Let me give a list of people who actually should be named and shamed here:
Everyone who had seen the stuff going on but didn't blow the whistle.
I understand the people who did the deed - according to the description "A team headed by Whisper's editor-in-chief, Neetzan Zimmerman" - they had some rather obvious profit motivation. I understand the people at The Guardian - they simply did the right thing. But everybody else at Whisper and their guests and passersby who had seen this happen - you suck. If you see your employer do slimy stuff, and put your "loyalty" as a reason to let it be, then you're as slimy and deserve to be associated with the slime and blamed for it, and I hope they're paying an appropriate price for selling your conscience.
If you see your acquaintance (or a company you're visiting or investing in) doing bad stuff, and simply do nothing, then that's not calling being a passive bystander - it's called being an accomplice, and you deserve to be treated as co-guilty.
I know this is an oversimplification of what you're really saying and this is more to do with general attitudes I see towards this sort of thing rather than your comment specifically, but it is personally sad to me that having a profit motivation makes such a breach in user's trust understandable.
As I've gotten older I've grown increasingly disgusted by how easily we as humans can rationalize being involved in quite a lot of obviously scammy behavior as long as:
A && (B || C)
A) we are gaining from it, monetarily
B) we can pseudo-rationalize it by saying "well, what these other people are doing or did is worse..."
C) We can shift responsibility to the people who are being scammed for not "knowing better" or making better decisions
Was it really profit motive that had them giving data to the DOD? Seems like it was more likely to do with legal pressures. I certainly don't know for sure but that would be my guess as evidenced by all that has come out over the last year with U.S. Govt. trying to force companies to give over their data.
There was no legal pressure or profit motive. My understanding is they were helping research on suicide rates by tracking some aggregate count of mentions of certain keywords in public feeds based on opt-in geolocation. I think anyone could have publicly scraped even more disaggregated data than the aggregate numbers that Whisper was providing to the suicide researchers.
Kind of a weird moral code here (paraphrasing) - "it's ok to do terrible things if you have a profit motive. But, if you are in any way associated with the people doing said terrible things, even as a 'passerby,' then you are slime."
Wouldn't all of the Whisper employees be covered by the monetary motive clause (i.e. they are getting a paycheck)?
Doesn't make a lot of sense to me. Pretty sure, as always, the people who deserve the most shame are the ones who are directly responsible.
Things are never that simple. There are often complicated situations that may prevent people from blowing the whistle (for example, people with families that rely on their income). It's never as black-and-white as you make it seem, and automatically lumping everyone into the "guilty" or "evil" camp is unjustified (unless you know the specifics of the people you're condemning?).
Of course, doing the right thing very often has a cost and self protecting behavior is very natural.
I can very much understand why they likely chose to do a bad thing and I can't claim that given their specific circumstances I woudn't do the same in their shoes - but yes, it is still justified to claim that they did do a bad thing.
Knowing the specifics of the people I'm condemning clarifies the justification and reasons for behaving the way they did but it cannot make their conscience clean. Having good personal reasons for behavior that hurts others is an understandable mitigating circumstance, but the actions should still be condemned by the wider society.
So we should excuse terrible actions because people may not be able to live at the standard which they enjoy without continuing to perpetrate them? That generally excuses larceny, burglary, robbery and fraud altogether, and excuses murder in special cases (for-profit or to protect profits.)
Maybe if you're lying about your app and policies, it's probably not a good idea to bring a newspaper into your offices! Especially when its blatently obvious you're looking to use your app to either blackmail or leak this information for your own gain.
The Guardian is a newspaper, it acted exactly how it should have.
If I knowingly invite a cop into my house and I've got a pound of cocaine on my coffee table. Is it unethical for the cop to arrest me? No. They're a fucking cop!
If you don't want people knowing shady parts of your business, don't invite people who make a living publishing stories about shady goings on!
It doesn't really need to be a cop/reporter. If you're doing something unethical/illegal, don't show nor tell me, period! If you do, count on me reporting on it, if nothing else to save my ass. Unless you're a really good friend, that is, and even in that case there would be a big ethical dilemma (I would probably still report on you if you harm another person).
I genuinely can't understand the thought processes of the nabobs who think the Grauniad acted inappropriately here. My first response was, "Journalism is not the priesthood," and considered it similar to interviewing Frank Underwood on background and not reporting on his history of blackmail and murder. But it's really even simpler than that -- it's as if Nixon went on Meet the Press and started bragging on-air about black-bag jobs to Spivak. Under what journalistic conventions wouldn't you report it out? Certainly makes you wonder what Business Insider isn't reporting.
(By the way, I apologize -- I mis-clicked when upvoting your comment, and had to upvote a few past comments to rectify the error. I posit my poor hand-eye coordination is the result of either too many espressos or not enough; I'll pull a few more shots and report back on the results.)
It is appalling how brazenly Keith Rabois, Dan Primack and interestingly Henry Blodget (charged with a civil securities fraud by SEC [1, 2]) acted publicly and pinned moral blame on Guardian. Reeks like repeat of Gary Webb episode.
What is wrong with Guardian's reporting on Whisper's? As this article shows, nothing at all. Good for them to break open this cabal and report user's best interests, and not being worried about getting lampooned on by "new" media. Good on CJR for this write-up, I very well appreciate it. Guardian acted like journalists here.
It seems that Whisper is acting in a manner that is contradictory to almost every claim they make about the service and software. Isn't this just spyware?
- They track your location regardless of stated preferences
- They store "anonymous" messages indefinitely
- They share contents of said messages with the media when it's profitable for the corporation
- They freely share data with the US, UK and Chinese governments
- They track users with a high potential for juicy posts "for life"
- They lie about all of the above (though their terms have been updated since the Guardian revelations)
I think it's more nuanced than that. If geolocation is turned off, I don't think they are pulling GPS data anyway. So they are not 'tracking your location regardless of stated preferences' any more than every other site on the internet. They don't track anything that isn't implicit in the functioning of the internet -- i.e. an IP address.
Obviously they store the messages that their users submit to them. Their data retention should be spelled out in their ToS, and it's not clear if they are violating their own policies here. But take, for example, when Google a while back made a very concerted effort to ensure that deleting an email in Gmail actually meant the email would be deleted from all backups system-wide in some reasonably short timeframe (some number of days/weeks). However, prior to this, and in almost all databases worldwide, you will find that clicking 'Delete' doesn't actually remove the item from backups, and backups are kept for quite a long time / indefinitely.
An anonymous post is not necessarily a secret post, they are two different concepts entirely. I've never used Whisper, but when you post something there, I believe it is entirely public. On the face of it, there should be no more an issue sharing a tweet than sharing a whisper. To the following point, I would need to understand what private data they are sharing, not simply that they are featuring specific public posts. If they do feature a post, it makes sense for them to do some due diligence on the veracity of the claims. Honestly, I'm not sure how I feel about them using GeoIP databases as part of that diligence. If someone makes a post to Whisper without using Tor then they have certainly given their IP address away completely willingly, but I'm not sure what restrictions on use of that IP are expected by Whisper, or by any site in general which logs IPs (all of them).
Whisper, very similar to Snapchat, both promise the impossible. If you understand that technically their core feature is not actually possible, you try to understand why do people use it anyway. Either they truly thought they were getting the impossible, or there's value to the platform anyway. With Snapchat, you can see how they are trying to reframe the issue from truly secure ephemerality to simply a user interface which focuses on the present and discards the past. Similarly, Whisper is trying to reframe the issue from truly secure anonymity, to simply a user interface which doesn't include usernames / identity.
Unless you are a trained professional practicing perfect opsec, you are not anonymous on the internet. It's wrong and potentially dangerous that Whisper is making people feel like they are perfectly anonymous, but I almost wonder why anyone on HN would be surprised by any of this? As a cryptographer, I expect every piece of information I submit/leak to be used against me, so given there's literally nothing about Whisper that provides any security whatsoever, my expectation going into it would be that I am getting none. I get that my perspective is completely different from the average user on this.
Food isn't supposed to kill you, but the internet definitely is supposed to identify you. It's only through extraordinary measures that you can get on the internet anonymously, but it would take extraordinary measures to kill yourself eating at the grocery store.
If someone told me the corner grocery store was selling deadly food, I would be just as likely to believe them as someone telling me that posting on Whisper.sh keeps me securely anonymous on the internet.
> the internet definitely is supposed to identify you
If you have a rudimentary technical understanding of the internet, it's clear that the default assumption should be that you're identified unless presented with strong evidence/reasoning to the contrary. But what percentage of internet users do you think have any technical understanding of the internet? 20-30 percent, maybe? To most people it's basically magic, and they have no compelling reason to give any thought to how it works.
Regulations should be designed with the common user in mind, not the technically proficient. If a company claims that they provide anonymity, they should live up to that promise or be prosecuted for false advertising.
Scary to see so many journalists piling onto other journalists who are actually doing their jobs in the public interest (but against corporate interests). Reminds me of the "journalists" who were so fast to criticize Glenn Greenwald for his NSA reporting.
If some other business partner was shown the same thing as Guardian but chose to disregard it due to their business relationship, then I will consider them as unethical themselves, much more so if they took any active measures to hide it, such as a manager implying to their subordinate that they should keep their mouth shut about their ethical feelings re: their partner's behavior.
The link below seems to be the pre-existing relationship between The Guardian and Whisper. It's not exactly a business relationship in the terms of investment, for example.
If you are the business partner of a business that is operating this dishonestly and dangerously, you are acting completely unethically as a human if you do not sever that business relationship and expose the behavior to the people affected.
It didn't act unethically as a business partner. It withdrew from being a business partner when it found extremely bad behavior and then, rather unsurprisingly given that it is a newspaper, it published it.
Even if your business partner is not a newspaper, if you show them something highly unethical in secret, it is not unethical for them to end the partnership by passing on what they know, whether publicly, or to regulators, or to the police.
Blowing the whistle on illegal behaviour is generally not considered unethical. The relationship to the other person or organisation doesn’t really matter.
People need to understand this. If an app or service is free and some combination of:
(a) At all expensive to run.
(b) Funded by investors who demand a return.
(c) Has no visible means of direct revenue.
... then you REALLY need to ask the following question immediately before deciding to use it or what to entrust it with:
"How is it monetizing me?"
If you see an app or service like this, you are the product. It's either tracking you, spying on you, selling your data, somehow targeting you for advertising, or doing something else of a similar nature.
This isn't as axiomatic as you might think. Eyeballs count more than revenue in many cases, and can carry some ventures all the way through to liquidity with no profit on the horizon. This is especially true in messaging apps where building a network effect is a far higher priority than profit.
Clearly what Whisper was doing was newsworthy, but at the same time I can understand why other journalists would want to debate the issue since it could impact one of their profession's building blocks ( on-the-record v.s. off-the-record distinctions). The ethics around exceptions for similar tools such as attorney-client privilege and doctor-patient privilege are subjects for professional debate but what sets journalism apart is the number of people impacted by the scope of their decisions. Would a majority of lawyers feel compelled to alert the authorities in Whisper's case? Only if they were committing fraud. Lawyers necessarily are privy to an incredible amount of malfeasance, and no matter how troubled this knowledge might make them, their function depends on their silence.
Would a majority of journalists would feel this story was damaging enough to the public that they had an obligation to publish it? Probably.
Should we feel bad for the public personas who are being taken to task for expressing an opinion that ended up on the wrong side of the issue? To some degree, yes. While these avatars did seek out the relative fame that now shames them, their mistaken logic forces the projection of humanity that twitter and blogs represent to consider both sides, and pause.
Protecting your source and keeping stuff off the record only counts when your source is passing on information about a story, not when your source is the story.
edit - for example, if a journalist is investigating a crime and you offer to give them information as long as it stays off the record and they agree, but then you tell them you committed the crime they are trying to investigate, they have no obligation whatsoever to keep what you said to them off the record.
No. Once you agree you are talking off the record, there's no going back on that. In this case, however, I don't think anyone has claimed that Guardian reporters were off the record.
What makes this an interesting case study in journalism ethics is that they weren't off the record, but whether you can ethically act in your capacity as a journalist in the middle of strategic business negotiations. The two are opposing interests, so to the extent I think I'm in a business meeting with The Guardian Company I'm probably also not thinking I'm the lead in their next story.
To turn it around a bit more, would it be OK for Guardian to go into Whisper under false pretenses, knowing they have no interest in a partnership, but in order to gather facts for a story? Surely they are entitled to do that form of investigative reporting, but likewise they shouldn't be surprised if that blows back on them the next time they want to form a strategic partnership with someone.
"No. Once you agree you are talking off the record, there's no going back on that."
Of course there is, for instance if someone was threatening to harm you or others, it really wouldn't matter if you had agreed to keep things off the record. There is a difference between professional discretion and complicity.
edit - you described the tactics they possibly used and the potential strategic blowback, but ethically you answered your question for yourself already when you conceded that they are entitled to do that form of investigative reporting. They are a newspaper.
Sometimes I see something so bizarre and so different from my expectations that I momentarily wonder if I've shifted into a parallel universe that's subtly different from my own.
Apparently this is a universe where a lot of people think it's unacceptable for journalists to report on information they learned in a business meeting. I wonder what else has changed.
All the journalist hand-wringing over the Guardian is exactly how we get the milquetoast reporting we do these days.
I understand why someone wouldn't want to burn bridges, but when their strategy for protecting access preempts any reporting ever, they cease to be performing any journalistic function. They're just hangers-on.
Android needs App Ops back. We can't rely on shady for-profit companies to protect our anonymity and privacy. Same for other operating systems, of course.
Got it. Guardian good, Whisper evil. What are the opportunities here, for our hacking community and social engineers, what kind of exploitation of Neetzan Zimmerman, using Whisper services, may be obtained for public humiliation, hopefully legal prosecution, and ideally profit?
This leads to an obvious problem with the definition of "public interest": A very large proportion of the public is interested in what goes on in the bedrooms of celebrities. I'm not sure I could support that definition of "public interest" in this equation.
"Public interest" in this context is not the same thing as "the interest of the public". The former is a fairly objective (though difficult to measure) thing which concerns itself with the welfare of the populace [1]. This is historically what was meant by "public interest," though the newer meaning of "whatever interests the public" has muddied the meaning of the phrase somewhat.
There's two different meanings of interest at play here. Certainly much of the public is interested in gossip, and enjoys being titillated by it. But it does not have an interest in that information in the sense that it will be worse off for not knowing.
Agreed. Public interest is a very difficult to define - Snowden vs Celebrate gossip etc. I was being looking for a distraction and was doing a bit of a thought experiment :)
English newspapers invoked the "public interest defence" when challenged over their routine "hacking" of telephone answering services.
They had a bit of a surprise when the judge told them that there is no such thing as a public interest defence under the criminal law they were accused of.
That's mostly accurate, but not completely. British criminal legislation often includes explicit defence arguments - 'It is a defence that...' followed by a specific action, belief, or circumstance.
The phone hacking law (RIPA) doesn't include that option.
But the ultimate authority in British Crown Court trials is the jury, and if a lawyer can persuade a jury that a public interest defence is valid, that will swing a trial.
Most of the phone hacking cases couldn't argue public interest because there wasn't any - it was random information gathering that could be useful in news stories and (allegedly) in other ways.
There was no equivalent of the Profumo Scandal of the 60s, which would surely have counted as a public interest case.
(Which is not to say equivalent scandals weren't found, but that if they were the press never revealed them.)
Everyone who had seen the stuff going on but didn't blow the whistle.
I understand the people who did the deed - according to the description "A team headed by Whisper's editor-in-chief, Neetzan Zimmerman" - they had some rather obvious profit motivation. I understand the people at The Guardian - they simply did the right thing. But everybody else at Whisper and their guests and passersby who had seen this happen - you suck. If you see your employer do slimy stuff, and put your "loyalty" as a reason to let it be, then you're as slimy and deserve to be associated with the slime and blamed for it, and I hope they're paying an appropriate price for selling your conscience.
If you see your acquaintance (or a company you're visiting or investing in) doing bad stuff, and simply do nothing, then that's not calling being a passive bystander - it's called being an accomplice, and you deserve to be treated as co-guilty.