
Whisper Suspends Editorial Team Involved in Guardian Visit - funkyy
http://techcrunch.com/2014/10/26/whisper-suspends-editorial-team-involved-in-guardian-visit/
======
scintill76
The article includes a link where the CEO posts some rebuttal: [https://s3-us-
west-1.amazonaws.com/whisper-ten-answers-oct-2...](https://s3-us-
west-1.amazonaws.com/whisper-ten-answers-
oct-24/Setting+The+Record+Straight.htm) .

> We then fuzz the location on the server.

Why not fuzz it on the device, before sending to the server?

> All data is stored in the United States, and has always been.

Why not just amend your Privacy Policy to state that data is only stored in
the United States? Anything less, such as this nonbinding account of what
you've historically done, strikes me as hand-waving and not fully above-board.
It's like you acknowledge this is a legitimate concern, decline to formally
commit to anything, but tell people a truth (or at least true at this moment)
you think they want to hear, hoping they'll feel like the concern was
resolved.

~~~
jackhammer
_Why not fuzz it on the device, before sending to the server?_

Now that is a legitimate question. Although, fuzzing it on the server is
better than not fuzzing it at all.

 _Why not just amend your Privacy Policy to state that data is only stored in
the United States?_

Actually Whisper did the opposite, amend their privacy policy so that data can
be stored outside of the US, but their new ToS are not active yet.

I think, what he is saying is basically just: "We have content moderators in
the Philippines. The Guardian is acting like we keep that secret, but here are
5 media articles where we talked about that ourselves. It is also not against
our ToS. The provision that the Guardian is referencing is about servers.".

I must say, that it really looks like the Guardian article was somewhat
sensationalist. Yes whisper is "tracking" it's users by sending location data
to the server, but that is obvious since that is an integral part of the app.

~~~
scintill76
> Actually Whisper did the opposite, amend their privacy policy so that data
> can be stored outside of the US

True, I neglected this. Guardian points out (perhaps too imprecisely) that
they changed the ToS to include storing data in other countries, and their
response is essentially, "Calm down, right now we're only in the US." They've
obviously made a deliberate move to open the door to storing data somewhere
other than the US, but expect everyone to be reassured that they haven't
actually walked through the door yet. Like the server-side location fuzzing,
it's an unverifiable promise of security/privacy, not actual security and
privacy.

> their new ToS are not active yet.

How not? [http://whisper.sh/privacy](http://whisper.sh/privacy) , dated 13
October, has the "other countries" clause, and says "Any changes become
effective when we post them on the Site."

> that is obvious since that is an integral part of the app.

I have to admit, I'm also a bit surprised that this, of all privacy issues, is
blowing up so much. Still, I support raising awareness of privacy, and I'm
getting sketchy vibes from Whisper's damage control, so that I wonder if they
have more to hide or something.

~~~
jackhammer
> How not? [http://whisper.sh/privacy](http://whisper.sh/privacy) , dated 13
> October, has the "other countries" clause, and says "Any changes become
> effective when we post them on the Site."

I don't know, I got my information from this Guardian article:

"These new terms, which were posted on Whisper’s website on 13 October, come
into effect on 12 November."

[http://www.theguardian.com/world/2014/oct/16/-sp-whisper-
pri...](http://www.theguardian.com/world/2014/oct/16/-sp-whisper-privacy-
policy-terms-of-service)

Maybe the website and app have different ToS?

~~~
scintill76
Thanks. I guess this is based on "The new Terms will become effective thirty
(30) days after we post the notice on our Site."[0] in the Terms, which also
seem to incorporate the Privacy Policy I linked, which is stated to take
effect immediately. I don't know which statement about effective date takes
precedence (another sign of sketchiness/sloppiness?), but at least I know what
you and the Guardian are talking about.

[0] [http://whisper.sh/terms](http://whisper.sh/terms)

------
scintill76
This is OT, but having just looked at some content on Whisper, my gut reaction
is that this has the potential to be even more toxic than Facebook et al. I
saw stuff like "I'm ugly. No matter how many times or who tells me I'm
beautiful, I don't believe them. (Pic of me)" superimposed over an alleged
photo of the poster. Replies may include "I think you're beautiful" (fairly
useless if the OP's text is truthful and accurate, potentially harmful if
poster is depending on others for validation) or "You're an attention whore"
(potentially hurtful.) My gut also says just "vocalizing" negative thoughts
with such finality could be harmful. Maybe my intuition is exactly wrong, but
there's probably _something_ dangerous about crowd-sourcing therapy
anonymously.

------
harry8
The Guardian may have shown up a whisper pretending to be pushing a "will no
one think of the children?" Angle. Demanding how whisper will help when used
as a tool of child abusers and so on. With that they got their info and
decided which angle to actually pursue.

Reporting secret information that people don't want you to know that may
affect decisions you might make that have a pretty strong affect on your life.
That's really, really good reporting. If it really did turn out to be
fabrication that would be awful, but it seems unlikely at this point. Time
will tell.

------
electic
It's worrisome that a senator is getting involved in a niche social apps
privacy practice to this degree. However when it is a government agency that
violates American's privacy the same Senators couldn't be bothered.

~~~
downandout
This struck me as odd as well. I'm curious whether Rockefeller or someone
close to him has been Whispering info they shouldn't have or would be
embarrassed by. I haven't cared enough to look at the data stream between
Whisper and its servers, but does anyone know if they send the GPS tag of each
Whisper down to the app? You could build your own database this way. Even if
they don't, with their "nearby" feature, you could make posts with fake
locations and then look at what order they come up in the "nearby" results at
different locations. You could then calculate a relatively precise fake GPS
location necessary to feed to the nearby feature to pinpoint Whispers from a
specific location.

------
sjs382
Wait... _Whisper 's_ editorial staff and Editor In Cheif?

I thought I read that wrong. Why does whisper have an editorial team?

~~~
scintill76
Probably to curate stuff like "17 Childish Beliefs We Still Hang On To"[0].
Their jobs page has some openings that sound like that.

[0]
[http://whisper.sh/stories/05f0a487-1b6d-4634-8d3f-c394d5ac4d...](http://whisper.sh/stories/05f0a487-1b6d-4634-8d3f-c394d5ac4dda/17-Childish-
Beliefs-We-Still-Hang-On-To)

------
SixSigma
Imho anyone who uses the phrase "vicious lies" is usually the guilty party.

------
molecule
_> ... its database could locate users within 500 meters (a little less than a
standard city block in distance) of their location..._

that's one very, very big 'standard' city block.

