Neetzan Zimmerman – former editor of the “anonymous” app that brags about being the “safest place on the Internet” – has joined The Hill, a Washington DC publication.
According to Capital New York, Whisper suspended Zimmerman and other staffers in late October so that it could conduct an internal investigation.
Whisper CEO Michael Heyward told Capital New York that its investigations hadn’t implicated Zimmerman but gave no reason for his departure in his statement:
We conducted an internal review that found no wrongdoing. Nevertheless Neetzan is no longer with the company. We wish him well in the future and can't wait to see what he does next.
The Whisper firestorm erupted in October after The Guardian published a series of exposés about alleged privacy hanky-panky, including that Whisper tracks some users – particularly newsworthy ones – even after they’ve specifically opted out of geolocation.
The Guardian also claimed that Whisper shares what’s supposed to be anonymous content with the Department of Defense, and that its user data is collated and stored indefinitely in a searchable database.
The Guardian’s allegations spurred then Sen. Jay Rockefeller, chairman of the Commerce Committee, to beckon Whisper to answer questions about the company’s privacy policy.
Heyward responded with a letter addressing the concerns.
Whisper CTO Chad DePue went on Y Hacker News to rebuke The Guardian, calling the articles “really bad reporting.”
For his part, Zimmerman called the reporting either lies or the result of reporters not understanding the technology involved.
One example: while The Guardian has suggested that Zimmerman and his Whisper team track the location of users who work at Yahoo or are serving on military bases (even if they’ve opted out) because those people might be newsworthy, that simply can’t happen, Zimmerman told Gigaom, because location data has been “fuzzified” to the point where it’s only accurate to within 500 meters.
That fuzzified data is the only kind of location data the editorial operation has available to it, he said.
The Guardian has stood by its reporting.
Also at issue with Whisper’s use of user data are multiple suspicious privacy policy changes.
CEO Heyward has claimed that Whisper didn’t update its terms of service in September, as The Guardian reported. Rather, the changes were in the works months before that, he’s said.
But The Register points to a copy of the Terms of Use that states clearly at the top “Updated 2014-09-15”: 15 September, bolstering the impression that Whisper did in fact change its policies only after it was approached by The Guardian and so was improperly accessing its users’ data up to that point.
Heyward has also insisted that his company keeps the IP addresses of customers for only seven days, telling a WSJD Live conference that reading into that is just “highly sensationalist” and “misleading”:
The entire internet collects IP addresses. That's like trying to make a phone call without a phone number. The difference with Whisper is that we delete them after seven days. But to try to infer that because you have IP addresses means that you're tracking users' GPS who opted out of GPS is just really highly sensationalist and really misleading to our users and to their readers.
But as many have pointed out, metadata can be used to get more information than Heyward suggests.
In October, John Shier and Paul Ducklin had discussed this particular issue of collecting metadata – specifically, with regards to the metadata collected by Adobe’s latest e-reader – in a Chet Chat podcast.
Their conclusion:
It sounds like [metadata] doesn't matter. Maybe it doesn't. But the only way you can be absolutely sure that metadata doesn't matter is if you don't collect it in the first place.
As far as Whisper’s IP address deletion policy goes, it seems to have materialized only after reports surfaced that Whisper was using the addresses to track users who’d turned off GPS tracking.
Image of binoculars courtesy of Shutterstock.