from the when-things-are-too-good-to-be-true dept.
The self-dubbed "safest place on the internet", Whisper, apparently tracks users.
Whisper is a platform (like Twitter) where you can post short messages overlaid over a user-supplied picture. Supposedly, you're anonymous while doing so. When the Guardian went on a 3-day visit to pursue editorial relationships with the company, they encountered nuggets such as "an in-house mapping tool that allows its staff to filter and search GPS data, pinpointing messages to within 500 meters of where they were sent", and quotes such as "We had 13 or 14 [IDF] soldiers who we were tracking – every whisper they did".
Tracking facilitated through geolocation facilities in the app if active, with a fallback mode through geo-ip, stored in a database. Which apparently has never had any deletions, ever. To add further insult to injury, the Guardian claims Whisper latches on to potentially newsworthy Whisperers, and follows them.
Whisper has responded to these reports saying:
Whisper does not collect nor store: name, physical address, phone number, email address, or any other form of PII. The privacy of our users is not violated in any of the circumstances suggested in the Guardian story.
The Guardian’s assumptions that Whisper is gathering information about users and violating user’ s privacy are false.
Another reaction by Whisper CTO + scathing reply by well-known privacy hacker Moxie Marlinspike here.
Ars Technica covers basically the same points.
(Score: 2) by frojack on Friday October 17 2014, @08:23PM
The Denials sort of skip over the fact that their own staff told the Guardian
"We had 13 or 14 [IDF] soldiers who we were tracking – every whisper they did".
How would they know they were soldiers?
Sure, no Physical address, but that wasn't what the Guardian claimed. They said GPS location within 500 meters. ("Within" might include right down to 6 meters).
Your IP on a cell phone probably changes once an hour.
Why would their staff tell reporters one thing and then the public denial uses weasel words to knock it down?
No, you are mistaken. I've always had this sig.
(Score: 3, Interesting) by forsythe on Friday October 17 2014, @08:33PM
Why would their staff tell reporters one thing and then the public denial uses weasel words to knock it down?
Probably because they were approaching the reporters as clients, not as investigators. It was probably a sales pitch, with the goal of convincing reporters either that they could recommend Whisper to wanna-be-anonymous sources, then verify that the sources were legit, that they could (for a nominal fee) be allowed to skim potentially interesting communications off the Whisper pool to get some breaking news, or both.
(Score: 4, Insightful) by takyon on Friday October 17 2014, @08:37PM
Solid write-up, informative links.
Anonymity app of the week lacks anonymity!
See also Anonabox [theregister.co.uk], Cryptocat [dubfire.net], or Snapchat's third party Snappening foulup. Next could be Fire [betabeat.com] Chat [gigaom.com].
If even a heavyweight like open-source Tor is under serious threat, Good luck achieving anonymity with this week's app.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 1) by takyon on Friday October 17 2014, @08:39PM
Hot off the press Anonabox update [wired.com].
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 4, Informative) by hemocyanin on Friday October 17 2014, @08:42PM
This is an interesting investigation into the software (user side): http://www.zdziarski.com/blog/?p=4056 [zdziarski.com]
From the link above:
(Score: 3, Interesting) by khallow on Friday October 17 2014, @09:48PM
(Score: 2) by LoRdTAW on Saturday October 18 2014, @07:31AM
Honey pots?
(Score: 0) by Anonymous Coward on Friday October 17 2014, @10:34PM
It is hard to get worked up about a company I haven't heard of, nor give a rat's ass about.
(Score: 2) by aristarchus on Saturday October 18 2014, @02:53AM
Yeah, you haven't heard of them, but they have heard of you!!! And they are hearing you! Especially the IDF, which, if you are not Jewish, you might want to be worried about. That whole "extra-judicial killing" on suspicion of being a Terrorist? Israelis thought of it first. Check your skies for drones near you.
(Score: 1) by pnkwarhall on Saturday October 18 2014, @12:40AM
Moxie Marlinspike has sailed long distances using (only) dead-reckoning and celestial navigation. Anyone who appreciates this fact should go check out his site [thoughtcrime.org] The stories section [thoughtcrime.org] has my personal recommendation.
There's some analog technology for ya!
Lift Yr Skinny Fists Like Antennas to Heaven