Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

The False Promise of Anonymity – CDT

Sarah St.Vincent and Alex Bradshaw: “In recent weeks, multiple apps promising “secret” messaging have had sensitive data exposed by breaches and the apps’ not-so-secret data-sharing practices. This news makes one thing clear: the term “anonymity,” as used by apps that ostensibly enable individuals to post updates anonymously, often promises too much. Many applications promising anonymity collect highly specific user data despite representations to the contrary. Often, this data is monetized through sharing with third-parties and it is almost always susceptible to unauthorized access. The Whisper incident is an example of this misrepresentation of anonymity. After the Guardian reported that popular messaging app Whisper shares users’ IP addresses with government entities, Whisper conceded that this was true. However the app maintains that the service “does not collect nor store any personally identifiable information (PII) from users and is anonymous.” This position is puzzling for two reasons: first, Whisper’s exclusion of IP addresses from its definition of PII directly contradicts federal authorities’ interpretation of the term – NIST includes IP address in its definition of PII – and secondly, despite how “PII” is defined, simply refraining from collecting PII does not guarantee anonymity.”

Sorry, comments are closed for this post.