Nothing is ever private on the internet, or at least that’s the mantra that tech-savvy members of the digital age will tell you. Any website that tells you otherwise just might have a reason to “protest too much.” At least that’s the sentiment currently circulating about the anonymous social media app Whisper, who is currently battling it out in a series of open letters and public statements with the British newspaper The Guardian.

The newspaper sent staffers to Whisper’s corporate headquarters for a lengthy, in-depth peek at how the system works. Coupled with their months’-long investigative journalism in which they corresponded not only with Whisper staff members but users as well, the paper published an article that exposed the site for not truly being as “private” as it claims.

The premise of Whisper is that everything is anonymous, meaning no names, emails, or any other identifying information. The belief behind it is that this level of genuine anonymity—obviously not available elsewhere on the internet—would leave users free to post anything they wanted to without fear of reprisal. Users reportedly have the option to include information like their geolocation, but are not required to.

The most important part of the current dispute is that Whisper claims repeatedly it does not gather, store, or share personally identifiable information about it users. Whisper claims not to know its users’ real identities or store any data on its users, despite comments from former staffers that say it isn’t true. The Guardian piece also says that’s blatantly untrue, based on its own dealings with the staffers.

However, Whisper at least claims that it has always been upfront about its terms of service, especially where privacy is concerned. Any posts that involve criminal activity or anything involving minors will be turned over to the proper authorities, despite the claim that Whisper has no identifying information on the person who posted it. Moreover, Whisper has made a longtime commitment to preventing suicide and self-harm, and states that it has referred more than 40,000 individuals to suicide prevention hotlines based on content that has been posted; the site has also reached out for assistance to a number of organizations, including the US military, due to the high number of suicidal posts that came from military bases or compounds.

But wait…how did Whisper know those posts originated from military bases? Oh yes, the geolocation of the user, which is only one of the many allegations at the heart of The Guardian’s claims about the app.

In this digital game of he-said-she-said, who’s right? The real answer is, it doesn’t matter, at least not if users are concerned about their privacy. Any time a website or app requires users to input information about themselves in order to register, consumers must assume that the information is gathered, stored, and could potentially surface at some point in the future, whether it’s intentional, as part of a law enforcement investigation, or simply through hacking activity. By sticking to the understanding that the internet is not a giant safe room and that their data can be accessed by someone with the right skills or reasons, users can better understand their personal data’s safety and do their parts in preventing the exposure of their information.


Join us Oct. 29 in Washington, D.C. for the release of ITRC’s Victim Impact Survey, Identity Theft: The Aftermath. For more information, visit the site: