17 Oct 2014

Whisper it quietly: who can you trust online?

Who can you trust? It’s a question that dogs so many interactions online and one that’s been brought dramatically to the fore with the Guardian’s reporting on Whisper, the anonymous social media service that the Guardian claims is less than anonymous.

Whisper’s selling point was to allow users to post anonymous pictures, usually overlaid with text. Its promise not to identify users led to a string of confessional posts from staff inside military, political and other public service spheres.

Yet when Guardian journalists visited Whisper’s offices to talk about further collaboration, they claim they found evidence that potentially identifiable information was being stored.

There are two accusations here: firstly, that Whisper is keeping track of people who’ve agreed to supply their location when they post pictures (“geo-location”). Whisper may not be keeping people’s names, the Guardian argues, but it’s keeping enough data to identify who they are, and keeping it “indefinitely”. And secondly, that even users who’ve opted out of geo-location are still being tracked using their IP address (see what yours says about you).

Whisper, for its part, insists it “does not follow or track users”, and says the second of the Guardian’s accusations is “not true”.


Whatever the outcome, two things are certain: the Guardian and Whisper probably won’t be collaborating again any time soon, and this is going to make people even more sceptical about services billed as anonymous.

Those of us covering tech over the last few years have seen a slight but noticeable turn in the tide: even before former US security contractor Edward Snowden’s revelations, people had become concerned about insidious tracking online: from ads that follow you around the web, to Google’s attempts to hoover up wifi information.

The backlash has resulted in a slew of new services which claim to guarantee privacy, confer anonymity, and so on.

There are two problems with this anti-tracking backlash: firstly, the web is at heart a publishing medium. If you put it online, you make it public, and any attempt at anonymity, privacy or security is inevitably an attempt at retrofitting. Imagine fitting a paper door on the front of your house, then trying to bolt a lock on to it.

Secondly, the reason so many of these online services are free is because they are selling your data out the back door: whether to advertising agencies or, in the case of Whisper, to websites like Buzzfeed (which told the Guardian it is “taking a break” from its partnership with Whisper). A service that claims to be both free of charge and also anonymous is going to go broke, no matter how much investment it secures in the short term.

Fundamentally, when you’re using a free service, the contractual obligation is between the service owner and its customers (advertisers, marketers, journalists, etc.). You are the product being sold, and you have as much chance of enforcing your rights as a cornflake box in a Tesco Metro. The idea that you can trust any free web service is laughable.

One last point on the issue of trust: let’s not forget that Whisper itself thought it could trust the Guardian journalists visiting its offices. It seems we’re all on a learning curve with this one.

Follow @geoffwhite247 on Twitter