Whisper, the anonymous messaging app beloved by teens and tweens the world over, has a problem: it’s not as anonymous as we’d thought. The platform is only the latest that brands itself as private by design while leaking sensitive user data into the open, according to a damning Washington Post report out earlier today. According to the sleuths that uncovered the leak, “anonymous” posts on the platform—which tackle everything from closeted homosexuality, to domestic abuse, to unwanted pregnancies—could easily be tied to the original poster.
As is often the case, the culprit was a leaky bucket, that housed the platform’s entire posting history since it first came onto the scene in 2012. And because this app has historically courted a ton of teens, a lot of this data can get really unsavory, really fast. The Post describes being able to pull a search for users that listed their age as fifteen and getting more than a million results in return, which included not only their posts, but any identifying information they gave the platform, like age, ethnicity, gender, and the groups they were a part of—including groups that are centered around delicate topics like sexual assault.
Whisper told the Post that they’d shut down the leak once being contacted—a point that Gizmodo independently confirmed. Still, the company has yet to come around to cracking down on its less-than-satisfying policies surrounding location data. In 2014, Whisper was caught sharing this data with federal researchers as part of research on personnel stationed at military bases. In the years since then, it looks like a lot of this data is still up for grabs. While some law enforcement officials might need to get their hands on it, Gizmodo’s own analysis found multiple targeted advertising partners that are scooping up user location data as recently as this afternoon.