Whisper became a darling of the L.A. startup scene based on one simple premise: an app that lets you safely, anonymously share details of your life. But a new report from The Guardian shows the company has been covertly tracking the people who trust it most.

Earlier this year, Whisper and The Guardian began to discuss an editorial partnership of the kind BuzzFeed and others have undertaken. But when the paper saw what Whisper was up to, it very quickly backed out—and decided to publish everything it'd seen:

Furnished with an extremely simple password, we were given access to the company's vast library of texts and photographs and, in most cases, the location of their authors. The company's developers have created a back-end analytics tool to conduct more refined searches of the database, the most powerful of which pinpoints location.


The company's staff are trawling through past messages – even those the user believes they have deleted – inspecting the precise date, time and approximate location of each message.

Whisper insisted in its statement to the Guardian that it "does not follow or track users".

The location of users who have turned off Whisper's geolocation service is not automatically uploaded onto the company's mapping tool. However the rough location of those users is retrieved, on demand, for a news unit headed by the company's editor-in-chief, Neetzan Zimmerman.

An example of Whisper's internal tracking software can be seen in the screenshot above, provided by The Guardian.

Speaking to another Whisper executive, Guardian reporters were relayed this gem:

Separately, Whisper has been following a user claiming to be a sex-obsessed lobbyist in Washington DC. The company's tracking tools allow staff to monitor which areas of the capital the lobbyist visits. "He's a guy that we'll track for the rest of his life and he'll have no idea we'll be watching him," the same Whisper executive said.

Zimmerman (who was a Gawker staffer until early this year, when he left for Whisper) has been working to turn the app into an asset for news publications by pinpointing figures in breaking stories, contacting them via the app, and converting them into news sources.

According to the Guardian's story, we now know how Zimmerman and his team do it: the company has been using its secret back-end tools to commodify its users. Even those who've "opted-out" of geo-tracking are vulnerable: Whisper can apparently roughly calculate their location and contact them privately—and how many of them would be sharing intimate, uncomfortable details of their lives if they knew they were being monitored by a dedicated staff?

Whisper (and Zimmerman in particular) deny the breadth of the Guardian report:

But as The Guardian also points out, Whisper rewrote portions of its privacy policy as soon as it realized their actions were going to be made public.

Reached via telephone, Zimmerman called the report a "one hundred percent outright lie," emphasizing that all geographical data is "fuzzed" to at least 500 meters of inaccuracy. "We have no personally identifiable information about any users," he repeated multiple times—when asked why GPS data wouldn't be considered personally identifiable information, Zimmerman replied that "at the most, we know generally what town they're in."

As for the mapping feature, Zimmerman says this is nothing new—it was included in the app itself, available to users, but was removed due to lack of interest. "They found it boring." Whisper itself still operates the map internally, and Zimmerman would not tell me how many people have access to it.

Zimmerman clearly feels betrayed by the paper's pivot from partner to whistleblower: "The CEO of The Guardian sent me an email saying we are fully supportive of what you're doing."