With Whisper, you can anonymously share your thoughts and emotions with the world.
Claims like this are likely to create certain expectations in users. Few people a great deal of thought on what concepts like anonymity mean, but it’s reasonable to assume that ‘anonymous sharing’ is largely consequence-free. If you share secrets anonymously, nobody should be able to identify you. Indeed, Whisper users cannot identify other Whisper users under most circumstances. There is no persistent username between posts so even if users opt in to location sharing, it would be difficult for users to identify most other users. Location data is only accurate to within 500m and is intended to identify the street or neighbourhood of the user, but probably not their house (other than in rural areas). So far, so good. Whisper considers itself a safe haven for people with secrets, including dangerous ones. It considers itself a safe haven for whistle blowers
But Whisper’s goal of anonymity is at odds with its other identity as a sort of news provider. Some of the secrets posted – whistle-blowing secrets in particular – are newsworthy. Whisper writes articles about them. But since the posters are anonymous, how can Whisper tell if they’re lying? By checking up on their location. If a user is blowing the whistle about bullying in the army, Whisper checks their location. Their claim might be considered more credible if they are posting from an army base.
To do this, Whisper maintains a huge database (there are 2.5 million Whisper posts a day) of posts, which it retains indefinitely. This includes the locations of users who have opted in to location sharing. For the estimated 20% who have opted out, it stores their IP address. IP location lookup isn’t always accurate or reliable, but it could certainly cause problems for someone with a dangerous secret, especially since Whisper seems inclined to share their database and back-end tools to partners (such as news companies), potential partners (which is how the Guardian knows about this) and with the US Department of Defence. Although the public can’t connect individual posts by users, the back-end tools can so that Whisper can track users’ past activity to better assess their credibility.
When a service advertises itself as anonymous, users have certain expectations of privacy and I don’t think they are being met with Whisper.