Posts tagged Anonymous
Anonymous messages posted on Whisper, the secret-sharing application, might not be so anonymous after all, according to a report from the Guardian published on Thursday. Whisper has strongly denied many of the Guardian’s claims.
Whisper lets users post anonymous messages, often secret or gossipy in nature, publicly to the application. Other people can view and comment on the posts, and sometimes whispers posted on the application are used by news organizations, including the Guardian, in articles.
What The Guardian Found
According to the newspaper, Whisper monitors the location of some of its users, even those people who have decided to opt-out of the location sharing, and can track and pinpoint specific users with location turned on to within a 500-meter radius. The company is also reportedly sharing information posted from military bases with the U.S. Department of Defense, and monitoring “potentially newsworthy” users like military personnel and people who say they work at companies like Yahoo.
For people who turn off geo-location information, Whisper can use the poster’s IP location to discern approximate location data like a particular city, state, or country. Whisper does not have any access to any personal information like name or address, rather a unique user identification code is assigned to each user the first time they download and sign up for the application.
From A Whisper To A Scream
Neetzan Zimmerman, editor-in-chief at Whisper, said the Guardian story was a “pack of vicious lies” and that the news organization “made a mistake posting that story and they will regret it.” Zimmerman also said that the data Whisper provided to the Department of Defense was only from users who had opted-in to share their location.
The company says there is nothing in the geolocation data that can put the anonymity of users in jeopardy, and that it does not follow or track users. The company published a complete response to the Guardian’s questions, along with links to other stories that describe some of the company’s policies.
In January, Forbes reported that Whisper does track users in order to ban harassers or bullies on the site, and that the app has enough information on users for law enforcement to be able to figure out who posts what on the app. Whisper CEO Michael Heyward is fine with that, Forbes notes.
The key thing here is it’s not so much about being anonymous to us. What users care about is they’re anonymous to the community.
Whisper CTO Chad DePue was also quick to discount the Guardian story. He wrote on Hacker News that the company doesn’t collect personal information on users, although it does monitor some location information:
We want to know where a user is in a general sense for things like tracking timezone so when we send pushes we know not to send pushes at 3 in the morning. you’d be surprised how often device timezone may not always match with physical location.
We use general location to determine things users may be interested in. folks who post in lower manhattan may see different results than people in College Station, TX, over time.
We have a lot of anti-spam technology, and what IP you posted from, and what country that IP is in, is important. I can’t elaborate on this but it’s incredibly logical why we would use that information for things like keeping the app from filling with spammy garbage.
We throw away the IP you used to create the whisper after a brief period of time.
His response was met with heavy criticism. Security researcher Moxie Marlinspike said that, based on DePue’s response, he would assume that the Guardian’s reporting was “entirely accurate” despite DePue’s claim to the contrary.
A Third-Party Assessment
Security researcher and iOS forensics expert Jonathan Zdziarski conducted an independent investigation into the Guardian’s claims. He found that although people don’t provide their name or other personal information to Whisper, the unique identifier and the location data combined could potentially put someone’s identity at risk.
The Whisper app does not appear to be a social networking application with analytics; it appears to be an analytics and user acquisition application that also happens to have a social networking component.
Zdziarski also found that while it would be simple for Whisper to “fuzz” or “salt” the precise location information before sending it to their server, the company does not. Instead, DePue told Zdziarski in a tweet, the company is filtering the location data on the server side.
“It would make much more sense for privacy’s sake to simply fix this in future versions of the app,” Zdziarski wrote.
Just Don’t Trust Anonymous Apps
In the wake of the Edward Snowden revelations and other concerns about privacy and anonymity stemming from controversial polices from companies like Facebook, anonymous applications are on the rise.
Whisper and other apps like Secret and YikYak, supposedly provide users with a safe and secure place to talk about feelings on the Internet. Even Facebook is reportedly building an app that encourages you to spill your guts anonymously.
Users who just read and don’t contribute to these online spaces can enjoy a bit of Schadenfreude at others’ expense. But some users also post “secrets” on these anonymous networks that can do some serious damage.
Anonymous apps are still a small and growing space. As the Guardian article—along with stories like this Wired piece exposing a hack that could identify Secret users—illustrate, it might not be smart to trust these mobile applications with our deepest darkest secrets.
Anonymous applications are an important part of the Web. But they still have a lot of growing up to do. Until applications let users stay anonymous and safe from both the community and the companies that build them, there will always be a risk in sharing your secrets.
Of course, isn’t the whole point of secrets to keep them to yourself?
Lead image by Brian Smithson
View full post on ReadWrite
What if anonymizing your Internet browsing activity was as easy as plugging in a router?
One group of privacy-focused developers is working to make that happen. Their $45 Anonabox is an open-source router that has already surpassed its Kickstarter goal by $250,000 with nearly a month to go.
Anonabox uses TOR, an open source privacy solution that encrypts messages through multiple network nodes. Once plugged in, it automatically encrypts all user data through TOR. It’s small enough to fit in a wallet, and can be used as a buffer between your laptop and any wired Internet connection to skirt censorship and avoid prying eyes.
Demand for the Anonabox shows the gap in the market for a simplified solution to Internet privacy. I’ve previously written a tutorial for building a virtual private network for anonymous browsing for free, but it took me dozens of steps to explain. Meanwhile, Adafruit’s Onion Pi also uses TOR, but costs double that of Anonabox and still needs to be built as a kit.
Of course, Anonabox’s reliability depends on whether TOR’s software is as anonymizing as it appears. Since 2013, there’s been suspicion that the NSA could de-anonymize TOR users. This summer, researchers canceled a talk at the Black Hat security conference in which they were slated to explain how the average person can cheaply do the same.
If Anonabox does fulfill its security promises, it could be the smallest, cheapest, and simplest solution for online anonymnity to date. As August Germar, a security consultant on the project told Wired, it could have far reaching implications for people in countries where Internet access is censored, limited, or strongly policed.
“It was important to us that it be portable and small—something you can easily conceal or even throw away if you have to get rid of it,” he said.
Photo via Anonabox
View full post on ReadWrite
Attendees of the Black Hat security conference were looking forward to finding out next month how the average person can identify people using Tor, a browser that masks the identity of users so people can do things like buy and sell drugs online and communicate privately without fear of people intercepting their chats and emails.
But lawyers from Carnegie Mellon University, where the researchers work, requested that Black Hat pull the talk, Reuters reported. The speakers are researchers at the university.
The talk was titled “You Don’t Have To Be the NSA to Break Tor: De-Anonymizing Users on a Budget.”
Tor has frustrated the FBI, NSA, and other intelligence agencies seeking to tap into online communications. When the FBI busted the illicit Tor website Silk Road, it relied on other clues, like postings on non-encrypted websites, that helped them identify the man behind the operation, Ross Ulbricht.
The researchers from Carneige Mellon were planning to explain techniques that let them find out the identity of Tor users, as well as talk about cases in which criminals had been found.
There has been much speculation about why the popular talk was pulled from the conference. The Software Engineering Institute, a research arm of the university, is funded by the Defense Department and the Computer Emergency Response Team, which also works with the U.S. government. According to Reuters, one of the researchers worked there and hadn’t sought permission from his employers for the talk:
[Black Hat spokeswoman Meredith] Corley said a Carnegie Mellon attorney informed Black Hat that one of the speakers could not give the Tor talk because the materials he would discuss have not been approved for public release by the university or the Software Engineering Institute (SEI).
The Tor Project, a nonprofit which helps distribute and develop Tor software, was not involved in the removal of the presentation from the conference. In a statement released Monday night, the group said that they support research on bugs and other security vulnerabilities:
We did not ask Black Hat or CERT to cancel the talk. We did (and still do) have questions for the presenter and for CERT about some aspects of the research, but we had no idea the talk would be pulled before the announcement was made.
Based on our current plans, we’ll be putting out a fix that relays can apply that should close the particular bug they found. The bug is a nice bug, but it isn’t the end of the world. And of course these things are never as simple as “close that one bug and you’re 100% safe”.
Photo by Mary-Di
View full post on ReadWrite
Today at f8, Facebook launched Anonymous Login, which they are touting as a new way to log into apps […]
The post Facebook Introduces Anonymous Login For Connected Apps appeared first on Search Engine Journal.
View full post on Search Engine Journal
Until recently, I kept all my secrets to myself.
Sometimes I want to share my thoughts online, but find them too personal for Twitter, and not necessarily appropriate for Facebook. I want to share these thoughts anonymously, either because they’re raw emotions, or because I find them embarrassing for some reason, even if they’re funny and true.
But then there’s Secret, the anonymous social networking app. Its notes and rumors have led technology reporters like me on wild goose chases, trying to confirm bits of gossip, from the true (“Nike is shutting down their wearables division”) to the false (“Evernote is getting acquired”), sparking heated debates among entrepreneurs and investors.
See also: How To Remove Yourself From The Internet
Secret is a bit like a high school bathroom stall, where anonymous comments are etched with the tips of sharp pens, but carry questionable legitimacy.
When Secret launched in January, early adopters were mainly the tech elite, journalists, startup founders and Facebook or Google employees seeking an outlet for gossip, snark and the occasional lie. My Secret feed—formed by posts from friends in my phone book, posts they had liked, or posts near me—was an endless stream of garbage about funding rounds, sexual conquests, or outright character assassinations (and even gossip about some of my good friends).
But then something happened. When Secret began reaching iPhone users outside of Silicon Valley and New York, the Secrets changed. No longer were they all immature; Secrets had developed feelings, and felt more human. I saw requests for prayer, professions of love, and pictures of cancer-free medical scans. They were honest-to-goodness Secrets, and I felt myself slowly becoming a fan of the application I loathed so much at first.
Some of the trash still lingers, but Secret is beginning to become an anonymous application that can be a vehicle for good.
Secret’s founders want it to be a safe place where people can talk anonymously without receiving flak from friends or family like they might on Facebook or Twitter. Its vision falls in line with other anonymous apps, most notably Whisper, an application that has allegedly saved someone from suicide.
At the South By Southwest festival in March, Secret cofounder David Byttow said, “We don’t have to be nice, but we should be kind.” I initially scoffed at this idea, thinking it was completely naive, but now it makes sense. It’s cathartic to surrender your own secrets, and to read others. But there’s also an element of Schadenfreude that will never really go away.
Breaking Up With Our Social Identity
On social networks like Facebook and Twitter, we are increasingly tied to our real-world identities, whether we use pseudonyms or not. We share our thoughts and feelings, and our friends and followers can see and comment on what we say. We appear in online searches, and our words or pictures are saved to social networks, forever aligning us with things we’ve said or done over the years, even if they’re trivial or awkward.
As more companies begin to adopt social logins for products and services, not only are your life’s conversations a part of the online social fabric, but so are your purchases, movements, and Likes. Facebook, for instance, is poised to integrate with everything, and uses your personal information to sell advertising. Twitter, in its quest to be like Facebook, hopes to do the same.
There have always been options to remain anonymous, or at least pseudonymous, online, but all of your conversations are usually associated with a username. Anonymous applications, on the other hand, ditch the necessity of usernames altogether: No one can follow all your posts or comments, it’s just you and a bunch of other anonymous strangers sharing your thoughts.
With Secret, you can share as much or as little as you want anonymously—though your friends from your address book that also have Secret will be notified when “a friend” posts. Comments are anonymous, too. Tiny icons identify the same commenter in a thread, but they change with each post, so no one can tell which secrets you share, or which you comment on.
On anonymous apps like Secret and Whisper, you don’t have an identity, and your Internet history doesn’t haunt you in the form of advertising.
It’s doubtful anonymous applications will ever be as popular as other mobile apps like Instagram or Snapchat.
Secret, available only for iOS, is ranked fairly low in the App Store—it’s No. 97 in the U.S. for social networking. Whisper, almost a full year older than Secret, is more popular as the No. 35 social networking app in the US.
The great challenge with anonymous apps is to add new users, but also convince people they’re not mobile versions of a Burn Book. If people can’t keep their posts clean, harm and gossip could eat these apps and alienate those users that use these platforms as places of refuge, not resentment.
PostSecret is a perfect example of how an anonymous mobile app can fail. As a website and art project, PostSecret.com features postcards with images, drawings, and admissions from people all around the world. Anonymous writers submit their thoughts and feelings to the PostSecret blog, and the moderator publishes selections for the world to enjoy.
PostSecret launched a mobile application in late 2011 that took out the middleman—the moderator—and let users post their own secrets directly to an app. It cost $1.99 and was extremely short-lived. The app was shut down in January 2012 after users, moderators and the creator’s family were threatened. The website, however, is still running today.
Navigating moral issues and privacy is something anonymous apps will have to contend with. Secret is dealing with that by taking down destructive posts and letting users flag posts as inappropriate. But some high-profile people don’t think that’s enough.
Marc Andreessen, Netscape founder and Silicon Valley investor, went on a Twitter rant last month bashing anonymous apps.
“Such experiments start out as naughty fun, end with broken hearts and ruined lives. In the end everyone regrets participating in them,” Andreesen wrote.
Secret was also blamed for sparking the drama surrounding a prominent engineer’s departure from GitHub and the maelstrom of bad press that followed.
In order for Secret or Whisper to avoid the same fate as PostSecret, it will have to heavily monitor posts to prevent harmful posts from spreading. Of course, gossip, whether true or not, will always spread, and any platform that makes it easier will be filled with it.
How Anonymity Could Succeed
Now more than ever consumers are worried about their privacy online, so if there’s an optimal time for anonymous apps to make it into our mobile devices, it’s now.
But if Secret wants to become part of my regular app repertoire, a number of personalization filters need to be implemented. For instance, I should be able to block certain words or phrases like “Threesomes” and “Y Combinator” from showing up in my feed. Additionally, the ability to opt out of sending friends notifications when you post would encourage me to write more secrets.
Eventually, Secret’s algorithms should begin to learn the type of posts I enjoy—for instance, ones containing positive or humorous sentiment—it could show me more of those, while hiding negative, un-funny posts lower in the feed.
There are many Secret topics I’d like to avoid, but also some I want to follow; I imagine I’m not the only one. If topics were searchable or tagged, people could follow certain Secrets and create anonymous support groups for themselves.
Moms are a great example. Many women probably experience negative aspects of motherhood but feel guilty writing about it anywhere online. With Secret, they can post their complaints as easy as sending a text message to their best friend, and they won’t be judged for complaining about their screaming toddler.
It’s easy to scoff at anonymous apps when our own feeds are filled with filth. But as I’ve learned (and come to enjoy), when anonymous, humans have equal capacity to be supportive and cruel. And once app makers allow the cruelty to be filtered out, anonymous apps can become the public diaries we always wanted, all the while keeping our pen names private.
Lead image courtesy of Mack Male on Flickr. All other images screenshots from Selena Larson’s Secret app.
View full post on ReadWrite
Google has been using some pretty effective scare tactics to warn marketers off link building lately. Scalable link building – […]
The post Content Promotion: The Difference Between Brands with Fans & Anonymous Content appeared first on Search Engine Journal.
View full post on Search Engine Journal
A U.S. court has ordered customer review website Yelp reveal the names of seven of its anonymous reviewers. The order follows a lawsuit filed by a carpet cleaning company which suspected that some of the reviews placed online about it were made up.
View full post on Search Engine Watch – Latest
A Virginia court has published a ruling that could change the landscape of online reviews forever. The ruling declares that Yelp, the popular online destination for business reviews, must divulge the real names behind seven reviewers who criticized a local business under anonymous monikers. The case started in the court of Alexandria, where Virginia-based plaintiff—Joe […]
The post Court Slams Free Speech: Anonymous Yelp Reviews Under Fire by @submitexpress appeared first on Search Engine Journal.
View full post on Search Engine Journal