14 DAY TRIAL // If you’re thinking of using Secret to blow the horn on something that might land you a court order, think again. The same goes for Whisper, another app that claims to give you full anonymity, but only until you cross the wrong people.
Both services say they offer a non-invasive platform that lets you share juicy secrets with the world, such as your latest affair or how you blackmailed your boss into giving you a raise. Actually, the latter might be enough to make them look through your records.
Security experts sifting through both services’ EULAs have discovered that they collect information from users, including (but not limited to) unique device identifiers, IP addresses, browser cookies, ISPs, and other stuff that can ultimately expose your real name, email address, etc.
Runa Sandvik, a former TOR developer and currently staff technologist at the Center for Democracy and Technology, tells WIRED, “They say you can use this app to tell the world whatever you want to anonymously, but when you start reading the privacy policy, you realize it’s not all that anonymous. As soon as law enforcements asks, they’ll turn over information about who said what and when.”
The problem is they’re entitled to. Whisper’s take goes a little bit like this:
“WhisperText may preserve any transmittal or communication by you through the Service, or any service offered through the Service, and may disclose that information if legally required to do so or if WhisperText determines that the disclosure is reasonably necessary to enforce these Terms or to protect any rights hereunder or to respond to claims of wrongdoing by others,” the policy says.
In other words, if you use Whisper to tell people you’ve murdered someone and there’s actual reason to believe you did, they’ll probably lift all your anonymity and send the hounds on your trail.
Secret will do the same. Their fine print states, “We have taken great effort to build strong security and encryption architecture to keep your Posts completely anonymized. While it is difficult to access, it is still technically possible for us to connect your Posts with your email address, phone number, or other personal data you have provided to us. This means that if a court asks us to disclose your identity, we may be compelled to do so.”
Again, don’t be surprised about it. You wouldn’t want wrongdoings to escape unpunished, would you?