> Actually Whisper did the opposite, amend their privacy policy so that data can be stored outside of the US
True, I neglected this. Guardian points out (perhaps too imprecisely) that they changed the ToS to include storing data in other countries, and their response is essentially, "Calm down, right now we're only in the US." They've obviously made a deliberate move to open the door to storing data somewhere other than the US, but expect everyone to be reassured that they haven't actually walked through the door yet. Like the server-side location fuzzing, it's an unverifiable promise of security/privacy, not actual security and privacy.
> their new ToS are not active yet.
How not? http://whisper.sh/privacy , dated 13 October, has the "other countries" clause, and says "Any changes become effective when we post them on the Site."
> that is obvious since that is an integral part of the app.
I have to admit, I'm also a bit surprised that this, of all privacy issues, is blowing up so much. Still, I support raising awareness of privacy, and I'm getting sketchy vibes from Whisper's damage control, so that I wonder if they have more to hide or something.
> How not? http://whisper.sh/privacy , dated 13 October, has the "other countries" clause, and says "Any changes become effective when we post them on the Site."
I don't know, I got my information from this Guardian article:
"These new terms, which were posted on Whisper’s website on 13 October, come into effect on 12 November."
Thanks. I guess this is based on "The new Terms will become effective thirty (30) days after we post the notice on our Site."[0] in the Terms, which also seem to incorporate the Privacy Policy I linked, which is stated to take effect immediately. I don't know which statement about effective date takes precedence (another sign of sketchiness/sloppiness?), but at least I know what you and the Guardian are talking about.
True, I neglected this. Guardian points out (perhaps too imprecisely) that they changed the ToS to include storing data in other countries, and their response is essentially, "Calm down, right now we're only in the US." They've obviously made a deliberate move to open the door to storing data somewhere other than the US, but expect everyone to be reassured that they haven't actually walked through the door yet. Like the server-side location fuzzing, it's an unverifiable promise of security/privacy, not actual security and privacy.
> their new ToS are not active yet.
How not? http://whisper.sh/privacy , dated 13 October, has the "other countries" clause, and says "Any changes become effective when we post them on the Site."
> that is obvious since that is an integral part of the app.
I have to admit, I'm also a bit surprised that this, of all privacy issues, is blowing up so much. Still, I support raising awareness of privacy, and I'm getting sketchy vibes from Whisper's damage control, so that I wonder if they have more to hide or something.