Why not fuzz it on the device, before sending to the server?
> All data is stored in the United States, and has always been.
Why not just amend your Privacy Policy to state that data is only stored in the United States? Anything less, such as this nonbinding account of what you've historically done, strikes me as hand-waving and not fully above-board. It's like you acknowledge this is a legitimate concern, decline to formally commit to anything, but tell people a truth (or at least true at this moment) you think they want to hear, hoping they'll feel like the concern was resolved.
> Why not fuzz it on the device, before sending to the server?
Because you can change your fuzz algo instantly vs. waiting for users to download updates. Your not allowed to push code without review with iOS apps, so you couldn't send an updated lua script for example like you could with android.
For screw ups although they could of just fuzzed it further when they received it from the user on the server.
These apps are curtain-level privacy, mostly meant to keep you private from your social circle. Expecting any more without it being a pain in the ass would be a UX revolution.
> These apps are curtain-level privacy, mostly meant to keep you private from your social circle. Expecting any more without it being a pain in the ass would be a UX revolution.
True. I guess somehow saying "If you want real security, use PGP and only talk to people you know and trust" just isn't as good for their bottom line, or as fun/useful for their users. I would still consider it worthwhile for us to point this stuff out, so that people who care about it can inform themselves from somewhere other than a CEO whose company depends on making money off of them.
Why not fuzz it on the device, before sending to the server?
Now that is a legitimate question. Although, fuzzing it on the server is better than not fuzzing it at all.
Why not just amend your Privacy Policy to state that data is only stored in the United States?
Actually Whisper did the opposite, amend their privacy policy so that data can be stored outside of the US, but their new ToS are not active yet.
I think, what he is saying is basically just: "We have content moderators in the Philippines. The Guardian is acting like we keep that secret, but here are 5 media articles where we talked about that ourselves. It is also not against our ToS. The provision that the Guardian is referencing is about servers.".
I must say, that it really looks like the Guardian article was somewhat sensationalist. Yes whisper is "tracking" it's users by sending location data to the server, but that is obvious since that is an integral part of the app.
> Actually Whisper did the opposite, amend their privacy policy so that data can be stored outside of the US
True, I neglected this. Guardian points out (perhaps too imprecisely) that they changed the ToS to include storing data in other countries, and their response is essentially, "Calm down, right now we're only in the US." They've obviously made a deliberate move to open the door to storing data somewhere other than the US, but expect everyone to be reassured that they haven't actually walked through the door yet. Like the server-side location fuzzing, it's an unverifiable promise of security/privacy, not actual security and privacy.
> their new ToS are not active yet.
How not? http://whisper.sh/privacy , dated 13 October, has the "other countries" clause, and says "Any changes become effective when we post them on the Site."
> that is obvious since that is an integral part of the app.
I have to admit, I'm also a bit surprised that this, of all privacy issues, is blowing up so much. Still, I support raising awareness of privacy, and I'm getting sketchy vibes from Whisper's damage control, so that I wonder if they have more to hide or something.
> How not? http://whisper.sh/privacy , dated 13 October, has the "other countries" clause, and says "Any changes become effective when we post them on the Site."
I don't know, I got my information from this Guardian article:
"These new terms, which were posted on Whisper’s website on 13 October, come into effect on 12 November."
Thanks. I guess this is based on "The new Terms will become effective thirty (30) days after we post the notice on our Site."[0] in the Terms, which also seem to incorporate the Privacy Policy I linked, which is stated to take effect immediately. I don't know which statement about effective date takes precedence (another sign of sketchiness/sloppiness?), but at least I know what you and the Guardian are talking about.
This is OT, but having just looked at some content on Whisper, my gut reaction is that this has the potential to be even more toxic than Facebook et al. I saw stuff like "I'm ugly. No matter how many times or who tells me I'm beautiful, I don't believe them. (Pic of me)" superimposed over an alleged photo of the poster. Replies may include "I think you're beautiful" (fairly useless if the OP's text is truthful and accurate, potentially harmful if poster is depending on others for validation) or "You're an attention whore" (potentially hurtful.) My gut also says just "vocalizing" negative thoughts with such finality could be harmful. Maybe my intuition is exactly wrong, but there's probably something dangerous about crowd-sourcing therapy anonymously.
The Guardian may have shown up a whisper pretending to be pushing a "will no one think of the children?" Angle. Demanding how whisper will help when used as a tool of child abusers and so on. With that they got their info and decided which angle to actually pursue.
Reporting secret information that people don't want you to know that may affect decisions you might make that have a pretty strong affect on your life. That's really, really good reporting. If it really did turn out to be fabrication that would be awful, but it seems unlikely at this point. Time will tell.
It's worrisome that a senator is getting involved in a niche social apps privacy practice to this degree. However when it is a government agency that violates American's privacy the same Senators couldn't be bothered.
This struck me as odd as well. I'm curious whether Rockefeller or someone close to him has been Whispering info they shouldn't have or would be embarrassed by. I haven't cared enough to look at the data stream between Whisper and its servers, but does anyone know if they send the GPS tag of each Whisper down to the app? You could build your own database this way. Even if they don't, with their "nearby" feature, you could make posts with fake locations and then look at what order they come up in the "nearby" results at different locations. You could then calculate a relatively precise fake GPS location necessary to feed to the nearby feature to pinpoint Whispers from a specific location.
> We then fuzz the location on the server.
Why not fuzz it on the device, before sending to the server?
> All data is stored in the United States, and has always been.
Why not just amend your Privacy Policy to state that data is only stored in the United States? Anything less, such as this nonbinding account of what you've historically done, strikes me as hand-waving and not fully above-board. It's like you acknowledge this is a legitimate concern, decline to formally commit to anything, but tell people a truth (or at least true at this moment) you think they want to hear, hoping they'll feel like the concern was resolved.