Users of Whisper sharing app that are supposed to be anonymous have had their posts located by IP Geolocation or GPS, according to The Guardian.
Whisper branded itself as the “safest place on the internet”, while users disclose sensitive details of their professional or work experiences “anonymously.”
From The Guardian’s report it appears that Whisper, Â beside gathering data from its users, has also shared on different occasionsâ€™ information with the US Department of Defense (DoD), FBI or MI5.
“When users have turned off their geolocation services, the company also, on a targeted, case-by-case basis, extracts their rough location from IP data emitted by their smartphone,” the article stated.
The Guardian found that Whisper is gathering location data during partnership talks last month.
Whisper also seems to be monitoring specific, targeted individuals, even if they did not provide the Whisper app with permissions to use geolocation.
Whisper’s CTO Chad DePue responded for The Hacker News to The Guardian’s allegations by claiming, “this is really bad reporting,â€ and that they only use a Maxmind GeoIP database “that is so inaccurate as to be laughable.”
“We just don’t have any personally identifiable information. Not name, email, phone number, etc,” DePue added.
“I can’t tell you who a user is without them posting their actual personal information, and in that case, it would be a violation of our terms of service.”
Moxie Marlinspike, security researcher and developer behind RedPhone and Signal mobile applications, replied to DePue’s comment: “Based on your own comments here, it sounds like the [Guardianâ€™s] reporting is entirely accurate.”
â€œYou’re attempting to justify why you’re tracking your users, but you’re still tracking them.”
Due to Whisper’s user tracking issue, Buzzfeed its long-standing partner, halted their cooperation with Whisper.
“Weâ€™re taking a break from our partnership until Whisper clarifies to us and its users the policy on user location and privacy,â€ a Buzzfeed spokesperson said.