- They had tools to track and build profiles of users although claiming they would be “anonymous”
- They tracked the location of people who explicitly opted-out of geolocation
- They cooperated with the DoD, sharing infos about messages from military personnel
- They shared information with law enforcement bodies like the FBI and MI5 with a lower legal threshold than is common practice
They process data with a staff of over 100 in the Philippines although claiming to process and store all data in the US.
Update: The Guardian has since published a clarification, removing some of the previous claims. It seems like Whisper really planned to change their ToS for quite some time and doesn’t store data on non-US servers. The claims about geolocation tracking for those who’ve opted out is based on Whisper’s ability to geolocate IP addresses (which may be a quite rough estimation).