Blockchain Council

Summary

  • TikTok’s abusive privacy policies have been subject to review since the Trump administration.
  • TikTok app collects information regarding installed apps and files saved on your device. Personal information including social security numbers and birthdates can be read.
  • All devices used to access TikTok are scanned. This data is tied to a home IP address or other identifying information.
  • The app’s design, with its endless scrolling feature and highly engaging short-form-content, taps into the brain’s reward system proliferating social media addiction

What is TikTok and Why is it Dangerous?

TikTok, a platform that has taken the digital world by storm, particularly among younger audiences, has been met with intense scrutiny and concern from various sectors of society and the United States Government. While it provides an engaging form of entertainment and self-expression, there are extraordinary risks that have led to it being labeled as dangerous by experts and regulators.

One of the primary dangers TikTok poses is its potential for market manipulation. With millions of users, content that goes viral on TikTok can have a substantial impact on consumer behavior and market trends. This influence is exploited to artificially inflate the value of products or stocks, misleading users and potentially causing economic instability.

The platform also raises serious concerns about the safety of its users because of the presence of online predators. The app’s popularity with minors makes it a target-rich environment for those with malicious intent. Predators can exploit the platform’s features, such as direct messaging and video responses, to groom unsuspecting victims. Despite efforts to enforce age restrictions and security measures, the risk remains significant.

TikTok’s facial recognition system is another point of contention. While it enhances user experience through personalized filters and effects, it also raises privacy issues. The technology can collect biometric data without users’ explicit consent, leading to fears about how this sensitive information is used or potentially misused, especially given the global concerns about data privacy, surveillance, and cybersecurity risks.

The app is also a breeding ground for social comparison theory to manifest. This theory suggests that individuals determine their own social and personal worth based on how they stack up against others. TikTok, with its endless stream of curated content, can exacerbate feelings of inadequacy and low self-esteem as users constantly compare their lives to the highlight reels of others.

Social media addiction is another significant issue linked to TikTok. The app’s design, with its endless scrolling feature and highly engaging short-form-content, taps into the brain’s reward system, potentially leading to excessive use. This can disrupt sleep, decrease productivity, and negatively impact mental health.

Algorithmic bias is an inherent risk in TikTok’s content distribution. The recommendation algorithm might propagate certain types of content over others, leading to a narrowed worldview for its users. This can reinforce stereotypes and discrimination, as the algorithm might not be neutral in the content it promotes, often pushing more of what it thinks a user wants to see, based on engagement metrics, rather than providing a diverse array of content.

Finally, TikTok has faced scrutiny over data privacy concerns because of the abusive privacy policies. The social media giant collects vast amounts of personal information, using extensive data tracking to feed its algorithm. Users, often unknowingly, provide access to their location, viewing preferences, and even biometric data, which could include facial recognition details. The implications are significant, with fears over how this data is stored, processed, and potentially shared, especially with third parties or under foreign and domestic government requests. Privacy advocates argue that such collection practices could infringe on individual rights and call for stricter regulations to protect users from invasive data harvesting and potential misuse.

TikTok's abusive privacy policies as of December 10th, 2022.

TikTok Privacy Policy Excerpt

TikTok’s Abusive Privacy Policies explained

TikTok is an addicting app. I find myself wasting an hour or two thumbing through all kinds of videos. Unfortunately, for the privilege of thumbing thru these videos, I have given up my privacy and subjected myself to TikTok’s abusive privacy policies. I am sure you have seen the stories about the U.S. Government’s fight with Bytedance, the parent company of TikTok. The United States has been fighting since the Trump Administration with ByteDance about TikTok’s privacy policies.

I am a cybersecurity expert by profession. I looked at TikTok’s privacy policies and generate a list of what I found with a synopsis of how TikTok’s abusive privacy policies affect users. Keep in mind the below information is collected automatically without your explicit consent.

TikTok privacy policy excerpt 1:

Device Information
We collect certain information about the device you use to access the Platform, such as your IP address, user agent, mobile carrier, time zone settings, identifiers for advertising purposes, model of your device, the device system, network type, device IDs, your screen resolution and operating system, app and file names and types, keystroke patterns or rhythms,  battery state, audio settings and connected audio devices. Where you log-in from multiple devices, we will be able to use your profile information to identify your activity across devices. We may also associate you with information collected from devices other than those you use to log-in to the Platform. 

Why excerpt 1 is the most damaging to privacy.
Policy except 1 is the most damaging of all TikTok privacy policies. What is highlighted in purple are the most concerning pieces of data collected automatically. The collection of "apps, filenames, and types" basically means they are scanning your phone's directories and file contents. If you have anything that contains a social security number, financial history, or credit worthiness, it can be read by the Tin Tok app. The common practice is to read your mobile devices browser cache to see what sites you have visited; then customize ads and videos to that browsing history. Device ID collection isn't as bad as scanning filename or apps; however, they can link you back to a specific device, allowing the app to tag all network traffic. The multiple device login language is some ambiguous, it's concerning. Essentially what TikTok is saying, they can collection information on your device wether or not you are logged in. The real problem is, that captured data can be linked to devices IDs and IP addresses. For example, it you use your home wifi and access TikTok on your phone and desktop computer, TikTok can link information from both devices to your IP and device IDs. 
TikTok privacy policy excerpt 2:

Messages
We collect and process, which includes scanning and analyzing, information you provide when you compose, send, or receive  messages through the Platform’s messaging functionality. That information includes the content of the message and information about when the message has been sent, received and/or read, as well as the participants of the communication. Please be aware that messages sent to other users of the Platform will be accessible by those users and that we are not responsible for the manner in which those users use or disclose messages.

Why excerpt 2 impacts privacy.
All social media platforms read message text. The problem with TikTok is there is not no limit to what these messages are used for and what exactly in collected. Any personal information place in TikTok's messenger section can be read by anyone and linked to devices to identify all parties the message is direct at. As always be careful what you put in TikTok messages.

Privacy Policy Updates in Response to a U.S. Government Ban

I took a look at the March 28th update and there have been some significant changes, as you can see below. The language has changed a good bit, probably to help appease regulators and the public. However, there are still some issues that go beyond data privacy and are much worse than TikTok’s abusive privacy policies. For example, bullet 10, ” Inferring additional information about users, such as age, gender, and interests.” The only successful way to infer age, gender, or interests is to scan web history usage, app usage, or show random videos in hopes the user likes the video or completely watches it. The issue with showing random videos, is the prevalence of obscene videos children could potentially be shown.

  1. Customizing the content users see on the platform based on their preferences and activity.
  2. Sending promotional materials from TikTok or on behalf of affiliates and third parties.
  3. Improving and developing the platform, including conducting research and analysis.
  4. Fulfilling user requests for products, services, platform functionality, support, and information.
  5. Measuring and understanding the effectiveness of advertisements served to users.
  6. Providing a customized ad experience.
  7. Supporting social functions, such as connecting users, suggesting accounts, and sharing content.
  8. Using user-generated content for advertising and marketing campaigns to promote the platform.
  9. Understanding how users use the platform across devices.
  10. Inferring additional information about users, such as age, gender, and interests.

With regards to data security and retention, there are a few concerning parts. The section highlighted in green can be summarized as TikTok saying they share your data with 3rd parties, but do not bare any responsibility for how those 3rd parties secure it. While this is true for most companies with website or mobile apps, the expectation is they would vet the security controls of the 3rd parties they use. I could not find any information on how TikTok’s audits those it shares information with. The purple highlight is much more problematic. TikTok will transmit your data to data centers outside of the United States and its jurisdiction. This means your data could be stored in China or another country where government surveillance of media is common. Although, updates have been made TikTok’s abusive privacy policies will still continue to impact users.

tiktok data security and retention

Read More

LEGO Brand Retail