In a piece published Oct. 16, the Guardian claims Whisper tracks its anonymous users with an in-house mapping tool that curates GPS data from messages sent by users. Even users who have opted out of the geolocation feature may be tracked via IP data sent from their smartphones, the report notes.
This user information -- some of which reportedly has been shared with the FBI and Britain's MI5 -- is allegedly collected in databases. Some specific users are even monitored by Whisper staff, the Guardian reports. (One supposed target was a "sex-obsessed lobbyist" in Washington, D.C. "He’s a guy that we’ll track for the rest of his life and he’ll have no idea we’ll be watching him," an unnamed executive is quoted as saying.)
The Guardian said it obtained information on the alleged practice last month while visiting the Whisper offices in Los Angeles for "the possibility of an expanded journalistic relationship." The publication now says it "is no longer pursuing a relationship with Whisper."
The claims against the company stand in contrast to comments made by Whisper founder and CEO Michael Heyward, who has said Whisper is "the safest place on the Internet," the report notes.
Whisper, however, is speaking out against the report, calling the Guardian's "assumptions" "false." In a statement emailed to The Huffington Post Thursday, the company said:
Whisper does not collect nor store any personally identifiable information from users and is anonymous. There is nothing in our geolocation data that can be tied to an individual user and a user’s anonymity is never compromised. Whisper does not follow or track users. The Guardian’s assumptions that Whisper is gathering information about users and violating user’s privacy are false.
Neetzan Zimmerman, Whisper's editor in chief and former Gawker employee, also took to Twitter to slam the Guardian, calling the piece "a pack of vicious lies."
First response: The Guardian’s piece is lousy with falsehoods, and we will be debunking them all. Much more to come.
— Neetzan Zimmerman (@neetzan) October 16, 2014
1/This cannot be overemphasized: @Whisper has never nor will ever collect nor store ANY personally identifiable information from its users.
— Neetzan Zimmerman (@neetzan) October 16, 2014
2/Users must OPT IN to location, not OPT OUT. If a user does not OPT IN, their location information is NEVER collected nor stored, period.
— Neetzan Zimmerman (@neetzan) October 16, 2014
3/Users who OPT IN — meaning elect to make their location public — have their location HEAVILY FUZZED by @Whisper to 500 meters away.
— Neetzan Zimmerman (@neetzan) October 16, 2014
4/No exact location data is EVER stored or is accessible by @Whisper or its employees. The Guardian’s suggestion to the contrary is FALSE.
— Neetzan Zimmerman (@neetzan) October 16, 2014
5/Again, users who have OPTED IN to making their location PUBLIC have their location proactively fuzzed to 500 meters by @Whisper.
— Neetzan Zimmerman (@neetzan) October 16, 2014
6/As there is no personally identifiable information (name, phone, email, address) collected or stored, fuzzed location data is meaningless.
— Neetzan Zimmerman (@neetzan) October 16, 2014
7/Users who do not opt in to location send NO GPS information. It is a technical impossibility for us to determine their location.
— Neetzan Zimmerman (@neetzan) October 16, 2014
8/To sum: Users must OPT IN to location; location is ALWAYS fuzzed to 500 meters; Users who don’t opt in provide NO GPS data.
— Neetzan Zimmerman (@neetzan) October 16, 2014
In addition, Zimmerman tweeted a link to Whisper's official response to the Guardian. In the document, the company reiterates: GPS information is "obscured to within 500 meters of their smartphone device’s actual location. There is nothing in our geolocation data that can be tied to an individual user and a user’s anonymity is never compromised."
The company denied tracking any single user but admitted to surfacing newsworthy items based on thematic postings from users.
When contacted by Valleywag, Zimmerman said Whisper has "no personally identifiable information" about users, adding, "at the most, we know generally what town they're in."
In its report, the Guardian alleges Whisper changed its privacy policy this week from saying the company “is committed to protecting your privacy and the security of personally identifying information” to “our goal is to provide you with a tool that allows you to express yourself while remaining anonymous to the community."
HuffPost has written stories incorporating Whisper posts in the past, a practice that has been suspended until more information becomes available.