I have seen a few infosec folks say it is bad. I understand that they're selling data to the Chinese government, and congresscritters on both sides of the aisle are saying it is a National Security risk. That was enough for me to delete the app.
Why? What are they getting from knowing that I dig old school country music, dogs, babies, and conventionally attractive people of the opposite sex? Or is the app actually spyware and they now have access to my bank accounts?
In reply to mtn :
It's to distract from all the illegal spying on our own citizens by our own government.
China loves to control their population, but they don't go around the world to arrest non citizens that have never been to their country for violating laws that don't exist in the country of residence.
There's a solid argument to be made that it is a ploy to make world citizens dumber, but I'd argue it's no worse than what currently passes for schooling here anyway, or what other social media systems have been doing.
From what I have read, their terms of use basically give them permission to access your entire phone. Contacts, photos, files, and anything else that is stored on your phone.
IIRC, they aren't selling info to the Chinese government, it's owned by the Chinese government through a government-owned company.
mtn said:Why? What are they getting from knowing that I dig old school country music, dogs, babies, and conventionally attractive people of the opposite sex? Or is the app actually spyware and they now have access to my bank accounts?
From you in particular probably not much, but from some very specific people (politicians/military/refugee dissidents/journalists) or society on a larger scale (think Cambridge Analytica), possibly a lot.
In reply to Toyman! :
Agreed but also including you grant access to your key strokes meaning they have your passwords too.
John Welsh said:In reply to Toyman! :
Agreed but also including you grant access to your key strokes meaning they have your passwords too.
Whoa I hadn't even heard of that fun feature:
Lots of reasons.
Remember the thread where (i think it was dculberson) one of us wanted to find a fishing spot? It took this bunch of loonies a couple hours of idle wandering to find it based on the clues in the video. What is available in these vids when you have a computer program analyzing them?
Location tracking has been shown to be a problem with TikTok even when the app is off.
Remember Cambridge Analytica and the hellstorm that engendered? That was from someone buying data and handing it over, TikTok cuts out the middleman. Only now instead of just one of the political parties in the US using that data it is a semi-hostile foreign country.
Now, are all these issues only an issue with TikTok? Nah, not really. They're an issue with most forms of social media, and they are something that legislature is trying to figure out how to police. But again, it depends on how much you trust China to have your interests at heart.
For what it's worth, security is tangentially related to my job, but not my focus. I do deal with data storage and protection, though, so I have at least some attachment to this area.
One of the problems with Chinese ownership of technology platforms is that as a Chinese citizen you are required by law to give up any data or information to what is basically Military Intelligence. That isn't just what you, yourself, own or create but anything that you have access to. Because Bytedance is a Chinese company that employs Chinese citizens, any data that the intelligence community in China wants is required to be handed over to them.
Bytedance has tried to say that because TikTok has their own US operations, there is a firewall between US data and China. That doesn't really track, though, because if they have just one Chinese citizen with access to the data - which they do - that data can be assumed to be in the hands of Chinese intelligence.
The most common objections are (A) So what? I'm not that interesting anyway. And (B) but so many other companies are gathering data anyway so who cares?
Taking the second point first: yes. That is true, there is a ton of unethical data harvesting going on and the impact of it is yet to be seen. That doesn't mean that we should give up.
For the first point, when you have very large sets of data you can start to tease out things from the "uninteresting". Quantity really does have a quality all its own in this case. China is spending a lot of resources to collect enormous amounts of data because they know that data is not necessarily time-limited. They're amassing encrypted data and storing it in anticipation of advances in quantum computing that will render most of today's encryption as secure as the Enigma. It does them no good now, but collecting it and storing it is relatively cheap so they consider it an investment.
Using the app to cull data from your phone could enable data scientists to look for patterns that would indicate military movements or the routines of people in sensitive positions. Think about how the political world reacts when there's a rumor that someone running for high office said or did something that might offend someone 30 years ago. What if a 13 year old kid now said something in private or in a posting that they later deleted. But in 20 years they want to be a senator and a member of the Chinese intelligence service shows up at their house with a video of them saying something that is innocent now, but highly offensive in 2 decades. Basically, there are so many things that can be done with a data lake of that size that we can sometimes not even imagine what can be gleaned. As computing power increases and as machine learning gets further developed, we can get more data out of throwing data into the Wonkulator and just asking it what correlations it can find for us.
Honestly, that should give pause to people no matter where that data is held. But, in theory at least, if it's in the US there should be some guide rails around it. And at the very least if the government is demanding access to the data it's our government and not a foreign power. Not a big comfort, but marginally better maybe?
I would also add that there is some serious potential for psychological "mining" and manipulation. I don't think this is the primary stated concern, but I think it has huge potential.
These apps are basically designed for learning what people like, and feeding them that. It's pretty common knowledge now that with apps such as Twitter and Facebook this creates a self-reinforcing echo chamber effect which I think we can all agree has a very bad result.
Taking this a step further, it's not beyond reason to see how such an app could be used to shape attitude by subtly feeding what narrative you want. E.g. buying cheep stuff from Walmart, US Navy is a waste of money, both of which work very much to the advantage of the Chinese. Multiply some small "pushes" by the millions of users, you will have an effect.
Well, you might say, it's mostly the younger generation that uses it, and they don't make policy. But they will and influencing the young can have a huge effect in the future. China is VERY good at playing the long game. A good example of this might be how popular some old cars have been. Why, mostly because people where impressed by the when they where young.
In reply to aircooled :
It's not just the younger crowd that uses it. I would bet that half the videos that are texted to me are sent by my contemporaries.
I just remembered I saw a 60 minutes piece on this a few weeks ago and it sums up my concerns pretty well.
Note, this is a screen recorded version. Here is the direct link to the 60 min site, but it can't be enbedded https://www.cbsnews.com/video/tiktok-in-china-versus-the-united-states-60-minutes/
RevRico said:China loves to control their population, but they don't go around the world to arrest non citizens that have never been to their country for violating laws that don't exist in the country of residence.
Plenty of ex People's Republic citizens here, though. And the PRC has a track record of coming after them
MadScientistMatt said:RevRico said:China loves to control their population, but they don't go around the world to arrest non citizens that have never been to their country for violating laws that don't exist in the country of residence.
Plenty of ex People's Republic citizens here, though. And the PRC has a track record of coming after them
Yes, they do.
https://www.theguardian.com/world/2022/nov/07/chinese-police-stations-toronto-canada
I am very happy I never went down either the twitter or tiktok ratholes. Never used either so no internal agonies over what i might be missing.
FBI released a statement on TikTok today.
https://www.businessinsider.com/fbi-director-chris-wray-warns-of-tiktok-espionage-2022-12
If you don't want to read it, it basically says what has been brought up already.
That statement seems to focus on it being owned by China, and influencing potential. This doesn't seem to worry too many folks.
Logging keystrokes SHOULD worry everyone. Does the FBI know this? Or is that untrue?
SV reX said:That statement seems to focus on it being owned by China, and influencing potential. This doesn't seem to worry too many folks.
Logging keystrokes SHOULD worry everyone. Does the FBI know this? Or is that untrue?
In the first article linked, the Tik Tok representative said:
"According to her, the company confirmed that certain functions are in the code, but TikTok does not use them. She also claims that the JavaScript code that logs user-copied URLs, keystrokes, and screen taps is only used for troubleshooting."
Which we know is 100%, Grade A BullE36 M3. Companies don't take the time to design code functions into the software that they "do not use."
In reply to z31maniac :
Right. I read that.
Doesn't seem like the FBI read it.
z31maniac said:SV reX said:That statement seems to focus on it being owned by China, and influencing potential. This doesn't seem to worry too many folks.
Logging keystrokes SHOULD worry everyone. Does the FBI know this? Or is that untrue?
Which we know is 100%, Grade A BullE36 M3. Companies don't take the time to design code functions into the software that they "do not use."
Testing/debugging code does get left in the production app sometimes...but it isn't left active, plus if a company were under public scrutiny like this they would go out of their way to keep this code out of the production app. The fact that it wasn't removed after being spotted says a lot.
Hi astroturfer. What do you drive?
I'm guessing there's something to it because they blocked it on our job phones over a year ago and it's pretty much the only app that they specifically blocked.
MxRyan said:What can security risk be on TikTok? It is an entertainment platform!
Uhm, yeah. Everyone knows entertainment has no affect on society.... yeah.
It would be interesting to see if you could get large circulation of a video of a giant Poo Bear squishing student protestors in Tienanmen square and locking up ethnic minorities for "re-education" on TikTok.....
(of note, there really is no such thing as a Chinese company that is not controlled or manipulated by the Chinese government)
Toyman! said:From what I have read, their terms of use basically give them permission to access your entire phone. Contacts, photos, files, and anything else that is stored on your phone.
IIRC, they aren't selling info to the Chinese government, it's owned by the Chinese government through a government-owned company.
All of the above. It is CCP spyware
Keith Tanner said:Hi astroturfer. What do you drive?
He drives a Chinese bicycle
Keith Tanner said:Hi astroturfer. What do you drive?
My guess is a Great Wall Motors Voleex C20.
That is the most sought after GWM model after it's brilliant debut performance in Lemons.
I consider Tik-Tok(and social media in general) a virus. Not in the sense of a computer virus, but more in the sense of a social disease. Prior to the internet age...you had plenty of crazies with crazy ideas...but they had no way to spread their crazy ideas other than in-person interaction so the impact of those ideas was greatly limited. Now crazy ideas spread like wildfire infecting the mentality of the entire nation. Just look at Washington and how divided the political parties have become. Prior to the internet, both those on the right and those on the left were more moderate in their views but ever since social media came on the scene both sides have become crazy in opposite directions leaving a lot fewer people in the center. Conflict is inevitable if it goes on like this and I blame the advent of social media for the majority of it.
From the info-sec perspective...I don't know about other people, but I install very few apps on my phone and those I do I carefully review the permissions they request. I would never install an app that requires keystroke access, or access to my contacts, passwords, location(beyond what comes with the phone), etc. About the limit of permissions I am willing to grant are basic internet access. I have had my identity stolen once before even with my precautions, so I try not make it easy for people.
You'll need to log in to post.
