analysis

Whisper vs. The Guardian ends in a stalemate

March 12, 2015

The problem with The Guardian’s clarification on its bombshell scoop that Whisper—an app that allows users to post messages anonymously—was tracking its users’ locations is not that it invalidates the original story. It’s that the densely worded statement appears to invalidate it.

The revelations about Whisper were a series of 11 news stories last October that said the app tracked users even when they said they did not want it to, mining that data for story collaborations with publications like The Guardian, who ironically stumbled upon the story while discussing a partnership. That is, an app that sold itself on anonymity allegedly had an editorial department mining that very information for stories.

The fallout from the coverage included the suspension of Whisper’s editorial staffers, including editor in chief Neetzan Zimmerman, a hold on partnerships with BuzzFeed and Fusion, and a summoning by the chair of the Senate Commerce Committee.

The biggest takeaway from this week’s convoluted clarification is that the IP addresses that Whisper sometimes used to track users were only “rough and unreliable” location indicators, information that all internet companies receive. Additionally, The Guardian’s implication that Whisper quietly rewrote its privacy policy in response to the newspaper’s scoop—a perceived admission of guilt that The Wall Street Journal said “implied potential legal issues” with the Federal Trade Commission—was retracted. An op-ed about Whisper has been removed from The Guardian’s website. But none of this invalidated the core allegation of the original reporting: whether Whisper tracked users who opted out of geolocation for story ideas—as The Guardian claims—or only did so when posts involved suicide or illegal activity, which Whisper says.

You would not guess that by the media response. The Wall Street Journal said the revelations “blunted” The Guardian’s earlier reports; Ars Technica’s headline thinks the Guardian “says Whisper doesn’t spy on its users after all”; tech blog Gizmodo said they’re “backpedalling harder than a spin class devotee.” Perhaps the dense, 236-word paragraph focused on technical details and released long after the initial story makes it appear more like a correction.

This point, for now and perhaps indefinitely, may remain he-said-she-said. “Whisper contests many other aspects of our reporting” The Guardian said in a statement.

Sign up for CJR's daily email

The crux of the Whisper scoop was that even if users’ names and phone numbers weren’t tracked, their identities can still be inferred: a Guardian illustration showed, for example, a series of posts coming out of the White House, which limits the potential pool of users. Even when geolocation is turned off, Whisper allegedly told The Guardian they could track whether a certain US soldier was in Afghanistan or Fort Riley in Kansas.

The question is: Does it matter if Whisper can figure out where you spend time or where you work even if they don’t publicize it? If they can potentially create a demographic model of you, even if that snapshot has no name? The murky use of data in everyone’s favorite apps is not limited to Whisper—see also the woes of Snapchat and Uber—but is nevertheless at odds with the way it sells itself as “the safest place on the internet.” In the absence of a definitive clarification, the impact of The Guardian’s stories may be that, according to New York Magazine, Whisper has since nixed its entire editorial division.

Chris Ip is a CJR Delacorte Fellow. Follow him on Twitter at @chrisiptw.