Whisper is one of those newer mobile apps that leads you to believe you can share information anonymously online. “With Whisper, you’re free to anonymously share your thoughts with the world, and build lasting, meaningful relationships in a community built around trust and honesty.”

Trust and honesty, huh?

What if Whisper uses your anonymous sharing in ways you never imagined (such as posting your images and texts on a website)? Oh, and what about their promises of not collecting your personal information, such as your geo-location?

Apparently Whisper doesn’t understand what the words “anonymity” and “privacy” mean.

Here’s how Whisper describes itself:

Whisper is a private social networking app. In order to protect anonymity, we do not collect any personal information from our users. Because of this, there is only a search feature for Whisper topics, not user profiles. This ensures that there is no way for another user to discover your identity.

Seems pretty clear, right?

Well, the UK’s Guardian was thinking of partnering with them and sent a couple of reporters to Whisper’s headquarters to better understand how the app works. What they found was eye-opening.

Whisper apparently keeps a backend surveillance system on all of its users — even those who are supposedly “secret.” Even those who turned off their geo-location services in the app.

Approached for comment last week, Whisper said it “does not follow or track users”. The company added that the suggestion it was monitoring people without their consent, in an apparent breach of its own terms of service, was “not true” and “false”.

But on Monday — four days after learning the Guardian intended to publish this story — Whisper rewrote its terms of service; they now explicitly permit the company to establish the broad location of people who have disabled the app’s geolocation feature.

Talk about slimeball behavior.

Which dot is you? Whisper knows.

But it gets worse:

When users have turned off their geolocation services, the company also, on a targeted, case-by-case basis, extracts their rough location from IP data emitted by their smartphone. […]

A team headed by Whisper’s editor-in-chief, Neetzan Zimmerman, is closely monitoring users it believes are potentially newsworthy, delving into the history of their activity on the app and tracking their movements through the mapping tool. Among the many users currently being targeted are military personnel and individuals claiming to work at Yahoo, Disney and on Capitol Hill.

The proud founder of Whisper is 26-year-old Michael Heyward. He’s created a supposedly-anonymous social networking app, but then changes how it works — and the terms of service you originally agreed to — to completely upend the privacy of its users. Neetzan Zimmerman, who’s the “editor-in-chief” at the company, helps to monetize all that supposed “anonymous’ sharing through its website and partnerships.

If the Guardian hadn’t stumbled upon this story simply for wanting to work with them more closely, it’s likely its users would continue to use the Whisper app thinking their privacy was protected.

One executive described how Whisper was following an apparently sex-obsessed lobbyist in DC. “He’s a guy that we’ll track for the rest of his life and he’ll have no idea we’ll be watching him,” the Whisper executive said [according to the Guardian’s reporting].

Your Privacy Matters

Here’s the thing. Whisper starts off by claiming it wants to give you a service that lets you express how you feel without any worry of this ever coming back to haunt in your real life. But then why track its users at all?

Their CTO claims it’s all done just to offer a better user experience. But, umm, isn’t the best user experience provided when an app offers the service it claims it will provide?

In this case, that service is complete anonymity while posting pictures and text to the app. If you’re tracking IPs and mobile device IDs, guess what — that’s not anonymity. That’s not respecting your users’ privacy. That information can readily be requested by law enforcement (and apparently already has been on at least two occasions).

In other words, Whisper promises one thing, but offers another.

And think that photo you deleted in Whisper was actually deleted? Nope:

User data, including Whisper postings that users believe they have deleted, is collated in a searchable database. The company has no access to users’ names or phone numbers, but is storing information about the precise time and approximate location of all previous messages posted through the app.

The data, which stretches back to the app’s launch in 2012, is being stored indefinitely, a practice seemingly at odds with Whisper’s stated policy of holding the data only for “a brief period of time”.

I think it’s great there are these privacy-focused apps that allow people to share things in unique ways they couldn’t do as easily on other social networks. People have been sharing things pseudonymously online since the beginning of the Internet. Some of that sharing results in positive, life-changing experiences for people — such as online support groups.

But companies like Whisper that are run by a couple of people who don’t seem to understand what privacy online actually means are just bad news for everyone. Why? Because they destroy people’s trust in companies to provide the service they’re promising, without deception or significantly changing its terms after you’ve already started using it.

A service like Whisper that promotes such anonymity and privacy at its foundation but then turns around and spies on its own users is a service that only an idiot would continue using.

Read the full investigation: Revealed: how Whisper app tracks ‘anonymous’ users