Please re-read the first bullet point of what I posted. By simply using the TikTok app, even if you are a “careful TikTok user who wants only to watch cat videos,” you are giving TikTok permission to access a great deal of personal information about yourself.
Okay, please elaborate. What is this personal info? Name, address, phone number? All available from a number of sources. Are they harvesting my Social Security number, my bank account number, my credit card number, my safe word, my mother’s maiden name? If so, I agree, they shouldn’t get that info and could easily misuse it. But I need more information than “a lot of personal info” before I understand what you’re warning me against.
This has already been shared several times in this thread, but I shall point to the specifics:
Maybe you, personally, don’t care about any of that, and you don’t see how it could be harmful if a large company, which may have ties to a foreign government, knows all of that about you, but if nothing else, it is a significant invasion of your personal privacy.
Edit: and, from this website:
“Keystroke patterns” means that they would have the ability to read everything you type on your phone’s keypad – personal messages, which websites you visit, etc.
Maybe you have absolutely nothing private in your life. But I work for an employer that has access to other people’s private data, and I am required to keep that confidential. I also talk about it with colleagues sometimes. An “always listening” app would be a problem. I have friends who are trans, and who worry about potential future harassment (legal or otherwise). I don’t want to talk with them with an always-listening app, either. I’m too old to worry about an abortion, but I wouldn’t want an “always tracking my location” app to know that I went to an abortion clinic. My phone can sometimes “see” my bank statement, and other financial information. I don’t want an always-looking app to see that.
Are there other apps that have similar issues? Yes. Is “ban TikTok” the right answer? I don’t use TikTok, and haven’t given the matter much thought. But is TikToc potentially dangerous, even if you only use it to watch cat videos? Yes. And can its algorithms be used to coax you away from cat videos and towards pro-Chinese propaganda? Yeah, that’s probably a real risk, too.
After the editing timeline had passed, I wondered if I had gone too far. Moderation accepted.
Right, and many people use banking apps and such, which contain details on our finances. If TikTok can track keystroke patterns (as per the article I just posted), they could back out your password information.
I do appreciate people talking to me as if I were extremely naive, which is probably a fair cop as regards sophisticated electronic surveillance. I don’t quite get the keystroke thing, for example. The way I type reveals things about me that I don’t want the Chinese government knowing? How does that work?
From the article you linked to, Kenobi, there is this nut quote:
“If the Chinese government wanted it, they could just go out and buy it because it’s for sale,” he said. “…I think people, when they’re worried about TikTok doing something, they should ask themselves whether they should be worried about American companies doing the same thing.”
which is kind of the point I was making about exaggerating the potential dangers because of racism and xenophobia. If the Chinese could acquire this info via legitimate means, and if American companies can gather it by the same methods, isn’t this as much about tech in general and not so much about Tiktok?
In all my years of listening to NPR (five now?), I’ve come to think it’s more likely the experts simply have trouble formulating that direct answer on the spot (a difficult skill in my personal experience), not so much that they are being intentionally obtuse. Especially experts in highly technical fields like cybersecurity and medicine, when you ask them a general question they are probably trying to simplify a thousand nuances because they don’t have time to go into details with every caller. And they don’t want to give the wrong impression to listeners who are in slightly different circumstances than the caller. The result is a very broad or guarded answer. This was particularly apparent to me when they had experts on to discuss vaccine safety. An expert on vaccine safety would never advise a caller that a vaccination was unsafe for them specifically, nor would I expect a cybersecurity expert to ever advise a caller that there is no risk for them specifically when using an online service.
~Max
If the app is keylogging everything, it’s one of the most dangerous intrusiins in your privacy. Have you ever typed your credit card number into your phone? Bank passwords?
But people have mentioned these risks already. You don’t seem to be carefully reading the responses to you, or you are only choosing to respond to strawmen while ignoring the points already made.
Personally? I don’t think I have, but you’re not interested in my personal habits. How does Tiktok know that 4277 3654 4885 0314 is my credit card number and 756 is my three-digit code on the back of the card, and not a random series of numbers of no use to them or anyone?
If they are keylogging, in addition to seeing what web site / web page you are on, that helps.
But, even so, a string of 16 digits in a row, starting with a 4 or a 5*, followed by a 3 digit number, isn’t hard to suss out that it’s a credit card.
*- Or a 6 for Discover, a 3 for Amex, etc., but those are much less commonly used in the U.S. than Visa (always start with a 4) or Mastercard (always start with a 5)
It is, and it isn’t. As I already noted, yes, privacy and access to your personal data and information is an issue for any social media app or smart device (the Siri on your phone, the Alexa/Echo in your house), but the particular concern surrounding TikTok is that it is a Chinese company.
The Chinese government (not the people, the government) is, politically and socio-economically, at odds with the West, and with the U.S. in particular. The Chinese government may have access to that data that TikTok has from its U.S. users, and if so, they would have the ability to use that information to harm American interests.
The fact that personal data from a very boring person who goes nowhere and does nothing on their smartphone other than watch cat videos on TikTok might not be of any real value or interest to the Chinese government doesn’t matter. The fact that millions of Americans, some of whom do have personal data that would be of real interest to a foreign power, are using TikTok, and may not be being careful about it, does matter.
As per this recent Politico article:
Not to go into the weeds on credit card numbers, but each one has a unique algorithm to determine if it’s a valid card number. This can be a CRC or Checksum type of test that can positively identify a valid credit card from a string of random digits without contacting the card company. It’s the first local test you do before you waste bandwidth and server time trying to approve a card that doesn’t exist.
I know this because I have written credit card processing software and had to implement those algorithms.
I am incapable of addressing the subject of this thread without a working definition of ‘endangered’ or ‘dangerous’.
In the realm of cybersecurity, privacy is a personal right and loss of privacy is tangible harm. Therefore anything that subjects one to the risk of losing personal privacy is “dangerous”, potentially illegal (for example if medical staff records a patient without consent). Allowing a hostile actor to access potentially sensitive user data is the highest danger in the entire field.
Is TikTok a hostile actor? In cybersecurity, unless you have assurances otherwise, assume all other parties are hostile. Specific to the field of national security, all assurances made by Chinese entities are suspect (vice versa for China and American entities).
Not necessarily so in colloquial conversation outside of the cybersecurity/natsec context, where you are free to redefine ‘danger’ and say you don’t care who sees your pictures or who listens in on your conversations. So until you tell me what you mean, I can’t answer your question.
~Max
Earlier today, I typed my credit card number and verification code on my phone. I’m not doing anything wrong, I don’t have anything to hide… except that I think that I kind of do want to hide my credit card number.
Is TikTok actually harvesting credit card numbers? Probably not. But just the fact that they could should be a huge cause for concern.
When I see an app that wants access to my microphone and keylog and the like, I always delete that app, without even bothering to check its country of origin, because I don’t want to enable thieves of any nationality.
I don’t use Tiktok, and only use other SM occasionally, so forgive my ignorance, but is Tiktok different from other platforms in this regard?
Not to speak for slicedalone, but they did seem to suggest in post #42 that certain types of data theft would be harmful:
What is this personal info? Name, address, phone number? All available from a number of sources. Are they harvesting my Social Security number, my bank account number, my credit card number, my safe word, my mother’s maiden name? If so, I agree, they shouldn’t get that info and could easily misuse it.
It has occurred to me that slicedalone’s views on online security are perhaps the views of a prior decade – more specifically, perhaps the views of the pre-smartphone era. The data “battles”, as it were, are not fought over SSNs and bank account information. Instead, other kinds of data – that a lot of people think of as innocuous at first blush, such as location/movement data – are what malefactors are after today.
To quote myself, from a later post:
I may be the only person in the world who watches TikTok on a computer, instead of a phone.
Would anybody care to venture an opinion on how far the use of NoScript, and standard security software, will go towards mitigating the previously-mentioned risks?
I need to know what distinguishes dangerous from not dangerous. Public record versus not public record is too naive.
Your daily movements are not public record. We all know journalists can face threats to their life, and so a journalist may consider it dangerous (in the colloquial sense) to reveal location data. ByteDance (developer of TikTok) has admitted that, in an attempt to stem leaks to the media, ‘rogue’ employees accessed user data to track the movement of U.S. journalists. Furthermore ByteDance is subject to Chinese laws which allow the Chinese government to (legally) access said data at any time while simultanously prohibiting the disclosure of such access. (The U.S. has an equivalent law.)
I reiterate that from a cyber and national security perspective, exposing citizen location data to the Chinese government is presumed dangerous.
The average U.S. internet user, however, is not a journalist and may or may not consider it dangerous for the Chinese government to know his or her location.
TikTok, like all other software, is liable to contain security vulnerabilities. The Chinese government can access TikTok’s source code for analysis, and we can speculate that they are able to introduce security vulnerabilities on purpose. The Chinese government (especially the army) has been repeatedly accused of sponsoring cyberattacks against U.S. public and private entities. Targets include government agencies, military contractors, newspapers, human rights activists, technology firms, industrial firms, infectious disease researchers, law firms, higher education institutions, etc, as well as the software companies which may act as gatekeepers to protected data. We can speculate that the Chinese government is not above exploiting, or even introducing ‘backdoors’ for exploitation, security vulnerabilities in TikTok to further its national interests - although there is no evidence of it having actually done so as of yet.
Anybody who works for a government agency, military contractor, newspaper, tech firm, industrial firm, law firm, or higher education institution, or who researches infectious disease, or who advocates for human rights, should be conscienscious of China’s capacity as a hostile cyberactor to disrupt his or her job and industry.
The average U.S. internet user, however, is not an employee for any government agency, military contractor, newspaper, tech firm, industrial firm, law firm, or higher education institute. The average U.S. internet user does not research infectious disease or any other field, does not advocate for human rights or any other cause, and does not hold any particular job in any particular field.
Therefore the average U.S. internet user may or may not feel that TikTok presents any danger. He or she may or may not agree with his or her workplace’s decision to ban the app.
~Max