From the Center for Democracy & Technology:
“In recent weeks, multiple apps promising “secret” messaging have had sensitive data exposed by breaches and the apps’ not-so-secret data-sharing practices. This news makes one thing clear: the term “anonymity,” as used by apps that ostensibly enable individuals to post updates anonymously, often promises too much. Many applications promising anonymity collect highly specific user data despite representations to the contrary. Often, this data is monetized through sharing with third-parties and it is almost always susceptible to unauthorized access.”
“The Whisper incident is an example of this misrepresentation of anonymity. After the Guardian reported that popular messaging app Whisper shares users’ IP addresses with government entities, Whisper conceded that this was true. However the app maintains that the service “does not collect nor store any personally identifiable information (PII) from users and is anonymous.” This position is puzzling for two reasons: first, Whisper’s exclusion of IP addresses from its definition of PII directly contradicts federal authorities’ interpretation of the term – NIST includes IP address in its definition of PII – and secondly, despite how “PII” is defined, simply refraining from collecting PII does not guarantee anonymity.”
Have you read the terms of the apps you use? You might be surprised at what they collect about you.