Saturday, October 11, 2014

Whisper


Whisper is an app that allows users to send messages anonymously and receive replies. Users post messages displayed as text superimposed over an image, similar to greeting cards . . .




BUT, THERE’S A BIG “BUT” —

3 Reasons To Be Wary Of Secret-Sharing App Whisper's Claim To Anonymity

http://www.forbes.com/sites/parmyolson/2014/01/24/3-reasons-to-be-wary-of-secret-sharing-app-whispers-claim-to-anonymity/

If the Catholic church didn’t collect handfuls of cash every Sunday, it might consider streaming the real-life accounts that priests hear in hushed confession as entertainment. Luckily no one with a dog collar is planning any such enterprise — but the next best thing on the mobile web is.

Whisper is an app that lets users anonymously share their secrets with millions of others in acts of contrition, catharsis and some degree of nameless performance. It has active users in the “many millions” according to founder Michael Heyward, and while it’s been around for two years and collected $24 million in funding, Whisper has recently seen a surge in growth and media attention, being dubbed a mashup between Twitter and Snapchat. The app is especially popular with young people as a place to gripe about relationship troubles and eating disorders.

Each day it displays a grid of its most popular Whispers, photos on which users have typed their public missives (for the meme generation, it’s like confession bear with stock photos). Whisper notifies you of posts created by people within a radius of a mile or more. “With Whisper, you’re free to anonymously share your thoughts with the world,” it says on its App Store listing.

Cleverly, Whisper encourages you to create, not just consume. In the middle of the screen sits a round button with a plus sign, enticing users to dig deep and make a Whisper of their own. Heyward, 26, says an incredible 45% of Whisper users post something each day.

The idea is certainly compelling: a backlash to the ultra-curated reputations we build for ourselves on Facebook, and something of a throwback to the blunt and gritty world of anonymous posting on sites like 4chan.

But users should remember that nothing is 100% anonymous on the mobile web — not least on a free service that eventually needs to monetize itself. Users should also bear in mind that another diverting app for sending secret information, Snapchat, had 4.6 million user names and phone numbers exposed in a security breach last December.

Here are three reasons to approach Whisper with some caution:

1) Whisper is moving to turn its confessions into “content” that can go viral, like posts from UpWorthy or Buzzfeed already do.

Whisper is improving the way it tags its posts into categories, and it’s also made some important new hires in viral marketing. Earlier this month Whisper hired Eric Yellin, a marketing and distribution executive at Hulu to help distribute Whisper’s secrets to third-party sites and apps.

It also poached another big fish: Neetzan Zimmerman, the one-man viral machine at Gawker who has been responsible for generating 70-80% of the site’s page views. Zimmerman starts at Whisper this Monday as its Editor-in-Chief, and will be helping to package Whispers for a broader audience. (Heyward reached out to Zimmerman in December after seeing this profile of him in The Wall Street Journal, which suggested Zimmerman could be the most popular blogger on the Web today.)

Zimmerman has big plans for turning Whisper into a Twitter-like entertainment and news source, with users acting as citizen journalists if they’re near the scene of a breaking news event, posting details and photos they might otherwise not under their real names. Whisper would corroborate their reports by eliminating false information getting propagated through the service, he said.

That’s an exciting new approach to mass reporting, but one point of caution comes in the fact that moderators at Whisper can go into a user’s history and see their past Whispers to check if they are a “repeat offender” in terms of posting false (or bullying) information. Whisper reportedly has a team of 55 moderators based in the Philippines.

A wider audience by definition also means greater interest in the most popular Whispers, and potentially a greater desire to unmask the people behind them.

2) Whisper may soon show ads, at a time when mobile advertisers are learning more about mobile users through location- and behavior-tracking.

Could Whisper eventually show ads as a means to make money?

“Definitely,” says Heyward.

Advertisers have already approached his startup, he adds, and Whisper’s secret sauce is counterintuitive insights into human stereotypes. A surprising number of posts, for example, are of people in their 20s and 30s confessing that they still play Pokemon.

Heyward says he’s “not thinking” about the prospect of advertisers targeting users based on their behavior; Whispers are divided into categories for a better user experience and nothing more, he says.

But it’s no secret that ad agencies are getting better at creating ads based on what’s known in industry speak as “hyper targeting local users” with GPS and behavioral data collected through apps, and that they tend to prioritize reach over privacy.

Marketers are also moving towards more content-driven strategies, and Heyward says it’s “possible” that brands could post their own Whispers — confessions to midnight Nutella cravings might have a corporate origin, for example.

With so many Whispers already questionable in their veracity, that might not matter too much to its user base, according to Zimmerman: “There’s an entertainment factor that’s just as important for a lot of users, as maybe believing every single thing that they read,” he says.

Bottom line, though: be wary of spilling your dark secrets on a platform that, while swirling with exaggeration, will eventually be inviting third parties to exploit content, location and behavioral data to target “the real you” with ads.

3) Whisper does track users in order to ban unscrupulous types, meaning you’re not completely anonymous to Whisper itself.

Heyward rather admirably wants Whisper to be “a compassionate and supportive” community where users can be themselves. “Not a place for trolls or bullying or a place to be mean to each other,” he says.

Fundamentally, it’s unlike the anything-goes image board 4chan, which spawned the subversive online community Anonymous. “No personal attack on 4chan,” says Heyward. “I have a very different view on anonymity. It’s not that I’m not a proponent of free speech. I am. It’s just that you can’t yell ‘Fire!’ in a crowded building.”

Yet achieving that requires constant monitoring and, technically, compromising Whisper users’ complete anonymity. “We look at everything, whether that’s algorithmically or with human eyes,” says Heyward. “We have human beings that look at several thousand posts a day. That’s my number one priority – is this a place that becomes more safe, or less safe as it gets bigger?”

Whisper classes its users into a hierarchy of trusted, untrusted and banned. Posting a Whisper with someone’s name, for example, will see you labeled as “untrusted” and will mean you can’t post live. Replies to the same Whispers created on the same IP address tells moderators that a user may be in the same school as another, and they might intervene in an act of bullying.

Whisper can ban users because it assigns each one with a random 40-character identifier, generated each time the app is installed. The identifier is then hashed and sent to Whisper’s servers. This means that users who post about depression and eating disorders can be directed to YourVoice, a non-profit foundation created by Whisper.

It also means that anyone who confesses to a serious crime could get a knock on the door from the police.

“We comply with valid legal process,” says Heyward. “We don’t collect personal information and can obviously only provide what we have.” An IP address would typically give authorities a home address, though Heyward did not elaborate on what details exactly Whisper would be able to pass on to the police.

Whisper says in its Privacy Policy that it collects device identifiers known as UDID’s, details about your web browser, operating system, ISP, and what pages you view. Missives sent through Whisper’s direct message system, WhisperText, are also subject to analysis from Whisper’s proprietary analytics software.

Andrea London, a analyst with digital forensics firm Stroz Friedberg, says it would probably be difficult for an attacker to use Whisper’s data alone to identify users, based on what she can glean from the firm’s privacy policy. “However, it does appear they have the appropriate information needed for law enforcement to identify the user,” she says.

Heyward expects users are fine with that. “The key thing here is it’s not so much about being anonymous to us,” he says. “What users care about is they’re anonymous to the community.”

Whisper spells all this out pretty clearly in its privacy policy: “Regardless of efforts, no data transmission over the Internet or other network, including any of WhisperText’s services can be guaranteed to be 100% secure.”

Apps have different use cases, and those aimed at offering secure messaging will promise security features that may be better than Whisper’s, in the sense that encryption keys to their data are, for example, not even stored on their servers but on a thumb drive, locked in a safe somewhere.

As Heyward and Zimmerman suggest, Whisper’s users likely see the app as more of a diversion than a place to send vitally important messages — but in the midst of sharing some potentially damaging secrets about relationships and family dynamics, users should be aware that they are also being monitored in the startup’s bid to create a curated, entertaining platform.

That’s why some in the InfoSec community are still perturbed. “It gives people a false sense of security,” says Robert Statica, a cryptography expert who also co-founded the private messaging app Wickr. He’s concerned about Whisper’s tracking of user locations, the use of device IDs and the fact that it uses TigerConnect, the API of private messaging app TigerText. (TigerText’s co-founder, Brad Brooks, is chairman of Whisper. TigerText is also a competitor to Wickr so bear in mind that Statica has some skin in this game.)

“Communication not only goes to Whisper but TigerText and their servers,” says Statica. “So forget about being anonymous. Whisper tracks you even more than the NSA does.”

Whisper’s popularity certainly says something about a growing need among people under the age of 30 to share their innermost thoughts with others, and that expressing them on Facebook or in real life isn’t cutting it for a lot of them. Sharing with a community of anonymous users certainly has its benefits as an easier route to self expression. Thanks to Whisper’s team of moderators, it also means you’ll get mostly positive feedback. But face-to-face sharing also has its benefits – and tends to be a lot more secure too.

# # # 




No comments:

Post a Comment