Whenever I discuss secure communications I try to hammer home the difference between confidentiality and anonymity. Most popular secure communication services such as Signal and WhatsApp provide the former but not the latter. This means unauthorized users cannot read the communications but they can find out which parties are communicating.
Another thing I try to hammer home is that not all forms of anonymity are equal. Several services are claiming to offer anonymous communications. These services don’t claim to offer confidentiality, the posts are public, but they do claim to conceal your identity. However, they tend to use a loose definition of anonymity:
On Sunday, a North Carolina man named Garrett Grimsley made a public post on Whisper that sounded an awful lot like a threat. “Salam, some of you are alright,” the message read, “don’t go to [Raleigh suburb] Cary tomorrow.”
When one user asked for more information, Grimsley (who is white) responded with more Islamic terms. “For too long the the kuffar have spit in our faces and trampled our rights,” he wrote. “This cannot continue. I cannot speak of anything. Say your dua, sleep, and watch the news tomorrow.”
Within 24 hours, Grimsley was in jail. Tipped off by the user who responded, police ordered Whisper to hand over all IP addresses linked to the account. When the company complied, the IP address led them to Time Warner, Grimsley’s ISP, which then provided Grimsley’s address.
There’s a great deal of difference between anonymity as it pertains to other users and anonymity as it pertains to service providers. Whisper’s definition of anonymity is that users of the service can’t identify other users. Whisper itself can identify users. This is different than a Tor hidden service where the user can’t identify the service provider and the service provider can’t identify the user.
When you’re looking at communication services make sure you understand what is actually being offered before relying on it.