Your Secret Sharing App Will Not Keep Your Secret

Email a Friend

Apps like Whisper and Secret allow users to share secrets anonymously. Whisper was famously the home of a post accusing Gwyneth Paltrow of cheating on her husband, Chris Martin, shortly before their separation. But Wired had some legal and security experts look at the terms of service for both Whisper and Secret, and found that the privacy policies of these secrecy apps are not very secret or private:

In the second paragraph of the Whisper’s privacy policy, for instance, the company reserves the right to reveal everything it knows about a user in a range of situations that seem to include a law enforcement investigation, a subpoena in a civil lawsuit, or simply an accusation of “wrongdoing” on the service. “WhisperText may preserve any transmittal or communication by you through the Service, or any service offered through the Service, and may disclose that information if legally required to do so or if WhisperText determines that the disclosure is reasonably necessary to enforce these Terms or to protect any rights hereunder or to respond to claims of wrongdoing by others,” the policy says.

Secret offers a similar caveat in its privacy policy, warning that it will share information about its users “in response to a request for information if we believe disclosure is in accordance with any applicable law, regulation or legal process, or as otherwise required by any applicable law, rule or regulation.”

Later in the policy, the company explains “How We Respond to Subpoenas from Courts,” an even stronger red flag. “We have taken great effort to build strong security and encryption architecture to keep your Posts completely anonymized,” the policy says. “While it is difficult to access, it is still technically possible for us to connect your Posts with your email address, phone number, or other personal data you have provided to us. This means that if a court asks us to disclose your identity, we may be compelled to do so.”

These apps, if you give them a moment's thought, feel almost like honey traps. Unless they're being built specifically with the protection of user data in mind, like Calyx or DuckDuckGo, it seems inevitable users will be vulnerable to their personal information being exposed. So I guess it's only a matter of time before the inevitable crowdfunded secret sharing app.