A time-honored proverb from a Boston politician on how to be discrete goes something like this: “Never write if you can speak; never speak if you can nod; never nod if you can wink.” Today, in sharp contrast, a growing number of digital natives are throwing such discretion to the wind as they flock to a new category of so-called anonymity apps. Some illustrative examples include the following:

  • Yik Yak: “Share your thoughts with people around you while keeping your privacy.”
  • Secret: “Secret posts come from friends and people in your community, but you won’t know who.”
  • Whisper: “The best place to express yourself online.”
  • Streetchat: “A live photoboard for schools and colleges.”
  • Confide: “Your off-the-record messenger.”
  • ANSA: “Communicate off the record, so no trace of your conversation is left behind.”

The basic concept? You can express whatever you like in writing and make it public, but you will be protected behind a cloak of technology-provided privacy.

Although these apps have been growing in popularity since 2013, the idea of combining information security technologies and social media in nontraditional ways goes back to at least 2011. For example, a blog post titled “Shredded Tweets” described an early vision for how encryption could be used to let users take full advantage of social media sites while retaining complete control over their own content. This includes restrictions on who sees it (both now and years from now) and the ability to change their minds and take it back. This is a user-centric application for privacy implemented in a positive way.

Unfortunately, user-centric privacy can also have less-than-positive results. The following are three things about anonymity apps that should be of concern:

Anonymity Apps Provide a Platform for Social Abuse

Setting aside the inherent narcissism behind a culture of status updates, selfies and check-ins, anonymity apps have become a ready-made platform for social abuse. Add hurtful and inappropriate comments about classmates (aka cyberbullying) and threats about bombs, shootings and other types of mass violence to the many titillating or merely humorous observations, and one can easily comprehend how apps such as Yik Yak have “become a force” on high school and college campuses in the United States.

Such abuse has led many schools to try to block access to anonymity apps, at least through their own information technology infrastructure. However, this course doesn’t prevent them from being accessed by mobile devices and independent networks that users have with them at all times. Unfortunately, this doesn’t relieve the administration (in an educational setting) or management (in a corporate setting) and law enforcement from their obligation to protect students or employees from harm or abuse. Many organizations have already adopted technologies to monitor social media to protect their brands, so it should be expected that these capabilities will be expanded to protect their users, as well.

Anonymity Apps Provide a Conduit for Corporate Abuse

From a traditional enterprise perspective, these apps also provide a ready-made conduit for the unauthorized exposure of sensitive corporate data, such as fraud, intellectual property theft or sabotage. These are the three primary types of insider abuse, as described in Aberdeen Group’s recent report on insider threats. Understanding the motivations, opportunities and behaviors that correlate with insider threats helps organizations outline some of the following obvious and straightforward strategies they can adopt to minimize it:

  • Address the motivations for insider misuse, at least for employees, temporary employees and contractors that are more directly under the organization’s control. This could include pre-hire assessments, executive-level attention to company culture and regular assessments of workforce morale.
  • Minimize the opportunities for insider misuse by implementing policies and controls designed to address the most common exploits.
  • Monitor the behaviors of end users for indicators of potential insider misuse. Marry enhanced visibility to the online behaviors of the organization’s insiders with business intelligence and analytics as part of a complementary big data approach to fighting fraud, waste and insider abuse.

Here again, the key capability calls for adding anonymity apps to the social channels that are being proactively monitored to protect the organization’s brand and sensitive data.

Not Really Anonymous

Most users probably don’t appreciate that anonymity apps are not really anonymous at all. They are more like “anonym-ish,” to use the brilliant term coined by AP columnist Barbara Ortutay. For example, app providers such as Yik Yak routinely cooperate with legal requests from law enforcement officials to provide information such as mobile phone numbers, which help officials track down the individuals behind threatening or abusive posts. Anyone who thinks their posts are truly anonymous should disavow themselves of this notion by taking the time to read the end user license agreement.

Moreover, the Wall Street Journal has reported that app providers such as Secret and Whisper proactively “send information to law enforcement if users said they planned to do something illegal or hurt themselves or others” and “are interested in the news value of aggregate posts, for example, from people participating in a protest demonstration” for potential relationships with news organizations.

At its very foundation, making posts under the assumption of privacy or anonymity that is provided by a third party is a bad idea for users. Moreover, in a society of laws, it creates a new class of problems and risk for users and organizations that need to be addressed.

More from Intelligence & Analytics

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today