Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Privacy Software

How Whisper Tracks Users Who Don't Share Their Location 39

blottsie (3618811) writes "On Thursday, the Guardian reported that secret-sharing app Whisper was tracking users' locations even when they opt-out of sharing their location. [See also this earlier, related story.] Whisper has denied the accusations—but this may be a matter of semantics. Whisper allegedly uses an outdated version of GeoIP by MaxMind, which uses your IP address to estimate your location on a map. Whisper's Chad DePue said in a comment on Hacker News that the tool is "so inaccurate as to be laughable," suggesting that determining something as broad as your country or state won't bother the basic user (and he could be right, but what is and isn't an upsetting degree of user information is another argument entirely)."
This discussion has been archived. No new comments can be posted.

How Whisper Tracks Users Who Don't Share Their Location

Comments Filter:
  • by Kvasio ( 127200 ) on Friday October 17, 2014 @07:33PM (#48173291)

    well, it it was accuracy to the planet, I would not be upset.
    Unless I had a mistress on Mars ... or Uranus.

  • by mythosaz ( 572040 ) on Friday October 17, 2014 @07:33PM (#48173293)

    ...better delete your Apache logs, lest you be accused of tracking people's "locations."

    • by Anonymous Coward

      I think it's important to point out that this wasn't incidental. The claim is not "They know your IP so they must know where you are !!?!"

      They actively attempted to track people. It doesn't matter that their alternate method(GeoIP) is less accurate.

      They've been caught demonstrating a disregard to your preference/request/requirement. No one should trust them to not lie farther further(using gps if possible). Or, at least, find a more accurate alternative tracking system.

  • to a degree I'm upset.

  • by techno-vampire ( 666512 ) on Friday October 17, 2014 @07:46PM (#48173343) Homepage
    My connection is on a dynamic IP address. The best any of those services can do is tell you what city my ISP's router is in, and one of the three services tested by iplocation.net (the service pointed to by TFA) managed to get it wrong. And, I'm not the least bit impressed by the claim that the author's location was correct withing 5 miles, as that still leaves anybody looking for you with just over 78.5 square miles to search.
    • by Kvasio ( 127200 )

      just hide in this unsearched area - the one between 78.5 and 78.539 sq m.

    • by santax ( 1541065 )
      Keyword, correlation. They can track you a lot closer than those 5 miles, but it doesn't matter. They know who you are, by correlation. It's not important if you happen to stand on 23th or 24th street.
    • My connection is on a dynamic IP address. The best any of those services can do is tell you what city my ISP's router is in, and one of the three services tested by iplocation.net (the service pointed to by TFA) managed to get it wrong. And, I'm not the least bit impressed by the claim that the author's location was correct withing 5 miles, as that still leaves anybody looking for you with just over 78.5 square miles to search.

      So how inaccurate is something if you are generating this data all the time, wherever you travel, from one ISP to another, and post your subliminal text images all over the place. Suddenly a fuzzy picture starts to look much clearer, and you can be pinpointed with reasonable accuracy.

    • by donaldm ( 919619 )

      My connection is on a dynamic IP address. The best any of those services can do is tell you what city my ISP's router is in, and one of the three services tested by iplocation.net (the service pointed to by TFA) managed to get it wrong. And, I'm not the least bit impressed by the claim that the author's location was correct withing 5 miles, as that still leaves anybody looking for you with just over 78.5 square miles to search.

      To accurately determine a cell phones location you need three or more towers which can be the case in a city. Without GPS being turned on and with three cell towers it is possible to get a location accuracy of a few 10's of meters or if you live in a none metric country approximately a few 10's of yards. A quick search will confirm what I have just said but you could look at this site [world-tracker.com] or you can try one of the 100 million plus hits I got with my search.

      As per the above URL the accuracy was 100 m which i

    • by digsbo ( 1292334 )
      What if someone wanted to know where you weren't? That can be just as damaging.
    • There are plenty of people that are on a static IP that is tied to the box in the end of the street or a few streets further away. Not only that, but depending on what other characteristics they may find on your usage of the line/IP, they can still tie it to you without reasonable doubt if they have estmated location. Even "some doubt" may be enough for an employer to finger out you are behind something and things could cost you your job.
    • by antdude ( 79039 )

      Can TOR be used with this program to make it even harder to track?

      • Can TOR be used with this program to make it even harder to track?

        Unfortunately not. TOR only obscures your source IP address from servers and peers that you are connecting to. It won't help for an application that is residing on your phone. You could use any number of the location spoofing frameworks that are used for testing applications to provide fake/random location data.

  • by Anonymous Coward

    Whisper isn't about keeping random people from finding you, it's about keeping your friends from finding you. Because if you wanted them to know what you're posting, you'd use Facebook.

    And the locations accuracy is very often enough, in conjunction with the content of the message, to reasonably suspect someone or even identify them.

  • by rhysweatherley ( 193588 ) on Friday October 17, 2014 @08:01PM (#48173419)

    Note to Chad: The issue is not how accurate the information is or isn't. This issue is that a truly anonymous service has no need for this information.

    If you are providing an anonymous service, then accept the incoming socket, provide the service, and then promptly forget everything about the session. If it is logged, those logs can be requested or outright stolen by the world's TLA's. Even performing a GeoIP lookup without logging it has the potential to leak information from your service that can be collected by mass surveillance and correlated with other information.

    Do not collect information that is not relevant to the service being provided. Period.

    • by griffjon ( 14945 )

      1000 times this. I have a general problem with centralized, for-profit services based in countries with known surveillance offering "anonymous" services to begin with, but for the love of all things sane in this world, if you're gonna try that, at least be hyper-aware of every shred of data you incidentally collect or cause to go across the wire.

    • by Anonymous Coward

      Your IP address is as good as a location these days. Because the same IP will have some device on the NAT, your wifes phone, your ChromeBox, your thermostat even, in Android even if you turn off GPS, it still gives Goog permission to have your wifi sourced location which is as good as GPS in resolution except out in the wilds.

      Wifi triangulation is as good as GPS and in towns and cities is often better than GPS. But they may also have the GPS signal.

      The CLIENT for this information is buying from many sources

  • The issue is one of trust.. not tech details. Also, considering the rends it suggests there is no truth in anything related to business and/or gov and/or communications.
    Simple.

  • by Anonymous Coward

    It also says there is a technical backdoor that allows Whisper to pinpoint the location of users who have declined to share their location with the app, and that Zimmerman and another executive had requested staff to exploit it. But Zimmerman, fuming at the accusations, said such backdoors are "technically impossible."

    Nonsense. The word "backdoor" is not really appropriate here, but of course there are methods (and they are very technically possible) to divine someone's location even if they've declined to share it. Geolocation has become astonishingly accurate in areas where ISPs and telcos are selling their subscriber phsyical-to-IP-address data. I'm not talking about the 500-meter resolution mentioned in the article, but the exact address (or coordinates of the exact address) that the subscriber's service is billed to

  • Yet another business getting caught lying to their customers. Welcome to the 20th century, A few more famous liers: Google, Apple, Microsoft, Oracle, Adobe, AOL. What a wonderful century we live in wouldn't ya say?
  • by Anonymous Coward

    I downloaded and used whisper the day it was released and continued for 6 months to a year.

    During that time I watched the community grow. At its onset it was very small and people were nice. One of my first posts was responding to some young Asian woman who disliked the typical phenotype of rounded face and smaller nose and said she was teased often and wished she had more Caucasian features. I explained that the rounded face was definitely attractive to all males and her nose was adorable. She was pretty b

  • This kind of thing is inexcusable. It is clearly unethical and it should be illegal. Think we'll get a law like that passed? No, I mean one that doesn't tie the hands of our friend, the government, whom we must entrust with secret powers to keep us safe. I just mean shady operators like Whisper..., and Google.
  • I've worked with MaxMind stuff on mobile IP location - as they guy says it's pretty useless. If the user is on wifi it's not too bad, at least the IPv4 stuff could pretty reliably get the state and often city. I never had any luck with IPv6 although they claim to support it better now.
    The big kicker is if the user is on cellular - at least in the US most cell networks are natively IPv6, and they tunnel connections through giant NAT devices. This leads to two interesting effects - firstly the IPv4 address yo

The meat is rotten, but the booze is holding out. Computer translation of "The spirit is willing, but the flesh is weak."

Working...