Cloud-based leaks and hacks are mounting, and Snapchat should do more to slow the trend. The hacked Snapsaved app amassed almost 13GB of photos, including images from users who never used the app but unknowingly sent photos to others who had.
Users sometimes expect more privacy than Snapchat could ever realistically provide. While it wouldn't do the company much good to admit this fact, it could at least come clean about how it exaggerated the promise of privacy in the past. Telling users to stop using third-party apps just doesn't cut it.
Whisper Unwittingly Exposes Privacy Flaws
The dust had barely settled around Snapchat when things took a more damning turn for one of it competitors. Whisper, an app that promises user anonymity and promotes itself as a safe haven for open and intimate communications, was hit with serious accusations from The Guardian.
During meetings about a potential partnership, the newspaper discovered that Whisper was tracking the location of its users, monitoring the activity of users deemed potentially newsworthy and storing that data indefinitely.
Whisper's trove of data has a full history of every message posted using the app, including messages that were previously deleted, according to The Guardian. Users who opt out of geolocation services were reportedly still tracked via IP data, which can be used to determine location within 500 meters.
A war of words erupted, including a point-by-point rebuttal from The Guardian after one Whisper executive dismissed the reports, on Twitter, as "lousy with falsehoods" and a "pack of vicious lies."
Whisper Editor in Chief Neetzan Zimmerman responded first, and CEO Michael Heyward eventually stepped in a couple days later to address the claims in a blog post.
The split response highlighted a gap in the pair's response to some of The Guardian's most alarming claims. Zimmerman quickly dismissed a series of unattributed quotes as fabrication and "outright lies," while Heyward said the company was still investigating the matter.
"Our top priority is to ensure people feel comfortable sharing their most intimate and personal thoughts," Heyward wrote, after mincing words over what specific user data is collected and the extent to which users can be identified based on the information.
Heyward says Whisper collects IP addresses and deletes them after seven days, collects the GPS location only of users who opt in, and does not collect any personally identifiable information, such as names, email addresses or phone numbers.
The Whisper CEO also says the company does not actively track users, but his comments suggest some employees (particularly those who spoke to The Guardian about tracking users) may be doing just that. An investigation into the matter is ongoing, and the company is withholding further comment until it learns more.
Sign up for CIO Asia eNewsletters.