The Sins of TikTok, Part 1: Extreme Privacy Theft by China-Based Company

Social media apps are nosy by nature; it is no secret that their main business model is to snoop out information about you, the user, and package and sell that information to advertisers who can target you. But there is one wildly popular app which goes beyond the norms of intrusiveness and privacy invasion AND is targeted largely at children and adolescents AND is based in China and thus is subject to Big Brother’s request for any and all data. That app is TikTok.

To avoid a bunch of re-wording, I will largely share excerpts from “ The Privacy Risks of TikTok – Why This Invasive App is So Dangerous “ by Priscilla Sherman at VPNOverview. Other articles echo her concerns with TikTok:

TikTok is an extremely popular social media video app owned by the Chinese tech company ByteDance. On TikTok, users can create and share short-form videos using a variety of filters and effects. The platform is full of dancing, comedy, and other entertaining videos….

Several agencies and news outlets are now sounding the alarm and reporting on the many problems that have surfaced. ByteDance claims to want to break away from its Chinese background in order to serve a global audience and says it will never share data with the Chinese government. This claim, however, seems impossible now that new security laws have been introduced in Hong Kong.

TikTok’s user base mostly consists of children and adolescents, which many consider to be vulnerable groups. This is a main reason for different authorities to express their worries. However, it isn’t just the youth that might be in danger from TikTok. From December 2019 onwards, U.S. military personnel were no longer allowed to use TikTok, as the app was considered a ‘cyber threat’…

[Hacker group] Anonymous has published a video listing the many dangers of TikTok. They quote a source that has done extensive research on TikTok: “Calling it an advertising platform is an understatement. TikTok is essentially malware that is targeting children. Don’t use TikTok. Don’t let your friends and family use it. Delete TikTok now […] If you know someone that is using it, explain to them that it is essentially malware operated by the Chinese government running a massive spying operation.”

These claims fit in with the recent developments surrounding TikTok. For example, Apple researchers announced that TikTok deliberately spies on users.

Claims keep piling up, showing that TikTok is a very invasive application that poses a substantial privacy risk. It seems that the data collection at TikTok goes much further than other social platforms such as Facebook or Instagram. This is surprising, since both of these companies have already faced backlash for the way they’ve dealt with user privacy. TikTok seems to collect data on a much larger scale than other social media platforms do. This, combined with TikTok’s origins makes it quite plausible that the Chinese government has insight into all of this collected data…..

Research from a German data protection website has revealed that TikTok installs browser trackers on your device. These track all your activities on the internet. According to ByteDance, these trackers were put in place to recognize and prevent “malicious browser behavior”. However, they also enable TikTok to use fingerprinting techniques, which give users a unique ID. This enables TikTok to link data to user profiles in a very targeted way.

Unfortunately, this happens with a great disregard of privacy – perhaps intentionally so. The German researchers indicate, for example, that IP addresses aren’t anonymized when TikTok uses Google Analytics, meaning your online behavior is directly linked to your IP address. An IP address provides information about your location and, indirectly, about your identity…

A user on Reddit used reverse engineering to figure out more about TikTok. Anonymous quoted the results in the video we mentioned earlier. The Reddit user discovered that TikTok collects all kinds of information:

  • Your smartphone’s hardware (CPU type, hardware IDs, screen size, dpi, memory usage, storage space, etc.);
  • Other apps installed on your device;
  • Network information (IP, local IP, your router’s MAC address, your device’s MAC address, the name of your Wi-Fi network);
  • Whether your device was rooted/jailbroken;
  • Location data, through an option that’s turned on automatically when you give a post a location tag (only happens on some versions of TikTok);

Additionally, the app creates a local proxy server on your device, which is officially used for “transcoding media”. However, this is done without any form of authentication, making it susceptible to misuse….

We asked investigative journalist and writer Maria Genova about her vision on TikTok. … Genova says: There’s a reason several countries have banned it. It’s unbelievable how much information an app like that pulls from your phone”…

TikTok needs access to your camera and microphone in order to work properly… However, there aren’t any specifications explaining how exactly these permissions are used. Therefore, TikTok could theoretically record conversations and sounds using your microphone, even when you aren’t filming a TikTok video.

We could go on and on with the technical details here, but you get the point. The fact that “IP addresses aren’t anonymized“ is really a big, bad deal. The article concludes:

The current findings and concerns surrounding TikTok are reason enough for us [the staff at VPNOverview] to remove the app from our devices. Whether TikTok’s main target group – young people between 14 and 25 – is sensitive to the privacy concerns that have come to light, remains to be seen.

Indeed.

One more quote , from Brendan Carr of the U.S. Federal Communications Commission (FCC), regarding the reliability of TikTok’s claims that they do not share data with the Chinese government:

“China has a national security law that compels every entity within its jurisdiction to aid its espionage and what they view as their national security efforts,” Carr said earlier this year, alluding to the fact that Chinese companies must make all the data they collect available to the Chinese Communist Party (CCP).

Stay tuned for Part 2, dealing with some larger market ramifications of TikTok’s evasion of  Apple and Android privacy protections.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

This just in from BuzzFeed (added to original post here):

“Leaked Audio From 80 Internal TikTok Meetings Shows That US User Data Has Been Repeatedly Accessed From China”

For years, TikTok has responded to data privacy concerns by promising that information gathered about users in the United States is stored in the United States, rather than China, where ByteDance, the video platform’s parent company, is located. But according to leaked audio from more than 80 internal TikTok meetings, China-based employees of ByteDance have repeatedly accessed nonpublic data about US TikTok users — exactly the type of behavior that inspired former president Donald Trump to threaten to ban the app in the United States.

The recordings, which were reviewed by BuzzFeed News, contain 14 statements from nine different TikTok employees indicating that engineers in China had access to US data between September 2021 and January 2022, at the very least. Despite a TikTok executive’s sworn testimony in an October 2021 Senate hearing that a “world-renowned, US-based security team” decides who gets access to this data, nine statements by eight different employees describe situations where US employees had to turn to their colleagues in China to determine how US user data was flowing. US staff did not have permission or knowledge of how to access the data on their own, according to the tapes.

“Everything is seen in China,” said a member of TikTok’s Trust and Safety department in a September 2021 meeting.

The Economics of Good Gift Giving

This post was co-authored with a recent AMU Economics Graduate, Michael Maynard (Linkedin here). It is based on his senior thesis entitled “The Highest Virtue: Re-examining gift Giving and Deadweight Loss”

When my older sister was in middle school, she received a book of baby animal stories. She loved that book and read it every day. A couple of years later my mother accidentally donated it, and my sister was heartbroken. We went to the thrift store repeatedly that week hoping to encounter it before it sold, but we never found it. Years later, our father scoured the internet trying to find the lost book – to no avail.

Years after that, I stumbled onto the exact same copy of the book in the for-sale corner of a nearby library. For a single dollar and negligible effort, I purchased the book that had long frustrated my family’s searching. Shortly before the birth of her first child, I gave the book to my sister for Christmas. It was one of the best Christmas gifts she had ever received.

Economic theory typically assumes that individuals have perfect information. Therefore, they are best suited to purchase their own gifts. That’s what motivates the not-so-romantic economist prescription to give a gift card or cash for birthdays, Christmas, graduations, etc. The theory states that, if we do not intimately know the receiver’s preferences, then we have incomplete information and it’s better to give a money-gift rather than to give a gift from which the receiver would enjoy less additional utility.

Continue reading

Optimal Policy & Technological Contingency

A person’s optimal choice depends on what they know. To consume more ice cream? Or to consume more alcohol? It depends on what we know about the expected utility across time. If a person thinks that alcohol has few calories, then it is understandable that they would choose to drink rather than eat. The person might be totally wrong, but they are acting optimally contingent on their knowledge about the world. (FWIW, 4oz of ethanol has 262 calories and 4oz of typical ice cream has 228 calories.)

The case is analogous for good government policy. The best policy is contingent on accessing the distribution of knowledge that’s inside of multiple people’s heads. It’s not sensible to assert that a policy is suboptimal if the optimal policy requires knowledge that neither a single individual nor all people together have. Even if the sum of all knowledge does exist, it may not be possible to access it.

Economists like to tell their undergraduate classes that it doesn’t matter who you tax. But that’s contingent on 1) identical compliance costs among buyers and sellers and 2) identical relevant information. If a tax comes as a surprise to the buyer or the seller, then it absolutely matters who is taxed.

When I was in 1st grade in North Carolina, my class went on a field trip to a Christmas tree farm. We learned a bunch about maintaining the farm and we got to choose a pumpkin to take home. At the end of our visit we took turns perusing the gift shop. My mother had generously given me a dollar to spend  and I was eager to spend it (I rarely had money to spend). Unfortunately, even in the early mid-90s, most of the things in the shop cost more than $1. So, I settled on purchasing some beef jerky that cost 99 cents.

Continue reading