Share

• Copy link
• Facebook
• X
• Reddit
• Email

Share this article

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Tom's Guide Newsletter

Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Daily (Mon-Sun)

Tom's Guide Daily

Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.

Signup +

Weekly on Thursday

Tom's AI Guide

Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!

Signup +

Weekly on Friday

Tom's iGuide

Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.

Signup +

Weekly on Monday

Tom's Streaming Guide

Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.

Signup +

---

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

Back around 2014, there was a smartphone app called Whisper that let you confess your deepest, darkest secrets to a world of total strangers -- no real names allowed, of course. It was delightfully trashy and addictive.

Whisper is still around, although judging by the comments on its Google Play listing page, it's been "totally overrun by literal prostitutes soliciting, thirsty males, and fake spam accounts." 

Whisper is back in the news because an unprotected database containing 900 million Whisper posts, and all the metadata related to those posts, was recently found online.

No real names were involved, but according to The Washington Post, which broke the story yesterday (March 10), the data included "a user's stated age, ethnicity, gender, hometown, nickname and any membership in groups." 

Many of those groups, the Post noted, are or were "devoted to sexual confessions and discussion of sexual orientation and desires".

• The best encrypted messaging apps: Keep your communications secure
• Best Android antivirus: Make sure your phone is clean
• Update: E3 2020 officially cancelled: So what happens now?

What you can do

If you've got Whisper installed on your iPhone or Android phone, it might be best to just delete it. The app collects "precise location (GPS and network-based)", according to the device permissions listed on its Google Play Store page, which tells Whisper (and any mobile ad networks it runs) exactly where you are. 

You can still lurk on Whisper by going to the unintentionally hilarious Whisper website. It's sort of a full-page equivalent of all those trashy ads you see pop up at the bottom of news websites, with topics like "Ladies Confess: I Am Dating A Trust Fund Baby" and "18 People Who Shockingly Lied Under Oath".

Whisper is owned by Medialab, a holding company that also owns the teen-chat app Kik and the hip-hop-oriented website and social app DatPiff. We've reached out to Medialab for comment and will update this story when we receive a reply.

'Spies' for the Chinese?

The unprotected database was found by Dan Ehrlich and Matthew Porter, researchers from security firm Twelve Security. The exposed Whisper data goes back to 2012, the year Whisper was started.

In two blog postings today (March 11), Ehrlich accused Whisper staffers of being "spies for the Chinese Ministry of State Security" and implies that a lot of the data Whisper collected is being used to blackmail members of the U.S. military.

We have no way to assess the validity of those accusations, but Ehrlich pointed out that The Guardian in 2014 showed that Whisper could tell from GPS coordinates which posts came from military bases, the Pentagon and even the White House.

Precise location collection is not what you want to see in an app devoted to eliciting secret confessions from its users. Ehrlich pointed out that plenty of posts could be traced back to specific schools and offices.

But it's not all that bad

Now for the silver linings. Most of the metadata in the exposed database is and was publicly displayed on the Whisper app. That's kind of the point of the app. The database simply collates it all into an easy-to-search format. 

"A search of users who had listed their age as 15 returned 1.3 million results," grimly notes The Post, but that isn't surprising as the app was especially popular among teens during its heyday.

So let's be clear: No real names, no dates of birth. The "nicknames" were the usernames the users created to be able to post, or were assigned randomly by the Whisper app. Likewise, most of the background images on the posts came from Whisper's own image library. 

The only real risk of a Whisper post being traced back to you has to do with the precise location data, which might reveal which high school you attended in 2014.

The other upside, if it can be called that, is that there's no evidence that the database was discovered or exploited by anyone before Porter and Ehrlich found it. The database was taken down Monday (March 9) after The Washington Post contacted Whisper, although Ehrlich and Porter said they had also done so earlier.