Confronted with a scandal about potential privacy breaches, anonymous social messaging platform Whisper is doing what any good organization would for damage control: throwing someone under the bus! Preferably one of those disposable editorial staffers. In this case the sacrificial offering to the bus gods is editor-in-chief Neetzan Zimmerman, who came under fire after disclosing that the app tracks users’ locations, including users who specifically asked not to be tracked, in an interview with The Guardian.
Even more damaging, according to the Guardian report Zimmerman was allegedly offering the information to Guardian journalists to help them in their own editorial coverage. One unnamed executive pointed to the example of a sex-obsessed lobbyist in Washington, D.C. (who had opted into location tracking), memorably noting, “He’s a guy that we’ll track for the rest of his life and he’ll have no idea we’ll be watching him.” Yikes!
The news of Zimmerman’s suspension follows pointed criticism by Senate Commerce Committee Chairman Jay Rockefeller, who is calling Whisper executives on the carpet to do a little ‘splaining about all this. But according to Zimmerman’s tweeted responses to the Guardian’s allegations, his bosses already knew all about it, presumably including founder and CEO Michael Heyward: “At no point during their visit were Guardian reporters shown anything not already approved by top brass.” Uh oh, here comes that bus!
Obviously plenty of questions about Whisper’s location-tracking practices remain. In a lengthy rebuttal to the Guardian stories, Heyward is arguing that neither the Guardian reporters nor the editorial staff they spoke to were are qualified to understand these technical issues: “Many of their claims arise from the fact that they made technology-related inferences based on discussions with non-technical people.”
Heyward did confirm that, “Like nearly all websites and apps, Whisper collects IP addresses… Specifically, Whisper collects a user's IP address when a user posts a Whisper. Locations can be inferred from IP addresses. Whisper keeps the IP address itself for only 7 days.” However he said that this data collection is solely for the purposes of safety: “If we receive a valid legal request, or we learn through a Whisper post of an imminent and serious threat to people’s safety, the safety team will forward the IP address (if we have it) to the appropriate legal authority.”
However the original Guardian story stated that this information is in fact also shared with editorial staffers: “When Guardian reporters visited Whisper last month, Zimmerman and another executive said that when they wanted to establish the location of individual users who are among the 20% who have opted out of geolocation services, they simply asked their technical staff to obtain the ‘latitude and longitude’ of the phones they had used… Whisper later explained that when it wants to establish the location of users who have disabled their geolocation services, the company uses their IP location.”
On one might wonder how anyone working for Whisper -- technical, non-technical, whoever -- could be so mistaken and so disastrously misrepresent the company’s policies, let alone the editor-in-chief. While I’m certainly not technically qualified, it seems to me you either make information about IP locations available to your editorial staff, or you don’t. Quite how this crazy mix-up occurred is unclear. I guess we’ll never know unless we can fish Zimmerman out from under that bus.