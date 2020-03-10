Whisper, an anonymous mobile application for sharing secrets that rose to fame more than half a decade ago, has been inadvertently exposing confidential information about its users for years through an online public database, according to a new report from The Washington Post.

The application, although far from being as popular as it was in the years after its launch in 2012, is still used by more than 30 million people a month, some of whom are under 18 and share confessions about sexual encounters among adolescents and information related to sexual orientation. According to The charge, which was able to actively query the database in real time before Whisper removed it, a search for users who listed themselves as 15 years old yielded up to 1.3 million results.

The database did not include real names, since Whisper was designed to protect user identities and allow them to share secrets anonymously. But records that were left unprotected online included information such as age, location, ethnicity, residence, nickname in the application, and membership in any of the application's groups.

The records not only included current users, either. According to security researchers Matthew Porter and Dan Ehrlich, who run the firm Twelve Security, the database comprised almost 900 million user records since the launch of the application for more than eight years to the present, The charge reports. Porter and Ehrlich said they notified the federal police of the situation, as well as Whisper, before contacting The Washington Post. Only when The charge The parent company of Whisper was contacted. MediaLab was the private database.

"This has greatly violated the social and ethical norms we have regarding the protection of children online," Ehrlich said. The charge, adding that MediaLab's actions here have been "very negligent."

MediaLab is contesting the researchers' findings, saying the information was intended for the public and provided by the users themselves as a feature of the application. In particular, location sharing was designed to add authenticity to publications in which someone's location or status, as an active military member, was relevant.

However, MediaLab said The charge the database "was not designed to be consulted directly,quot;, and as a result deleted the information. The company was also in trouble in the past due to the handling of user data, as in 2014, when it was revealed that the company was collecting user location data without their consent and even if they were explicitly excluded. The charge He says the exposed database illustrates that MediaLab continued to collect user location data even after the controversy broke out.