The Guardian, the British newspaper that published a series of articles last fall (starting with this one) about anonymous social media app Whisper, issued a “clarification” today about those stories.
The Guardian post gets pretty nitpicky and specific, to the extent that it’s tough to parse if (like me) you haven’t read those stories recently. But here’s the gist: The Guardian is walking back some of its reporting, and it took down an opinion piece with the headline “Think you can Whisper privately? Think again.”
The juiciest part of The Guardian’s stories was the suggestion that Whisper tracks users’ locations even if they opt out of location tracking, and that it was sharing that information with the US Department of Defense.
Whisper, however, denied that it was tracking users after they opted out, aside from using IP addresses to establish a very rough location. And while it acknowledged that it was working with the military “to lower suicide rates,” it said it was not sharing any personally identifiable information.
Here’s what The Guardian says now:
We reported that IP addresses can only provide an approximate indication of a person’s whereabouts, not usually more accurate than their country, state or city. We are happy to clarify that this data (which all internet companies receive) is a very rough and unreliable indicator of location. We are also happy to make clear that the public cannot ascertain the identity or location of a Whisper user unless the user publicly discloses this information, that the information Whisper shared with the US Department of Defense’s Suicide Prevention Office did not include personal data, and that Whisper did not store data outside the United States. Whisper’s terms for sharing information proactively with law enforcement authorities where there is a danger of death or serious injury is both lawful and industry standard.
What does all of that mean? It seems that even though the Guardian was careful to call this a clarification, not a correction (though it’s published in the “corrections and clarifications” section), and even though it claims to be “happy” to report these facts, its main accusation against Whisper has been largely defanged. After all, it’s now admitting that no personal information was shared with the government, and that the data Whisper does receive is pretty much standard for the industry.
To be clear, Whisper has said that if you opt into its location services, it can track your location (duh) “to within 500 meters,” but the location data can’t be tied to individual users.
Whisper CEO Michael Heyward (pictured above) sent me the following statement via email:
We appreciate the Guardian issuing the corrections and setting the record straight. For us this isn’t about vindication. It is vital that our users and partners know that Whisper is and always has been totally committed to the privacy of everyone who uses our product.