back to article Why weasel words might not work for Whisper

Whisper's CEO has attempted to undercut criticism of his company by suspending its editorial team and penning a lengthy response to accusations of privacy abuses and user tracking. Editor-in-chief Neetzan Zimmerman, as well as an undisclosed number of staff have been put on leave "pending the results of our internal review," …

  1. Mark 85

    The Business Model is a dead giveaway....

    Since they don't accept advertising, where's the money come from? Who's dollar are they taking and what are they giving in return?

    I suspect the answer is here: Whisper soon discovered that these thoughts were also newsworthy and so it developed partnerships with a number of outlets including The Huffington Post, Buzzfeed, and The Guardian covering issues such as.... Note the word "including" which indicates other "partners" or in this case, probably checks/cash.

    In today's verbage "partnerships" is usually things of value changing hands. The one thing I've learned is to follow the money when looking at ethics, security, and business (private and government) in general.

    I further gather that if you're a "person of interest", that they have the means to track you even after uninstalling the app. If it leaves your identifier, what else does it leave behind?

    As commenters in other articles have said about NSA, etc... I doubt if those organizations are paying anything. If those groups wanted this info, they would have it without paying for it.

  2. dan1980

    Article 32

    Regarding the post specifically mentioned here, I don't get why this is problematic. "Article 32" is a military term and thus no location data is necessary to say that this pertains to someone in the military.

    There is there question of how it gets identified as about sexual assault but I believe, from the previous article, that there were outsourced people manually going over messages to find 'interesting' content.

    Don't get me wrong - this is all very deplorable, and I fully believe that they indeed used location data to identify, track and verify these but I just don't see why this particular message contradicts what is being claimed by Whisper.

    1. Anonymous Coward
      Anonymous Coward

      Re: Article 32

      This is indeed a military term but how likely do you think it is that when formulating the search query to find reports of sexual assaults they'd choose "Article 32" as one of them? Sure, it may make sense, but ONLY when viewed in hindsight.

      1. dan1980

        Re: Article 32

        @DougS

        I get what you're saying but that's not quite the point I was making. They identified the post as about sexual assault by having teams of low-paid, south-east asian workers read and assess the posts and classify them. This is how they found ones that were 'news-worthy' and I don't believe they are denying they do this.

        Once that was done, they had a pile of messages that were judged by the worker bees to be about sexual assault - possibly specifically in the military, possibly only generally.

        At any rate, the two competing claims are that they either used location data to identify those posts that came from military bases (as per the Guardian) or, according to Whisper, that it was done purely by looking at the text and assessing that. Given that these were already pre-selected by low-cost workers overseas (apparently), it's not unreasonable that, given the gravity of this particular subject, they had people vet them more carefully, examining every message.

        If so, 'Article 32' could well fall into that category.

        On the matter of automated keyword checking, it appears as though the app selects a background image from some database, based on words it finds. The photo on this particular post is an article about a US Marine operation. The only bit in the text that could have been used to select that is 'Article 32'. Perhaps 'promoted' but obviously that's not specifically military.

        If the database used to select the images is, as you would expect, made up of pre-selected images (as they would have to be royalty/copyright-free) those images would have tags that can then be matched up with keywords in the text.

        My point is that this text was, by the image, evidently AUTOMATICALLY picked as relating to the military. All you need to do is to search/cross-reference that information.

        As I said, I disapprove of all of this but this post has been selected by the author to specifically contradict the statements of Whisper and I don't think it proves those statements false as it seems easy enough to reconcile what Heyward is claiming with this particular example.

        To show him as wrong, you have to show a post that would not be able to be identifiable as from/about the military without solely by the text. I don't believe this example fits that criteria.

        1. Anonymous Coward
          Anonymous Coward

          Re: Article 32

          I find it highly unlikely that the low paid workers are sifting through everything, or that they even exist. I'll bet they save all this metadata with their posts and do an instant database search, and made up the story about low paid workers to cover their butts, but of course I can't prove that it is just a feeling...

          Does the app select the image or does the user? Maybe it selected the military image based on the location (if posted from a base) or based on previous military related stuff the guy has posted.

          I haven't used this (and certainly never would now) so I don't know the details, but unless the Guardian guy was outright lying, the "we'll track him for the rest of his life" pretty much gives away what they're doing regardless of the finer points on how the Article 32 post was found.

          1. dan1980

            Re: Article 32

            @DougS

            I get what you are saying but it doesn't matter at all to my point whether they actually are using low-paid workers to sift through messages.

            The point is that they are claiming that only the contents of the messages was used to identify them as being about rape in the military.

            The counter claim is that it was location data that was used to identify them as from military personnel.

            The purpose of the image selected was to hold up something that apparently couldn't have been identified solely from the content as claimed by Whisper and thus counts as evidence that, therefore, they must have been using information not contained in the message itself - i.e. location data.

            I fully believe that this is exactly what they did but my point was and is that this example does not catch them out.

  3. solo

    Anonymous are cowards, they cannot strike back

    "Hey boss, heard from my friend that anonymity is cool n these days"

    "Can we make money out of it?"

    "Sure, we will erase their names and sell rest of their info."

    "Is it not against purpose?"

    "No. I think that is obvious...I have read some postman kinda justification for it, from Google"

  4. mhoneywell

    Excellent

    Very good piece.

  5. Anonymous Coward
    Facepalm

    Damning words

    "He’s a guy that we’ll track for the rest of his life and he’ll have no idea we’ll be watching him."

    I can see why he suspended the editorial team if those words were allowed to be spoken in front of the Guardian reporter.

    With such a clear indication of the morals of Whisper employees, there's pretty much no way to view these people as anything other than slime.

    1. Anonymous Coward
      Big Brother

      Re: Damning words

      So, you're saying they invited the wrong newspaper? Maybe they should have called Murdoch.

  6. Benjol

    I think the last three bullets in the article pretty much nails it

  7. Intractable Potsherd

    Well done!

    Great investigative journalism. Thank you.

  8. Anonymous Coward
    Anonymous Coward

    Persistent identifier

    "... when you download the Whisper app it creates a unique identifier. That identifier is applied to every user of Whisper, even if they wish to remain anonymous, even if they turn off geolocation, and even if they uninstall the app."

    I'm confused. I thought Apple was supposed to have killed third party app access to the hardware ID on ios devices after finding it was being used to track users, replacing it instead with an 'advertising identifier' that the user can reset at will from the device. So without a login the application shouldn't (surely??) be able to create a persistent identifier for a user at all if the app is uninstalled and the advertising identifer reset, if it genuinely has no access to anything more permanent - Lastpass for example forgets a device is 'trusted' if the ad ID is reset.

    If whisper can actually create a genuinely persistent identifier, surely there is a far wider issue here than just one greedy developer taking the piss. If a hardware ID is accessible and restricted only by Apple's terms, you can bet any number of others will be using it for tracking; if its a flaw, it strikes me as a bit of a biggie for Apple given their statements on privacy.

    Or is it merely that I'm (not for the first time) being abnormally dense? Anyone shed a little illumination for me?

    1. Anonymous Coward
      Anonymous Coward

      Re: Persistent identifier

      They could just be leaving a hidden file on the phone after "uninstalling". If the app is ever installed again, it could check to see if this file exists before generating a new ID (this is only a guess, I don't know how Apple manage the install/uninstall process and whether it tracks all the data an app generates locally).

      Alternatively, you need a unique ID to install an app anyway (your itunes login), so if the app is able to access this then it's easy enough to generate a unique hash without having to involve any hardware.

      What I find rotten about Whisper is that they are exploiting vulnerable people for financial gain. I imagine that a lot of people who post using the service are desperate to express their frustrations and share their story but aren't considering the wider ramifications of what they're doing.

      1. Anonymous Coward
        Anonymous Coward

        Re: Persistent identifier

        "... you need a unique ID to install an app anyway (your itunes login)"

        OK, so it was me being particularly thick. The itunes ID would seem the most obvious candidate, and would have to be available to the developer in some form. The fuss last year IIRC was about advertisers using the hardware ID to track users, and with the Advertiser ID and the fact Apple run the ads system, presumably admongers won't have access to the itunes login either. If that is the case, I wonder how/if it would work where the app store account is on multiple devices; we have it on 2 phones and 2 tablets?

        Lastpass confused me, but of course its login based, and you might want to trust one device, say your phone, but not your ipad which you share. I think ios is pretty good at cleaning up files when uninstalling, so that would be at best unreliable.

        Agreed; whisper really are bottom feeders with a serious shortage of ethics. The rhetoric is strewn with a crusading tone of care and concern, but their actions suggest 'greed and fuck the collateral damage to users'. Perhaps worse is that while there's plenty of people happy to admit to naked slavering greed, there's an increasing number who don't even seem to recognise that there even is an ethical line between action 'A' and action 'B' - those are the really dangerous fuckers.

  9. Alistair
    Facepalm

    Hi. I have this great free anonymous tool that lets you babble on teh interwebz

    Now, to be safe, you have to let us

    a) place a unique identifier on your system

    b) let us track your location.

    But its anonymous.

    I'm sorry. Broken by design. Nothing. NOTHING. the management team/VC salesdroids or infobabble experts can say.

    This. is. not. anonymous. At all.

  10. chris lively

    First off, This is what Journalism is actuay about. The author took what was said, parsed out the nonsense and we are left with obvious truths. Good job.

    Now, what I find increasingly hard to believe is that people are so dumb as to believe that whatever they post can't be absolutely tracked back to them. You'd think that by now everyone would realize that there is no such thing as being anonymous, especially on the internet.

    Then again, probably the best comparison to make is to snake oil salesmen from 100 years ago. Medicine was a relatively new industry with little to no control or oversight. The difference here being that government has zero reason to put companies like whisper out of business for false claims and every reason to prop them up.

    The current generation of kids won't fix this, but the next one might.

  11. Jonathan Richards 1

    IP location from military locations

    > if [the] message is sent over the phone connected to the network on base or campus

    I see exactly what is being got at here, but I'd just like to point out that it would be a very strange military base that ran a WiFi network (a) connected to the Internet and (b) to which one could connect with a BYOD phone. If you try to geolocate a posting from a UK MOD site on the basis of IP address, you'll find that there's but one connection from the Defence Information Infrastructure to the outside world. This was an issue back when MOD folk would edit Wikipedia, because Wikipedia would log that IP address, which wasn't specific to the editor, at all. Wikipedia editing was rapidly forbidden, btw.

  12. Mike S

    today I learned...

    People use Whisper and it's (apparently) a thing.

    Something new every day.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like