A possible TikTok ban invites scrutiny on the social platform
TikTok videos in a social media user’s feed spring up like COVID-19 hot spots in states that opened too soon. It’s worth examining how this phenomenon got started, but that won’t be the focus of this particular tome. Instead, we’ll talk about your personal information; it’s a habit we’re proud to stick with at Consent Economy. It’s also an interesting exercise digging in to Vine, and how it essentially opened the door for some company — like the China based ByteDance — to swoop in and gather a proven cache of users disaffected by the now defunct platform.
For those readers that have been living in the Yukon homesteading, Oregon Trail style for the past year, TikTok is a short form video service that enables users to create, edit and promote their own user generated video content. Think, if Twitter and YouTube had a baby. You also may have noticed that the US Government along with other institutions and countries have banned the service over privacy concerns. Some of these actions are geopolitical, but don’t let that distract from the validity for some caution.
Why the caution?
TikTok, not unlike many other platforms that make the customer the product, extract a veritable bumper crop of sensitive data. Since users authenticate, this is essentially all agreed to, and co-signed by, said user. And they use this information to its greatest extent — data modeling, advertising personalization, analytics, sharing with 3rd party platforms–can’t stop, won’t stop, que Diddy meme.
With so much information passing through their servers; the fact they’re a Chinese company; and use of opaque practices the user deserves a clear explanation (from TikTok, but we’ll do in a pinch) of what all that data can do to affect the user and society. Think that’s hyperbolic? See Cambridge Analytica and Facebook, but in China.
To be clear, ByteDance claims US citizen info is stored on servers in Singapore, thus shielding them from Chinese law. A simple Wikipedia perusal will let you know that China and Singapore are economically close and Singapore has near unwavering support for China’s interests. So, take the Singapore server argument with that context.
(Some of) What TikTok retrieves from users
User Data
Data that is specified to how users interact with the platform, often anonymous cookies, sometimes directly tied to the users’ profile.
- First party cookies – Code placed on an authenticated users’ browser that allows TikTok to recognize the user, their preferences and whatever personally identifiable info is entered on their profile.
- Functionality cookies – Cookies that remember choices and settings made by the user.
- Performance cookies – Aggregated information on users’ most viewed videos, pages and accounts followed and reporting for 3rd Party analytics tools.
- Targeting & Advertising Cookies – These represent cookies for social media platforms (most specifically Facebook), analytics, and marketing
“Automatically” Collected Data
Data specifically collected about a user’s device and specifics about use of the platform.
- User Provided Data – Registration data like phone number, age, email, password and language
- User Provided Data – Social media data such as name, account info and profile image
- Location Data – GPS Data, SIM Card and IP
- Metadata – Information not readily available to the user that describes the how, when and by who of shared information
TikTok knows a lot
This could go on quite a bit longer. But, it makes sense to focus on how all of this information is ultimately commingled to profile the user to a finite degree. It shows what device is used, how you type, what you type, who you are, and how that is tied to other services where you can be matched. If someone digs into the location and metadata, specifically, it will probably scare that person off of the platform. Now, intermingle that with the fact that the Chinese government, is likely siphoning off parts of this information (with or without ByteDance’s permission) then you have a pretty unique set of circumstances aligned to personally identify an extraordinary amount to a hostile power.
In fairness, TikTok collects roughly the same information as other social platforms, albeit adding collection of additional device metadata via especially intrusive fingerprinting techniques that allows them to uniquely identify each user across sites. They’re mostly using this to monetize, but with the troubling origin of the organization, where the data goes and previous knowledge of how this info can be used nefariously, Consent Economy puts a beware rating on this platform as great or greater than Facebook. The vast stores of video content alone, are enough to make the usually steal-eyed a bit squeamish.
Say TikTok fingerprints your entire experience, pulling down data about your devices that rarely, if ever, changes.You see a message from their ad partner and, you a TikTok’er, innocently enough click on their ad. This starts a chain reaction of code sharing that contains packets of sensitive information, because you’ve allowed TikTok to share info with 3rd parties. Your behavioral, device, demographic, location (likely pseudonymous but not necessarily) information is sent to that partner. And guess what, this a government site that fingerprints as well. Say it’s the NSA, or armed forces, or the IRS, or a voting registration site. What are the implications of this? Whatever that site owner wants them to be, as they’ve triangulated what they know with what you only want your friends and followers to know.
Example!
In summation, TikTok is not the benign platform its users and friendly community make it feel like. Unfortunately, their quest for world domination is just as robust as any other platform, with the addition of video elements that provide device heuristics that add another layer of data availability about the user. This doesn’t necessitate a problematic privacy breach for the user, but can be used to uniquely identify preferences, device, location and payment info. While part of the hub-bub is based on politicians’ feelings being hurt, that is not enough reason to dismiss the concern. There is an enormous amount of personal data potentially subjected to the whims of brands and government agencies. Use at the collective risk of the country, because consent is tacit when signed up to use the platform.
If only it were Twitter’s defunct Vine siphoning all of this data; at least we have an idea of their intentions.
Good post
The information on this website is very valuable. Much appreciation for the in-depth research.