Anonymous sharing app Whisper under a cloud over user location data

The app is accused by The Guardian of tracking users' locations

Anonymous sharing app Whisper has come under a cloud after a newspaper report charged it with tracking the location of its users, including those who have asked not to be followed.

Whisper, which is described as a platform to anonymously share "innermost thoughts, secrets, and feelings," is one of many privacy focused applications that became attractive after revelations last year by former National Security Agency contractor, Edward Snowden, that the agency was secretly tracking people online both in the U.S. and abroad. It also benefited from user concerns about exposing their identities on social media websites.

The Guardian report on Thursday will likely lead to a debate about how location data should be handled by services that promise users anonymity.

Whisper has a mapping tool that allows staff "to filter and search GPS data, pinpointing messages to within 500 meters of where they were sent," The Guardian newspaper wrote. The rough location of users who have turned off geolocation is arrived at by using the IP data from smartphones, it reported.

The Guardian came to know about this practice during a visit last month to WhisperText, the company behind the app, where the newspaper was exploring an "expanded journalistic relationship" with the social app.

WhisperText said in a statement Thursday that it does not collect nor store any personally identifiable information from users and is anonymous. "There is nothing in our geolocation data that can be tied to an individual user and a user's anonymity is never compromised," it said. "Whisper does not follow or track users. The Guardian's assumptions that Whisper is gathering information about users and violating user's privacy are false."

The social media app's editor-in-chief, Neetzan Zimmerman wrote on Twitter that the Guardian story is "lousy with falsehoods, and we will be debunking them all." He wrote in another tweet that the Guardian "made a mistake posting that story and they will regret it."

Information gathered by Whisper from smartphones it knows are used from military bases is shared with the U.S. Department of Defense, and the company is also developing a version of its app that will conform with Chinese censorship regulations, according to The Guardian.

User data, including deleted Whisper posts, are gathered in a searchable database, the newspaper wrote.

WhisperText released Thursday detailed replies to The Guardian's questions. It said that it does not receive or store geographical coordinates from users who have opted out of geolocation services. "User IP addresses may allow very coarse location to be determined to the city, state, or country level," it added. Even for users who have opted in, the location information stored is blurred to within 500 meters of their smartphone's actual location.

The company's privacy policy, updated Monday, allows the app to determine the user's location by city, state or country based on the IP address, even when location services have been disabled. It also allows the company to disclose information such as posts, IP addresses and the user's general location to comply with laws. The Guardian said the terms of service were updated after Whisper found out that the newspaper planned to run the story.

WhisperText said it had noticed how frequently suicide was mentioned by people living on US military bases or compounds and "reached out to organizations to see how we could work together to address this important issue." The information shared was not personally identifiable, it added. The app said it did not have a service in China.

WhisperText highlights and curates thematic narratives from users who are not personally identifiable either to Whisper employees or to the public. The Guardian has partnered and worked with Whisper since February this year and published stories using Whisper posts, with full understanding of its guidelines, WhisperText said.

John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags whispermobile applicationsThe Guardiansecuritymobileprivacy

More about IDGNational Security AgencyNews

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John Ribeiro

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place