On Thursday, the Guardian reported that the developers of Whisper, a social media platform that allows individuals to post anonymous messages that can be seen by others based on a number of factors, isn’t all that anonymous after all. Whisper, which is advertised as “the safest place on the Internet,” tracks geolocation data of posters and uses their location data for a number of purposes—including censorship and reporting of posts from military bases to the Department of Defense. Whisper’s chief technology officer took to YCombinator’s Hacker News to defend the company against the report, but his explanation was torn apart by security and privacy experts in the discussion that followed.

Much like its competitor Secret, Whisper allows individuals to post anonymous messages overlaid on images or photos to share with others for comment. The application uses geolocation data to determine where the poster is and who should be able to see its contents. It has become popular with a number of communities, including members of the military.

The Guardian was exploring a potential editorial relationship with Whisper, and staff from the news organization spent three days at Whisper’s offices in Los Angeles. While there, the Guardian team witnessed Whisper employees using an in-house geolocation tool to track posts made from various locations and found that the company is tracking specific Whisper users believed to be “potentially newsworthy,” including members of the military, government employees, and employees of companies such as Disney and Yahoo. The company also shares information about posters and their locations with the Defense Department, FBI, and the UK’s MI5, the Guardian’s Paul Lewis and Dominic Rushe reported.

Whisper CTO Chad DePue turned to Hacker News to respond to the Guardian’s report, claiming, “This is really bad reporting.” First, he claimed that the actual geolocation capabilities that Whisper used were based on a “legacy Maxmind GeoIP database…that is so inaccurate as to be laughable.”

Whisper uses the location data to determine who will see the post submitted by the user, DePue wrote:

We want to know where a user is in a general sense for things like tracking time zone so when we send pushes we know not to send pushes at 3 in the morning. You'd be surprised how often device time zone may not always match with physical location. We use general location to determine things users may be interested in. Folks who post in lower Manhattan may see different results than people in College Station, TX, over time. We have a lot of anti-spam technology, and what IP you posted from, and what country that IP is in, is important. I can't elaborate on this but it's incredibly logical why we would use that information for things like keeping the app from filling with spammy garbage. We throw away the IP you used to create the whisper after a brief period of time.

DePue went on to say that Whisper doesn’t have any personally identifiable information about its users.

The response to DePue’s post was quick and overwhelmingly negative. And the first response came from the developer and security researcher known as Moxie Marlinspike, the former product security team lead at Twitter and contributor to the privacy and security project Open Whisper Systems (formerly known as Whisper Systems, and of no relation to Whisper). Open Whisper Systems is behind the development of RedPhone and Signal; secure voice communications applications for Android and iPhone.

“Based on your own comments here, it sounds like the [Guardian’s] reporting is entirely accurate,” Marlinspike wrote. “You're attempting to justify why you're tracking your users, but you're still tracking them. You've highlighted many of the hard problems in this space: how do you achieve anonymity and unlinkability while doing things like IP hiding, spam filtering, and relevance matching? The issue is that you haven't solved the problems, and are instead suggesting you should get a pass because the problems are hard. It seems simple to me: if you haven't designed something that gives you truly unlinkable anonymity, don't claim to provide it. If you have to track your users to make your app work, don't claim not to track your users.”

Marlinspike said that Whisper and apps like it—including the similar Secret unsigned social media app—“end up poisoning the well and confusing users” about privacy, to the detriment of projects like Tor that “are approaching these problems seriously...There's a huge difference between "can't" track and "won't" track. Right now you're claiming "can't," but it sounds like you're squarely in the "won't" category of having your servers "avert their eyes." I think this understandably makes people uneasy, particularly given the data mining direction it sounds like the company is headed.”

Ars reached out to Whisper for a response to criticisms, but has not received a reply. Whisper’s DePue also did not address the allegations by the Guardian that the company tracked specific users that were identified as newsworthy or that it shared data with federal law enforcement and the military.