Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Whisper Tracks Users Who Don't Share Their Location

Posted by timothy on from the we'll-just-share-it-for-you dept.

blottsie (3618811) writes "On Thursday, the Guardian reported that secret-sharing app Whisper was tracking users' locations even when they opt-out of sharing their location. [See also this earlier, related story.] Whisper has denied the accusations—but this may be a matter of semantics. Whisper allegedly uses an outdated version of GeoIP by MaxMind, which uses your IP address to estimate your location on a map. Whisper's Chad DePue said in a comment on Hacker News that the tool is "so inaccurate as to be laughable," suggesting that determining something as broad as your country or state won't bother the basic user (and he could be right, but what is and isn't an upsetting degree of user information is another argument entirely)."

4 of 39 comments (clear)

  1. Not at all accurate by techno-vampire · · Score: 5, Insightful

    My connection is on a dynamic IP address. The best any of those services can do is tell you what city my ISP's router is in, and one of the three services tested by iplocation.net (the service pointed to by TFA) managed to get it wrong. And, I'm not the least bit impressed by the claim that the author's location was correct withing 5 miles, as that still leaves anybody looking for you with just over 78.5 square miles to search.

    --
    Good, inexpensive web hosting
  2. Don't collect information you don't need by rhysweatherley · · Score: 5, Insightful

    Note to Chad: The issue is not how accurate the information is or isn't. This issue is that a truly anonymous service has no need for this information.

    If you are providing an anonymous service, then accept the incoming socket, provide the service, and then promptly forget everything about the session. If it is logged, those logs can be requested or outright stolen by the world's TLA's. Even performing a GeoIP lookup without logging it has the potential to leak information from your service that can be collected by mass surveillance and correlated with other information.

    Do not collect information that is not relevant to the service being provided. Period.

  3. Re:if you opted-out.. by fustakrakich · · Score: 4, Insightful

    principles? Wrong planet, buddy. This is business...

    --
    “He’s not deformed, he’s just drunk!”
  4. Re:Sorry. Non-issue. by Em+Adespoton · · Score: 5, Insightful

    The issue isn't that they know where you are, the issue is that they're collecting and storing location-bsed data on users who thought they had explicitly opted out of having location data collected.

    I presume they also are still collecting the IP addresses, which can be run against any geolocation software they want after the fact.

    so: collecting location data? Not an issue.

    Using Maxmind's geoIP service? Not an issue.

    Asking customers if they want to opt out of having their location data stored, and then storing it anyway? THAT is an issue.