The Guardian last year made headlines with a multitude of claims about anonymous social media platform Whisper. In its reporting, it claimed that Whisper tracked even those users that had opted out of its location tracking, shared personal data with suicide prevention groups, and stored personal data in non-US servers. Further, the newspaper claimed that Whisper was updating its terms of service and privacy policy as a reaction to its reporting.
A lengthy correction published today acknowledges that much of this was untrue or misleading. The newspaper now says that Whisper was working on its new ToS and privacy policies months before any reports were published, and that it doesn't store data on non-US servers.
Critically, the Guardian also clarified that Whisper cannot ascertain either the identity or location of Whisper users unless those users explicitly choose to share that information. Whisper does know users' IP addresses, but the correction notes that this is a "very rough and unreliable indicator of location." This undermines the Guardian's most significant claim: that Whisper tracked the location even of users who have opted out of its location feature, and that the latitude and longitude of such users was both available to technical staff, and shared with Whisper executives. This isn't possible with IP addresses alone.