probably under orders. We won't know, unless we rearrange the house!

  • by Anonymous Coward

    There are a few websites/apps that have allow the user to opt out of being tracked.

    Have ANY of these sites/apps actually respected the request of the user? Google certainly did not care [wsj.com], and neither do many others in Internet advertising. [businessinsider.com]

  • So, why can't they be sued into the ground for product misrepresentation ? There needs to be cases like that with hard jail time before the practise will stop (ha! As if).
  • No profit in it (Score:5, Insightful)

    by EzInKy ( 115248 ) on Friday October 17, 2014 @02:40AM (#48166751)

    Any business depends on profit to survive, and there is no profit to be had in providing privacy...and certainly not privacy without a fee. A fee of course means a method of payment, and every method of payment is traceable to some extent. Even totally volunteer systems are no guarantee of privacy, as governments are certain to be the first to volunteer.

  • by Anonymous Coward

      TRUST NO ONE!

  • then do not speak them.

    You have a right to free speech (or perhaps a lesser equivalent outside the U.S.) You never had a right to be free from the consequences of your speech. You also do not have a right to anonymity, or to a privacy attached to words that you have delivered outside of your control. You have no right to be free of your own foolishness, if you choose to act like a fool.

    That said, this company might get it's backside sued off by a class action lawsuit if it can be shown that it was tracking its clients without their consent or against their wishes. I'll bet that in at least in one state there's a law prohibiting that, even if there's a clause in their license or contract that permits it (which apparently their new terms of service has.) Extraordinary terms in a contract are not necessarily enforced, as any first year law school student can tell you.

    Any data gleaned by such measures would likely be ruled to be inadmissible in a criminal action: it is merely the government attempting to use a third party to engage in an unreasonable search and seizure. It might be a stupid thing for a soldier to use this app on a military base against regulations, but the government would be even more stupid to try to use "the fruit of the poisonous tree" (evidence that would not have been gathered but for the unlawful search) against one of its citizens.

    All of this goes to show that you can't stop others from being stupid...

  • by Chas ( 5144 ) on Friday October 17, 2014 @04:58AM (#48167117) Homepage Journal

    http://www.washingtonpost.com/blogs/style-blog/wp/2014/10/16/secret-sharing-app-whisper-to-the-guardian-you-published-a-pack-of-vicious-lies-about-us/ [washingtonpost.com]

    Whisper, darling child of the online anonymity surge, is going to war with the Guardian over a story saying the app tracks the identities and locations of some users.

    Launched two years ago, Whisper says it’s the “safest place on the internet,” a social networking app that lets people anonymously share short messages — “whispers” — supposedly detached from any identifiable information.

    But in a lengthy takedown published Thursday, the Guardian claims otherwise, saying Whisper uses a handful of tools to subvert its own claims of privacy and anonymity. Whisper, according to the Guardian report, tracks newsworthy users and uses roundabout methods of finding out the locations of users who decline to share it; the company then shares that information with third parties, including the U.S. government, the Guardian reported.

    The outlet also said the app changed its privacy policy after it was made aware that the Guardian’s story would run.

    All of these claims, Whisper officials said, are patently false.

    Whisper’s editor-in-chief, Neetzan Zimmerman, went into attack mode immediately after the story was published, saying it was a “pack of vicious lies” and that “the Guardian made a mistake posting that story and they will regret it.”

    Reached by phone, Zimmerman categorically denied the basis of the story, saying that while certain degrees of tracking (such as a city of location) are possible through simply connecting to the Internet, the methods the Guardian described are “either outright false or misguided or misinformed.”

    “Clearly, their intention was for absolutely no reason to write a hit piece about us and try to scare away our users,” Zimmerman said, sounding irate at times.

    The Guardian story describes techniques that Whisper allegedly uses to find “newsworthy” users, such as those who work at Yahoo and Disney, or on Capitol Hill. It also says there is a technical backdoor that allows Whisper to pinpoint the location of users who have declined to share their location with the app, and that Zimmerman and another executive had requested staff to exploit it.

    But Zimmerman, fuming at the accusations, said such backdoors are “technically impossible.”

    “That is false, that is 100 percent false,” he said. “That was never said by anyone. I have no idea where that quote came from. I have no idea what they’re talking about. I have never, ever, ever asked anybody in my life, and would never ask anybody, for information on a user who opted out of user location. That cannot be overemphasized. That is a 100 percent lie.”

    He added that no change was made to the app’s privacy policy as a response to the Guardian’s story. (Still, my colleague Brian Fung noted that any changes to a privacy policy may invite inquiry from the FTC.)

    Whisper employees can, however, search for keywords (analogous to a Twitter search) to find users and their “whispers” that may be interesting to some of its media partners, including BuzzFeed, which publishes an ongoing series of posts that highlight interesting or newsworthy messages on the service.

    A BuzzFeed spokesman told Valleywag on Thursday: “We’re taking a break from our partnership until Whisper clarifies to us and its users the policy on user location and privacy.”

    Zimmerman also said the Guardian has had a months-long partnership with Whisper that used the very techniques the article decries.

    “There are at least three Guardian stories written off Whisper, and two of which we

    • âoeThere are at least three Guardian stories written off Whisper, and two of which were using the methods the article is attacking,â Zimmerman said

      The ones he insists don't exist because the Guardian article is all lies?

      If you're going to issue a denial, you should at least get your story internally consistent.

      • "Zimmerman also said the Guardian has had a months-long partnership with Whisper that used the very techniques the article decries."

        Would that be the technically impossible ones or the ones they would NEVER use?

  • I blame the mobile OS vendors for this, especially in case of Android. A modern mobile OS must give full control for the user to understand and control which apps are accessing which data services. The user should be able to have a log of all these requests. The user should be able to wire fake data sources to these apps. There are very few apps that I would trust with my contacts list, account names and location information. Cyanogen Mod is working towards this and Google's attempts to acquire it do not en

  • is code you can download, review and modify. The moment a third party or a internet based service is involved, there can be on trust.

  • Hold on a moment, let me find my surprised look. I have it around here somewhere. Oh! Here it is. *GASP!* Say it isn't so!

    I'm not certain why this is at all a surprise to anyone. Perhaps the app was poorly named, perhaps it should have been the Gossip app instead?

  • "Power to the .... err -- to those in power.

C for yourself.

Working...