Three Reasons to Be Concerned About So-Called Anonymity Apps

December 31, 2014
| |
3 min read

A time-honored proverb from a Boston politician on how to be discrete goes something like this: “Never write if you can speak; never speak if you can nod; never nod if you can wink.” Today, in sharp contrast, a growing number of digital natives are throwing such discretion to the wind as they flock to a new category of so-called anonymity apps. Some illustrative examples include the following:

  • Yik Yak: “Share your thoughts with people around you while keeping your privacy.”
  • Secret: “Secret posts come from friends and people in your community, but you won’t know who.”
  • Whisper: “The best place to express yourself online.”
  • Streetchat: “A live photoboard for schools and colleges.”
  • Confide: “Your off-the-record messenger.”
  • ANSA: “Communicate off the record, so no trace of your conversation is left behind.”

The basic concept? You can express whatever you like in writing and make it public, but you will be protected behind a cloak of technology-provided privacy.

Although these apps have been growing in popularity since 2013, the idea of combining information security technologies and social media in nontraditional ways goes back to at least 2011. For example, a blog post titled “Shredded Tweets” described an early vision for how encryption could be used to let users take full advantage of social media sites while retaining complete control over their own content. This includes restrictions on who sees it (both now and years from now) and the ability to change their minds and take it back. This is a user-centric application for privacy implemented in a positive way.

Unfortunately, user-centric privacy can also have less-than-positive results. The following are three things about anonymity apps that should be of concern:

Anonymity Apps Provide a Platform for Social Abuse

Setting aside the inherent narcissism behind a culture of status updates, selfies and check-ins, anonymity apps have become a ready-made platform for social abuse. Add hurtful and inappropriate comments about classmates (aka cyberbullying) and threats about bombs, shootings and other types of mass violence to the many titillating or merely humorous observations, and one can easily comprehend how apps such as Yik Yak have “become a force” on high school and college campuses in the United States.

Such abuse has led many schools to try to block access to anonymity apps, at least through their own information technology infrastructure. However, this course doesn’t prevent them from being accessed by mobile devices and independent networks that users have with them at all times. Unfortunately, this doesn’t relieve the administration (in an educational setting) or management (in a corporate setting) and law enforcement from their obligation to protect students or employees from harm or abuse. Many organizations have already adopted technologies to monitor social media to protect their brands, so it should be expected that these capabilities will be expanded to protect their users, as well.

Anonymity Apps Provide a Conduit for Corporate Abuse

From a traditional enterprise perspective, these apps also provide a ready-made conduit for the unauthorized exposure of sensitive corporate data, such as fraud, intellectual property theft or sabotage. These are the three primary types of insider abuse, as described in Aberdeen Group’s recent report on insider threats. Understanding the motivations, opportunities and behaviors that correlate with insider threats helps organizations outline some of the following obvious and straightforward strategies they can adopt to minimize it:

  • Address the motivations for insider misuse, at least for employees, temporary employees and contractors that are more directly under the organization’s control. This could include pre-hire assessments, executive-level attention to company culture and regular assessments of workforce morale.
  • Minimize the opportunities for insider misuse by implementing policies and controls designed to address the most common exploits.
  • Monitor the behaviors of end users for indicators of potential insider misuse. Marry enhanced visibility to the online behaviors of the organization’s insiders with business intelligence and analytics as part of a complementary big data approach to fighting fraud, waste and insider abuse.

Here again, the key capability calls for adding anonymity apps to the social channels that are being proactively monitored to protect the organization’s brand and sensitive data.

Not Really Anonymous

Most users probably don’t appreciate that anonymity apps are not really anonymous at all. They are more like “anonym-ish,” to use the brilliant term coined by AP columnist Barbara Ortutay. For example, app providers such as Yik Yak routinely cooperate with legal requests from law enforcement officials to provide information such as mobile phone numbers, which help officials track down the individuals behind threatening or abusive posts. Anyone who thinks their posts are truly anonymous should disavow themselves of this notion by taking the time to read the end user license agreement.

Moreover, the Wall Street Journal has reported that app providers such as Secret and Whisper proactively “send information to law enforcement if users said they planned to do something illegal or hurt themselves or others” and “are interested in the news value of aggregate posts, for example, from people participating in a protest demonstration” for potential relationships with news organizations.

At its very foundation, making posts under the assumption of privacy or anonymity that is provided by a third party is a bad idea for users. Moreover, in a society of laws, it creates a new class of problems and risk for users and organizations that need to be addressed.

Derek Brink
VP & Research Fellow, IT Security and IT GRC, Aberdeen Group

Derek Brink helps individuals to improve their critical thinking, commuication skills and leadership skills by teaching graduate courses in information secur...
read more