Over the weekend we were made aware of some misconceptions regarding our apps in various aspects, these have been portrayed as “Statements of Fact”.
We are using this “F.A.Q. Continued” blog post to address these in a longer format.
We can address these easier and in full without the interruption of having multiple questions sent to us at the same time from 3-4 people and then be accused of not answering questions.
The statement made: We collect personal user information.
We don’t, it has been mentioned that we collect user’s real names, addresses, card information and a user’s phones IMEI. This is not the case, our users are 100% anonymous to us and we never collect any information like this.
Playstore/iOS stores may request card information from app users at some point for their needs but this is purely for them should an app user make other app purchases in the future, they do not give us any of those details, mainly as they have no reason too as our apps are free and they would not share sensitive details with a 3rd party even if we requested it. Which we don’t.
It’s always possible to set up an iPhone or Android phone without entering payment information or with real-world information. This would always be the best practice.
The statement made: Our database is insecure and can be hacked.
Our databases are encrypted and secure. There is not a lock in the world someone won’t try to unlock if that should happen you have to protect the data inside by encryption which we do.
If someone was to gain access they would receive encrypted data, which is unreadable, if they were able to unlock the data, they would only ever see a list of reported client numbers and sanitised descriptions.
As we explain further down this blog post we collect nothing that could identify any user’s personal information, users would always be safe in any data breach.
Our databases use custom structures which again limit any attempts to hack things, hackers can find it easier to target normal structure databases as they have an idea how to try and gain access, with custom structures it makes any attempts to breach security more difficult as they don’t have any usual starting points.
We received one particular message from a Twitter user ( We will not name them ) who made the following accusations “Your app is not anonymous. You’ve created a very hackable list of every worker with links to their legal names, addresses and credit cards.”
Whilst we knew none of this was true, as we never collect any personal information regarding users, and all users are 100% anonymous, they also made reference to us having API endpoints exposed and a broken database.
This was looked at in more detail. We found our database was not broken but there were two exposed transferring methods that were only opened during a testing phase, those were under controlled measures at all times and would never have resulted in any leak of sensitive data.
Even though these are fully closed again now, it may have been during this testing period that the Twitter user made their tests and was given a false impression of insecurity.
The statement made: We collect IMEI information from user’s devices.
Again we do not collect a user’s IMEI information, our 1st android app ( limited to about 100 users ) did do this to help us identify any users who may make false reports, this was quickly removed due to user security concerns.
We found another way to accomplish our need to remove false reporting by means of a unique auto-generated installation id.
The installation ID’s do not identify any personal information regarding a user or their phone or anything else, they only show to us and us alone. They are a random letter and number patterns that:
- Enable us to verify a user and their reports within our apps so they appear “BOLD”.
- Allow us to see which anonymous installation i.d. made which report, this allows us to block a user’s access should we suspect they are using our system falsely.
The statement made: We have ad banners in our apps aimed towards Clients.
No, we don’t, we only allow advertisers who aim their ads at workers.
We have seen screenshots of our apps taken 1 year ago that claim to show us advertising to clients. This ad was a scrolling one, that when started, showed it was advertising a Webdesign business, it then scrolled to their contact details which showed their telephone number and a picture of a woman.
The ad was never aimed towards clients and we would never allow advertisers to do so.
The statement made: We only have the app so we can monetize and sell.
Again untrue, our app development has always been 50% funded by workers via crowdfunding, any ad banners that appear within the app are also app supporters and help us fund further development and running costs.
The statement made: We inflate the number of users and reports we state. “Only 500 downloads”
Our Android “ClientEye Lite” version on the playstore, we believe this is the figure they are referring too, excludes download figures for our original version “Client Eye”, the downloads directly from our website, “Android Full” & iOS downloads. Current total users number 7321
We, at the time of writing, have 27,907 reports held securely in our databases. None of the reports hold any user information.
The statement made: Our endorsements are fake/false
Not true, we help and deal with lots of groups and we have asked each of them if we can show their logo as an endorser on our site before doing so, each of these requests is documented. We have endorsements from worker support groups and other reporting apps.
The statement made: We are not workers.
I am, and we are. Our apps were developed with the involvement of other workers who felt the need to have a timewasting reporting app developed, combined workers have 100’s of years experience.
We have had conversations with National, Local and International support groups on the best way to do this and have implemented their suggestions.
Our area reporting sections were developed at the request of one of these groups as were safety measures to ensure only partial dates are used in any reports, this helps avoid any client identifying any reporter.
The statement made: We are now targetting USA/Canada users.
We do not particularly target users in any areas if our apps are being used in these areas, its because users have brought it there to fulfill their need for a reporting app that is 100% anonymous.
The statement made: We are a client-facing app
This appears to be phrased in a way that we target clients as users, it may also be used this way to discredit us but we’ll discuss as meaning clients can see the app.
We do not target clients, but we understand clients can gain access to the app, search for their number and see any reports against them.
Closed/Private lists are not infallible and cannot 100% guarantee they don’t have clients as users, even if it’s just in a browsing searching capacity. There will also be those workers in any private group who will share private list information with clients who have been reported.
This is an argument that’s long been had in this industry, we have websites and twitter posts where bad clients are openly discussed and we have closed websites where they are discussed in private. The issue for us is that closed sites are limited to those who know of their existence (Much like “Fight Club”) and can supply enough personal real-world information to them in order to gain access.
Whilst these sites may protect 100% of their users, their users are limited to the ones who know they exist or have been recommended to them and exclude workers who cannot or chose not to supply real-world information.
We are fully aware that a client who sees their number has been reported (on our apps, in a twitter post or on a private list they have gained access too) will not be happy about it and that some may attempt to track down the user who made it, we sanitize any report information we receive to limit them being able to do so.
Should a report say something we believe could identify them to a client we edit it for these reasons.
The statement made: Clients can make false/fake reports
In theory, they could but we have measures in place to limit and block them, measures we will never go into detail about for obvious reasons. Any that do get through could only report a number they know, which would be limited to their friends, family or a worker they don’t like, these could result in another user/worker seeing the information but let us dissect this.
Let’s say a workers number is reported, they would find out about it from either searching their own number or by calling someone else with the app (worker), workers who have chosen to verify themselves with us can contact us and have the report removed, we would also block and remove the false/fake reporters access to the app and remove any other reports they may have made.
The statement made: Clients could leave themselves positive feedback to counter any bad reports.
We do not allow positive reviews of clients to be made on our system, as each report is manually looked at by us this would be seen and removed. It would also raise a red flag to us a being from a possible false reporter and would be dealt with accordingly.
The statement made: The system is flawed, any user could make multiple reports to discredit a client.
This may be true in other systems however our apps only allow a user to report a number once, each report that may appear for a number is guaranteed to have been left by a unique anonymous user.
The statement made: Anyone (even cops) can see all the data just by having the app.
Again this is not true, our apps are not a big long list of clients numbers and report descriptions (like paper bad date lists). Any information could only be seen if they have a number to search for, only then would they see an anonymous report description, the mth/year the report was made and the location an anonymous user had manually entered.
We do not have or hold any user information therefore none can appear in any report or hidden in our databases.
Our apps never store any information on any searches or reports you may have made, they also hold no information on any notifications you may have received.
The statement made: ClientEye can track you and knows your location.
Again not true, if our apps did this a user would know about it in their phone settings. We have no access to a user’s location, we don’t read IP addresses either, It’s simply not needed in order to allow safety information to be read or made.
The statement made: Clients see they are reported and change numbers making it unsafe for other workers.
Clients have been changing numbers since numbers became the default way to communicate with workers. They do it when they feel they are being blocked by a worker if they suspect they may appear on private lists or know they appear on open lists. This practice will never change for those who purposely try to do workers’ harm.
Our system has the capability for a user to report a number at 9 am and is seen by another user instantly at 9.01 am should that client call another worker using the app.
Clients knowing they can be reported this quickly can keep changing numbers OR stop doing what they are doing.
We know the most determined clients will not change their ways but we will protect more users with a system open to all than any private system limited to a few.
The statement made: All users should be verified
In an ideal world and in all websites/apps it would be great to have all users fully verified, but this has a downside in that it becomes a barrier to obtaining report information, especially for those who do not want to pass on their real world information.
Verified only Locked/private systems protect their users but as a consequence ensure any problem client, who cannot get a booking with them, moves to someone without Locked/Private list access.
This does not create safety for all workers, it just moves the issue along to workers without access to any safety measures.
Street workers still need protecting, our area sections allow them to see new area alerts and report local issues, they may not have any Gov ID, twitter account, email address or any other tools to verify themselves in order to gain access to Locked/Private lists.
Male or M/F couple workers may also struggle to gain access to Locked/Private lists.
The statement made: The app is illegal & Fosta/Sesta
We originated in the UK which has different laws in regards to working. In the UK we operate within the law in most instances with the caveat that we are not allowed to support each other using the same accommodation or as security for each other. Our apps allow a level of security that would otherwise be unavailable.
In the UK we have open and closed lists for various levels of timewasting or abuse and it’s a user’s choice in which they report too, should they report at all.
Our apps are fully GDPR compliant as we collect anonymous information and operate legally in the countries it’s servers are based in.
Fosta/Sesta is an issue for everyone in this industry, those that are more affected are those that operate within the USA and it’s scope. We limit this by having servers outside of the USA.
Client Eye is happy to address your concerns and if you would like to see any more questions answered on this FAQ please feel free to send via email. Our days are spend manually approving reports so we do not always have time to debate on Twitter or reply to DMs individually. With this page, we hope to clear up any misinformation being shared in the SW community. We are here to help and doing our very best to ensure Clienteye is safe, anonymous and accessible to all workers who believe our apps are right for them