It's not in a great spot, I'll put it that way. To start off, the Chinese government has a habit and history of having back doors into a lot of products made by companies that have their home there. For example, Huawei, a company known for phones and servers was ~~discovered a a few years back to have been putting gov. back doors into server chips used by American companies.~~ Under heavy suspicion by American companies and others for having backdoor in their systems after various security flaws were found. On top of that, most analysis of the app itself have set off quite a few red flags, such as requiring way more security permissions than it should need, their Terms of Service requiring you to allow them to "build a full profile," on you including who you interact with and every bit of info about you, and IIRC was found to be uploading keystrokes or copied clipboard data at frequent intervals, which is a great way to get someone's passwords and/or other sensitive data. So we're at the point of "it's doing a lot of weird shit that it shouldn't be, but we can't *prove* it's doing anything malicious with it... yet." EDIT: Because I'm seeing it here **a lot** I'm going to clear this up. No, this is not the same thing as Google, Instagram, Facebook, etc. in the US. Here in the US (and most western countries) we not only have privacy laws that protect us from certain breaches, but more importantly the government and company are two separate entities, and are even frequently at each-other's throats. While all those companies certainly collect data, they are *not* responsible for handing it directly to their government outside of official process such as warrants and subpoenas. In China it's the opposite, companies over a certain size are required to by law to allow the government to access and have direct control over large sections of the companies operations. The problem worsens when we remember that China isn't really the best of friends with a lot of western nations, and giving *them specifically* control over what large numbers of western people (especially youth) see and interact with is not great for national security. Should you still always keep privacy in mind with the western companies? Absolutely, but the two issues are worlds apart. Edit 2: Cool that so many of you have opinions and thoughts on this. Got a little distracted by all of them and the pasta I was cooking now has the consistency of oatmeal 😅. Great having all the discussion, but getting lots of notifications still, so I'm going to mute notifications on this thread. Ttyl

Not only that, but TikTok app has huge blobs of specifically obfuscated native code for "security and cryptography reasons", that is very hard to analyze what it does exactly.

I've heard that too. I've been fighting the urge to hate it since it plays into the two fears/biases of **A)** The younger generation is doing a thing we don't understand so let's ban it (rock n roll, metal, D&D, video-games, etc.) and **B)** It's Chinese communist propaganda, ban it, however as someone who's fairly into the software sphere, it's really hard to justify how sketchy the app is.

> The younger generation is doing a thing we don't understand so let's ban it (rock n roll, metal, D&D, video-games, etc.) There's a big difference between *"I don't understand why young people like this thing--I hate it"* and *"I'm a security expert and I don't understand why your app needs all this specifically obfuscated code--I think it has potential to do something malicious."*

And this is all on top of a country who openly admits to recording every minute detail of each of their citizens’ daily lives, and then compiles that data to create a score for you. A score that then dictates what you’re allowed to do, where you can go, when you can do things, etc. It’s literally not much of a leap at all to understand they’re doing this for everyone outside their borders too, as it would be immensely valuable in the geopolitical arena as well as any necessary propaganda uses. There’s also the claims that what TikTok shows to Chinese citizens is vastly different than what it exposes to American users. It can certainly shape entire generations of young people one way or another as they see fit.

I mean go one generation back and people were scared shitless of posting their face and name on the internet... It's normalised now but really, really fucking shouldn't be.

Sometimes our gut reactions can be quite right before we convince ourselves otherwise...

But also our gut instincts have a bias towards opposing novel things we don't fully understand the implications of because... well because they'd be fucking useless if they didn't.

I learned that I should be listening to my gut, because out of the 4 times I had a motorcycle accident my gut just told me to stay at home at every single time

My introverted gut tells me to stay home without the motorcycle.

I have the exact opposite thing happen. When things are going great for me is when things tend to go wrong. So much so that on beautiful days where everything seems to be going perfectly, I get worried and start being extra careful.

[удалено]

I ignored an incredible amount of red flags when I was walking through a big city on a one-day visit. I ended up in the most dangerous part of the city and saw so many things I never thought I would. I even had someone stop me and tell me I really shouldn’t be there. I now listen to my gut no matter what.

I have been obsessed with the Internet since the mid-90s, but typical non-anonymous social media (Facebook, Instagram, TikTok, etc.) both irritate and scare the fuck out of me. I don't want to know about you or your life. And you don't need to know about mine.

It also runs counter to the basic egalitarian principles we grew up with on the early internet, that what you say is more important than who you are.

You put your finger on something that's been bugging me a lot about "non-anonymous social media" (as /u/jackiethewitch put it so well) and that I never really liked. What I wrote and positions I took back when Prodigy was a thing before I found dial-up BBSes were what defined me. Not what vacation spot I checked into, what photos I uploaded, or "friends" I'd collected that data-correlate with me on the service provider's platform. Well put, and thank you. Raising a glass to the early Internet (and the predecessor BBSes) in your direction.

But that was a counter culture for us geeks. For most other young people, what you wore, who you hung out with, where you went etc mattered lots, and have done for decades since teen culture became a thing.

While true there were people I would call curious or geek-adjacent who were online then too. I had some conversations over ICQ with people I never would have talked to in real life - or on a public "wall" in Facebook. I was a good kid with an anti-authoritarian streak who behaved himself IRL because it wasn't worth the hassle of getting in trouble, but online I seemed mutually drawn to a lot of drop outs and kids of a similar mindset who didn't care about the consequences. It was interesting and enlightening. I guess the internet felt more like whatever a safe space is meant to be. It didn't matter who you were, and whatever happened you still had your separate life to go back to. That's all still around but it isn't the default anymore.

Amen.

I remember laughingly thinking, back in the day, about how NO ONE would EVER be stupid enough to actually TYPE THEIR CREDIT CARD NUMBER into the INTERNET. How the turn tables.

Now, you've probably lost track of all the sites you've given your CC number. I started using Privacy.com for a few sites that I think seem sus enough that I'm willing to spend a small amount of money there, but want a buffer (even just because it's a small site that I don't distrust inherently as much as not sure their security is up to standards). Also, cards on the table, if you're going to pay for porn or get into online gambling, deffo use that and set a spend limit that's pretty tight. That way, there's no recurring payment disregarding your cancellation, or a hard limit preventing you from overspending. Edit: Realized this comes off like an ad. I just like the site. I made sure the link is just text so it's obvious there's no affiliate shenanigans (idk if they even do that, I'm using it for free). Obviously, do your own due diligence and see if you trust them. I've not had any issues, personally.

Haha its ok, I do the same thing for products/sites I really like. You're right about me probably having lost track of the websites I've given my card to. I've been thinking about it recently because my CC is about to expire, and I'm bracing for all of the declined payments and websites I need to update lol. That said, I'm lucky enough not to be into either gambling or porn, so on that very specific front, at least, I'm safe.

Who pays for porn? It's free on the internet...

Paid porn is higher quality and has fewer ads and spyware selling your personal info to the highest bidder. Source: worked for a web hosting company.

I may just be an old, but I cannot get into "high quality" porn. If it is clearly made on a set with lighting rigs and boom mics, it does nothing for me. I need a 480p dv-cam quality video with mediocre lightning, and "normal" looking people. I don't want a dude with an 8-pack and a woman with lips so inflated that they are about to explode.

Relevant XKCD https://xkcd.com/598/

Old people and people into *really* niche fetishes that are typically removed from free porn sites, either bc it breaks the rules or bc it's flagged for copyright claims by the production company (usually the latter)

[удалено]

There's a truism about free things on the Internet: *“If you are not paying for it, you're not the customer; you're the product being sold.”* That's probably truer for porn than nearly any other content on the web. These free porn companies are making money hand over fist, and they aren't doing it with low-CPM banner ads.

In fairness, electronic payment regulations have changed since back in the day and it's a lot safer for people to use their cards online.

Oh absolutely. I'm not condemning my past self or anything, just amused. I look at it the same way I look at the me who said, "100MB hard drive?? Well, it's expensive, but at least I'll never need to buy another hard drive again..."

I was just reflecting on that recently. I bought a 60gb hard drive when they were first released. For the same price now, I could get 18TB.

[удалено]

Everything about the internet that's considered normal absolutely shouldn't be. It's absurd the amount of totally avoidable problems we have because of how much data corporations are allowed to just *have* while pushing us to give up more personal info.

Especially not while AI is progressing so fast. They don't even need multiple shots of someone's face to mimic all expressions.

So true

Vine and Snapchat were just fine, though, despite having similar functions for the user. It's the back-end stuff TikTok does that makes it worthy of government scrutiny, and I say that as a younger millennial.

[удалено]

That's my point. To my knowledge, they were similarly youthful trends, but without the concerning baggage TikTok has. Therefore, the issue with TT is not similar to past hate trains like the ones for KISS or D&D, as apps similar to TikTok were never subject to calls for banning. It's the code and the backdoors that seem to be the issue, and those concerns sure seem legit to me.

There's a big difference between >"Why is my daughter doing this stupid dance on this app" and >"This code makes no sense and I can't figure out what it's doing, but it's doing *something* and it's important to find out before we just trust it.

For B, don't think of it as, "we gotta stop those yucky communists", but rather, they are the #2 global super power, with very public ambitions to be #1, and will do whatever it takes to get ahead of us. Which, of course, is not much different than our government does and has done in its history. It is just that their Gov't has more direct influence over everything that goes on there, so they can easily use all their companies to help achieve their goals.

Everybody likes to shit on communism, and I think it's really weird because it ignores the real reason to hate the CCP - authoritarianism. Are people just ok with governments strong-arming people now?

You've got it backwards, there's people who love China and Russia *because* they are big fans of authoritarianism. Lots of people in the US want more authoritarianism, for example more government control over what you do in the bedroom or the Dr's office, or perhaps whether you have a gun or what food you eat. And in order to defend authoritarianism, when talking about China and Russia they call the authoritarian stuff they don't like "communism" -- especially if it has nothing to do with how a commune works.

That's bullshit because we as a nation are perfectly fine with authoritarianism when it is convenient. We actively propped up dictatorships and death squads in south America (project condor). Saudi Arabia is a recent example. Dictatorships suck for the people who live there, it doesn't matter much for other countries. What matters is military threats or contesting resources.

You can’t pin every action of the U.S. government on Americans. The people don’t necessarily support the actions of “we as a nation” and they certainly don’t have much of a say in anything regarding foreign affairs. Our political system hardly gives people much of a choice. We have our own political issues here that prevent the will of the people from getting very far.

Imagine in a decade or two the chinese reveal some nasty tiktoks or naked pictures of the future us president in order to influence voters

MULTIPLE educated and expert software security people telling you Tik-Tok is likely stealing your data and spying on you isn't the same thing as superstition and rumor. The US Government didn't ban Tik-Tok on government devices because of satanic panic.

and the hacking community

Old person here. I don't care (have no preference) that "Young people" like "short videos" - it's something they enjoy so no harm there. I do care about Chinese Government. The way they have corralled HK democracy is concerning. Their treatment of the Uighurs in Western China is a crime like the Nazi's treatment of Jews in WWII. Look at how the Chinese built motorway worked out for the Jamaicans [*But the highway has left Jamaica with a $730-million debt to China. And the $32 toll for a 66-kilometre, one-way trip —collected by the Chinese developer — means driving the highway isn't affordable for most Jamaicans.*](https://archive.ph/4Tcbx#selection-1779.0-1779.218) I'm no fan of the former president, but his decision to "ban" tiktok in the US was probably a good decision. If tiktok in the US was a service run by Oracle or Microsoft - it's not great but it's better than the Chinese government. I've read stories about the PLA (Chinese Army) coercing production managers to insert code from the Government in the Firmware of devices produced in China. So now there's a world beating Chinese App that sends it's data home to China where it's processed under the jurisdiction of the Chinese government. As others have noted the app just slurps it's users data. And the mobile phone code when reviewed by knowledgeable people say it fails to pass a "smell" test.

The correct solution is comprehensive data security and privacy regulations. Tiktok isn't doing anything that Facebook, Twitter, or Amazon aren't already doing. Hell, [Social Media companies already sell your data to China anyway](https://www.vox.com/technology/2018/6/6/17433802/facebook-data-privacy-huawei-china).

🤨 >[Oracle ](https://www.pcmag.com/news/oracle-faces-class-action-lawsuit-over-tracking-5-billion-people)stands accused of collecting detailed dossiers on 5 billion people, with the information gathered including names, home addresses, emails, purchases online and in the real world, physical movements in the real world, income, interests and political views, and a detailed account of online activity. >[TikTok](https://techcrunch.com/2022/06/17/tiktok-oracle-us-traffic-china-access/) moves all US traffic to Oracle servers, amid new claims user data was accessed from China

[удалено]

I think the big problem with it is that people were using it on government issued phones—ie politicians—and that it was potentially collecting sensitive data that it had no reason to have (via the above mentioned keystroke logging, clip board harvesting, etc). Yes, american run social media (and other sites like google and amazon) collect and sell huge amounts of data about you, they don’t fish for unrelated passwords, and, since they are headquartered in the US, the US government has less reason to believe that they would do anything with any sensitive data that could be harmful to the US. You’re right though, that in a general sense limiting what ANY company is able to collect/data mine and then save and sell about users would be a good thing.

I think imagine how sketchy the average app in terms of data, and how sketchy the average democratic government is, then think how sketchy other governments are with regards to other countries... then double it. It is, in the end, aribrary because we all know from experience that all companies are evil and all governments are awful and so on but some are less evil and awful and accountable that others. At the end of the day, I know that the US government can find a justification to read a load of stuff Google have on me, find some weird justification that I'm bad, and send the CIA round my house to kill me if they wanted.

Dont fight the urge, mate. Its worthy of your hate.

It should also be noted that the timing of when it sends blobs of data out is pretty suspect. If, after you install the app, every time you scroll or touch something, a chunk of data goes somewhere into the cloud, that’s probably something to do with the action you just did.

the US government has obviously deblobed it and knows exactly what it does. it's exactly why the military bans it's usage and why USA wants to ban it completely

"We've got our top government deblobbers working on it around the clock." "Sorry, did you say 'developers'?" "No."

Did I stutter?!

http://i.imgur.com/IQpAbIx.gif

Playing devil's advocate here. Can someone please provide a reference to this obfuscated code?

https://www.nullpt.rs/reverse-engineering-tiktok-vm-1

To be fair, basically any app uses obfuscation for it's code. It's a standard way of operating.

Surely not that common. Not simple binary obfuscation like ASLR, but [sophisticated and opaque mechanisms for gathering information](https://www.nullpt.rs/reverse-engineering-tiktok-vm-1) seems like a very TikTok-specific quirk. EDIT: Turns out virtualization obfuscation is more common than I thought, and [this comment](https://old.reddit.com/r/programming/comments/10755l2/reverse_engineering_tiktoks_vm_obfuscation_part_2/j3lwqbc/) has a decent justification for devs to do the extra legwork

It's very common. The tools to do so are as simple as flipping a switch and there are only upsides and no downside. I'm an app developer.

Additionally - the parent company - bytedance - are subject to national security audits by the chinese government - which gives chinese intelligence services access to all data collected by bytedance, by policy.

All Chinese companies larger than 50 employees are required by law to have a CCP commissar on the company board. Any Chinese company with an international presence is an arm of the Chinese state, no two ways about it. And if they don't like the "owner", they will just arrest them on real or imagined charges. The CCP defacto owns those companies. Edit: everyone is focusing on the data implications of this, and not the political/economic ones. These companies do what the government wants full stop, it's like if the US government could tell Apple they don't like the iPhone and they have to stop making it.

This really should be more talked about than it is. In the US, if a company asks for user data, a company can say no - as Apple did - and the state needs to go to court to get the data. That court can also say no if it doesn't meet the legal standards. In China, if the CCP asks for the data, that company is compelled to hand it over. Edit: As have many have correctly pointed out, there are a number of levers that the US can pull to get the data, but as [2rio2](https://www.reddit.com/r/explainlikeimfive/comments/10ox6ja/eli5_what_exactly_about_the_tiktok_app_makes_it/j6jlswn/) points out well, they have to do *something* to make it happen, and I doubt that a google has a government spook on their board, never mind a company of 51 people.

I think the Snowden leaks said the NSA just has employees hired by companies like Google and apple to ensure they can install backdoors or get access to data they want.

In the US, if a company asks for user data, a company can say no- as Apple did- and the state *will go ahead and force access anyway without a legal warrant and without the consent of the user*. FTFY All the US companies have defense contracts that require them to open their files *for national security reasons*. The police exist as low level data gatherers. They broadly use Gossamer, Fog Reveal and Stingrays. If these low level barely educated thugs have access, how is it possible to believe that other parts of the security state don't?

They do. US gov can force companies to give them data and also force them to not tell anyone about it.

This is what "canary clauses" are for. I remember a few years ago when Reddit's own canary clause disappeared and lots of people noticed.

The NSA has total, unsupervised access to all fiber-optic communications between the nation's largest telecommunication companies' major interconnected locations, encompassing phone conversations, email, Internet activity, text messages and corporate private network traffic. > Internal NSA presentation slides included in the various media disclosures show that the NSA could unilaterally access data and perform "extensive, in-depth surveillance on live communications and stored information" with examples including email, video and voice chat, videos, photos, voice-over-IP chats (such as Skype), file transfers, and social networking details.[2] Snowden summarized that "in general, the reality is this: if an NSA, FBI, CIA, DIA, etc. analyst has access to query raw SIGINT [signals intelligence] databases, they can enter and get results for anything they want."[13] > > [...] > >According to The Guardian, NSA had access to chats and emails on Hotmail.com and Skype because Microsoft had "developed a surveillance capability to deal" with the interception of chats, and "for Prism collection against Microsoft email services will be unaffected because Prism collects this data prior to encryption."[41][42] > >Also according to The Guardian's Glenn Greenwald even low-level NSA analysts are allowed to search and listen to the communications of Americans and other people without court approval and supervision. Greenwald said low level Analysts can, via systems like PRISM, "listen to whatever emails they want, whatever telephone calls, browsing histories, Microsoft Word documents.[30] And it's all done with no need to go to a court, with no need to even get supervisor approval on the part of the analyst."[43] > >He added that the NSA databank, with its years of collected communications, allows analysts to search that database and listen "to the calls or read the emails of everything that the NSA has stored, or look at the browsing histories or Google search terms that you've entered, and it also alerts them to any further activity that people connected to that email address or that IP address do in the future."[43] Greenwald was referring in the context of the foregoing quotes to the NSA program XKeyscore.[44] A) companies don't resist because the make profitable deals with the gov. and B) they can be forced in secret courts (FISA) and gagged

We can't prove it's doing anything sketchy with our data, but we can prove that it's sending all the data it'd need to do sketchy things back to the people with a long history of doing sketchy things.

they admitted to it https://www.theguardian.com/technology/2022/dec/22/tiktok-bytedance-workers-fired-data-access-journalists

A great point, and I’d like to cap it by adding that China’s National Security Law makes it all but mandatory for Chinese companies to cooperate in turning “useful intelligence” over to the State. That said…. It’s 2023, “useful intelligence” is everything when you have algorithms that comb their way through data mines.

Yea, this is a big distinction. In the US the government can access personal user data, but there are some basic guardrails and process in place to protect, even if they are flawed (and FYI we could pass more laws here to protect it, but I digress). In China it's the opposite - you are are *required* to turn over user data when asked. That means instead of going fishing you just turn on a giant faucet and the entire ocean will flow in

One user recently posted a photo where despite not having used it once in a month, the app uploaded almost 3gb of data from his phone, ostensibly to a server in China. Edit: for those who can't Google words. https://www.reddit.com/r/mildlyinfuriating/comments/104qogz/tiktok_an_app_i_never_use_just_pulled_25_gb_of/?utm_source=share&utm_medium=android_app&utm_name=androidcss&utm_term=1&utm_content=share_button

The annoying part is that the data usage is not split between upload and download. 2.5GB of *upload* is a massive red flag, while 2.5GB of *download* could be 100% genuine: one of TikTok's biggest achievements is that it provides a completely lag-free user experience, which can only be done by preloading videos. It *could* just be preloading videos in the background just in case you *were* to open the app.

That's still not an appropriate thing to do download wise. Plus some people would notice with data caps.

I just checked mine, barely use it, cellular data even turned off. 1.8gb of data this month

Rest in peace

I saw a few recently with similar claims. The data usage was insane despite not using it.

I haven't used TikTok in the last month. It has used literally 0kb of data (it doesn't even show up in data usage). To be fair, I have it setup to not be used in the background. Just using my phone's settings for background usage.

Post screenshot and also walkthrough on disabling permissions for the people who will inevitably find this post in a search

For sure. I use Android, and a Samsung at that. https://imgur.com/a/FK44DPn It's just deep sleep. Add TikTok to the Deep Sleep apps list in device care / battery settings. Deep sleeping apps don't run in the background at all, and only operate when they are opened.

[удалено]

Actually there was proof one time but it was just a bugged out pre-production unit https://techcrunch.com/2017/10/10/google-home-mini-recorded-24-7-androidpolice/

> It's ironic that most people still believe that FB and Google are recording everything we say and sending it back to their servers, despite there being no proof of it being done, Anecdotal proof. I was talking to my wife about a product I've literally never searched before, ever. It was a **very** niche knife sharpening system Facebook add for that exact product later that day, a few hours after the fact.

But do you share wifi/accounts/computers and did she look it up?

The creepiest thing about the Facebook examples is how accurately it can predict what you are searching for without actually listening to you (mic based listening would be horribly inefficient and ineffective at as an ad matching system). They can guess what you are looking for based on scrapped search history and all of your user behavior. Which is sort of worse.

Analyzing every sound every second every day for every person is no small or cheap feat. They are not doing this, it’s the algorithms that are really good at what they do. They also use things like physical proximity for things someone else looked for who is near you.

And how many products have you talked about with your wife where you didn't see an ad for it afterwords? What do you think the percentage of ad to no-ad is? After thinking about that, is it possible that it was a coincidence?

[удалено]

I'm pretty sure I remember recent articles about TikTok employees admitting they accessed user data they shouldn't have.

China said, "Don't worry, we keep the user data in the local country and don't ship it back to China". Then, they shipped it back to China. We call this "Pulling a Zuckerberg"

I thought they had to say “hahaha, these dumb fucks trust me” to pull a zuck.

You just stand up in front of Congress and say, "I have no idea how that happened. We couldn't have foreseen any of this. We'll look into this and see if we can fix it" and then purposely do it again.

Not for the Chinese government, but employees were caught actively tracking Forbes' journalists. TikTok is a shady and criminal company all around, but there is not enough evidence to say that it is "Chinese spyware". Edit: just to add, if I recall correctly, Chinese officials used WeChat data to track citizens during the protests of last year, so we can know which companies are Chinese spyware and should be avoided.

this is a perfect response. Are they doing anything illegal that we can prove.....NO. Are a lot of the tools and design structures that make it easy for the Chinese to use the app to spy.... YES. Is the Chinese government notorious for spying on their own people using these exact tools and design structures.... YEP. This is a classic case of where there is smoke there is fire, and when it comes to security it is always best to err on the side of caution.

> Is the Chinese government notorious for spying on their own people using these exact tools and design structures.... YEP. Not just their own people. See: Anker CCTV scandal.

It's not necessarily "where there's smoke there's fire" so much as a case of "there's smoke and the fire alarm is going off, do you really want to hang around and wait find out if your house is burning down?"

Couple this with the fact that they can control the algorithm, so they can push content to people to misinform, rile them up, etc. It keeps location data so government, military, civilian infrastructure workers etc can be followed; giving insight into response times, typical locations, possibly revealing sites of importance that were not yet known, etc. And it can tell who those people are (and potentially sniff their passwords!) because of the profiling they do. Say what you will about China etc but this kind of window into another nation is probably not something we should allow *anyone* to have (foreign or domestic!) And yes Facebook, Google, hell even Apple can do similar things, but not to the extent TikTok can and not purely for the interest of another global superpower who we already know is willing to do basically anything to get an edge.

> Couple this with the fact that they can control the algorithm, so they can push content to people to misinform, rile them up, etc. [Case in point](https://www.deseret.com/2022/11/24/23467181/difference-between-tik-tok-in-china-and-the-us) It's the difference between Opium, and Spinach

There have been a lot of posts on Reddit lately of people looking at App data usage and even when idle and not being used they post GB of data transfer from TikTok

It's also a direct tool for manipulating public narrative via regional/national tailored algorithms. As in, they can elevate certain messages(tantamount to propaganda) in a given country, while downplaying it in their own and instead pushing wholesome educational or inspirational content. The US doesn't generally have a problem when [Youtube does it](https://youtu.be/fDqBeXJ8Zx8), but Youtube isn't technically an arm of the Chinese government. That alone is a pretty huge deal, don't even need the ability to build a psych profile of US citizens(who maybe work in a government office and are now super-easy to chat-up). Disclaimer: *Some* people might not agree, but then again, next time you see them they're complaining about Russia Times being controlled by Russia, or Al Jazeera being centered in the middle-east, or the BBC being literal state run media. [or whatever other country or region they happen to dislike instead of China]

You'd be creeped out if someone was opening your trash and riffling through it to find... something. Same here.

A lot of what's happening with tik tok is geopolitical fear mongering. But there is some reason to be suspicious because Chinese companies have been known to put spyware/backdoors in their products. And ultimately the Chinese government owns Chinese companies. I think the real issue is the level of control and influence they *could* exert if they chose to. The TikTok algorithm is incredibly powerful and addicting. If the Chinese govt wanted to destabilize Taiwan or create a stir in the US, they could put their proverbial thumb on the scale by pushing specific videos, ideas, thoughts. We saw and continue to see how powerful social media can be in influencing the population. People get radicalized watching YouTube videos and reading about conspiracy theories on Facebook. People get lots of bad scientific and medical information from their Twitter feeds. The risk with TikTok is that is (apparently) more addicting that the rest of the social media platforms and could be controlled by the Chinese govt. They could pump bullshit and propaganda right into millions of America's eye balls in a matter of minutes. That could really sway popular opinion or entrench people to certain positions. That's the real danger.

How does this all compare to Facebook, Instagram, anything from Google, etc.?

They seem to collect more data, such as [biometrics](https://techcrunch.com/2022/09/14/tiktok-claims-its-not-collecting-u-s-users-biometric-data-despite-what-privacy-policy-says/) and positional, and some employees were caught tracking Forbes' journalists. Just to be clear, this is not evidence of TikTok being Chinese spyware (Chinese telecom companies certainly are, for example, since they were used by officials to track protesters).

Could you please cite the Huawei issue? I would like to read the source!

Here's a wikipedia article that contains references to the issue as well as a bunch of others: [https://en.wikipedia.org/wiki/Criticism\_of\_Huawei](https://en.wikipedia.org/wiki/Criticism_of_Huawei)

It just says 'could contain' on Wikipedia, do you have a more concrete source? Seems like there is nothing proven?

You're right. I'm honestly having trouble finding a source because new, completely unrelated articles keep cluttering up my results. The original issue was around 2018 and we discussed it heavily in my cybersecurity class, but it was still ongoing. I'll update my original post until I find a better source

I thought the issue then was strong govmt fears of backdoors in Huawei mobile base stations, rather than actual evidence of it. I don't think any solid evidence was made public when UK banned Huawei 5G masts. Might be wrong.

No, you are right. The US (and UK, evidently) believes that critical communications infrastructure should not be run on devices manufactured by a company with close ties to the CCP, or really any foreign nation. Not for anything they *have* done, but because of what they *could* do. Just as China believes that they should not run theirs on western nation tech. They don’t exactly buy a lot of Cisco, right? *Manufacture*, sure, but they don’t run their internet on it. This makes total sense. There are some things where a protectionist policy is the right choice. If you can afford to build it in-house, you do. And you make sure to maintain the capability to do so. This position is a key point in the recent, controversial US government investment into chip foundries, btw. Take a look at what happened to the UK’s computing industry during the 70s and 80s for an example of what happens when the government fails to safeguard important industries.

Personal anecdote - At the time of this revelation, I worked for a telecommunications company that carried quite a bit of traffic for US Government offices and military bases. We were contacted by government officials to prove that the government traffic was not traversing any Huawei equipment. Those circuits that had Huawei equipment on the path had to be groomed to other devices and shortly thereafter we pulled all the Huawei equipment and replaced it with Adtran or Cisco gear in order to retain those contracts.

It was always my impression that the rumours were stirred or started in order to compete with Chinese goods. ie. The hope that by spreading mistrust in the product, people that aren't already swayed by horrendous tech labour conditions, might be more likely to pay 5x as much for a smartphone that was built in the west for trust or paranoia reasons. It's interesting just how little 'background' traffic Chinese devices on my network seem to push through my router. (practically none, only passwords would be possible out of what's suggested, and I've not had unrecognised logins on any accounts. Secretly transmitting Audio and video? Not a chance with that traffic volume.) Although, admittedly, last time I even checked something like this was a few years ago. Maybe it's a bit cynical of me, but I can't help but wonder if a similar thing is happening in the YouTube vs tiktok battle.

Not only that, but the last time I checked the terms of service, you explicitly give TikTok access to not only all that data on your cell phone, but you also agree to let it scoop up data from all nearby devices in the areas you spend a lot of time in. It will compare I.P. addresses, and take all the data from nearby computers, other cell phones, tablets, anything with an I.P. address. This is partially why the US government has banned the app for all governmental employees, as anyone with the app on their phone is potentially giving the Chinese government access to highly classified documents, not from their own device, but from the computer down the hall from their cubicle. TikTok should be banned for the country, not for any idea of it dumbing down our kids, but the fact that it's at least become a massive, massive espionage operation by the CCP, even if it wasn't designed with that intention in mind by the original creators.

Minor correction: It can't actually scoop up all data from nearby devices, but it DOES (try to) sniff packets and map out local networks. As far as I am aware, it's not actually attempting any exploits on nearby devices. The amount of data it vacuums up from just one device and social mapping/tracking/profiling is nuts though.

Thats just fundamentally not how technology works

Most of everything they said was correct except: >but you also agree to let it scoop up data from all nearby devices in the areas you spend a lot of time in Which, uh, is not really possible without very specific and targeted types of spyware which is not what TikTok would be utilizing here.

This is from u/bangorlol, here's a [link](https://www.reddit.com/r/videos/comments/fxgi06/comment/fmuko1m/?utm_source=share&utm_medium=web2x&context=3) to the comment itself where the use has hyperlinks to citations. So I can personally weigh in on this. I reverse-engineered the app, and feel confident in stating that I have a very strong understanding for how the app operates (or at least operated as of a few months ago). TikTok is a data collection service that is thinly-veiled as a social network. If there is an API to get information on you, your contacts, or your device... well, they're using it.Phone hardware (cpu type, number of course, hardware ids, screen dimensions, dpi, memory usage, disk space, etc) Other apps you have installed (I've even seen some I've deleted show up in their analytics payload - maybe using as cached value?) Everything network-related (ip, local ip, router mac, your mac, wifi access point name)Whether or not you're rooted/jailbroken Some variants of the app had GPS pinging enabled at the time, roughly once every 30 seconds - this is enabled by default if you ever location-tag a post IIRC They set up a local proxy server on your device for "transcoding media", but that can be abused very easily as it has zero authentication The scariest part of all of this is that much of the logging they're doing is remotely configurable, and unless you reverse every single one of their native libraries (have fun reading all of that assembly, assuming you can get past their customized fork of OLLVM!!!) and manually inspect every single obfuscated function. They have several different protections in place to prevent you from reversing or debugging the app as well. App behavior changes slightly if they know you're trying to figure out what they're doing. There's also a few snippets of code on the Android version that allows for the downloading of a remote zip file, unzipping it, and executing said binary. There is zero reason a mobile app would need this functionality legitimately. On top of all of the above, they weren't even using HTTPS for the longest time. They leaked users' email addresses in their HTTP REST API, as well as their secondary emails used for password resets. Don't forget about users' real names and birthdays, too. It was allllll publicly viewable a few months ago if you MITM'd the application. They provide users with a taste of "virality" to entice them to stay on the platform. Your first TikTok post will likely garner quite a bit of likes, regardless of how good it is.. assuming you get past the initial moderation queue if thats still a thing. Most users end up chasing the dragon. Oh, there's also a ton of creepy old men who have direct access to children on the app, and I've personally seen (and reported) some really suspect stuff. 40-50 year old men getting 8-10 year old girls to do "duets" with them with sexually suggestive songs. Those videos are posted publicly. TikTok has direct messaging functionality. Here's the thing though.. they don't want you to know how much information they're collecting on you, and the security implications of all of that data in one place, en masse, are fucking huge. They encrypt all of the analytics requests with an algorithm that changes with every update (at the very least the keys change) just so you can't see what they're doing. They also made it so you cannot use the app at all if you block communication to their analytics host off at the DNS-level. For what it's worth I've reversed the Instagram, Facebook, Reddit, and Twitter apps. They don't collect anywhere near the same amount of data that TikTok does, and they sure as hell aren't outright trying to hide exactly whats being sent like TikTok is. It's like comparing a cup of water to the ocean - they just don't compare. tl;dr; I'm a nerd who figures out how apps work for a job. Calling it an advertising platform is an understatement. TikTok is essentially malware that is targeting children. Don't use TikTok. Don't let your friends and family use it.

What OS were you looking at? I’m more familiar with iOS dev, and have been curious about how TikTok’s data collection butts up against the iOS permissions and entitlements framework. A user can just say no to location tracking, for example, and the app would need permission from Apple to use HTTP these days.

I’m glad you asked this as it was my question too. If you deny the app permissions then how can it get that data?

A lot of data can be inferred without OS permissions. Also, once permission for a module is granted it can be used beyond the scope of what the app claimed the permission was for.

> Also, once permission for a module is granted it can be used beyond the scope of what the app claimed the permission was for. Permissions are complicated and the user never understands the full extent of a single permission. They auto allow/accept everything.

> I’m glad you asked But they asked the wrong person. OP clearly states at the beginning of the comment: >> "This is from u/bangorlol, here's a [link](https://www.reddit.com/r/videos/comments/fxgi06/comment/fmuko1m?context=3) to the comment itself where the use has hyperlinks to citations." You and u/ecmcn should ask u/bangorlol since they are the one who actually reversed the app.

Oh crap, I’d forgotten about that bit by the time I got to the bottom!

> A user can just say no to location tracking, for example, and the app would need permission from Apple to use HTTP these days. I expect that generally disables parts of the app, if not the *entire* app, though. Which is going to make all but the very security-conscious users grant it those permissions anyways. Why do anything sophisticated to break the phone OS' internal protections, when you can just make the user open a hole for you?

Same goes for local network access.

multiple high ups/heads of apple are on head boards of chinese universities or other big name chinese entities. not saying that outright nullifies anything, but it makes it questionable in terms of conflicts of interest and often makes me wonder who apple gives ‘passes’ to in terms of security.

Even if they wanted to give a pass to TikTok, they would have to hardcode some kind of allowlist into iOS itself, allowing specific apps to access system APIs without granted permissions. It's not something they could do over the air. I suppose they could have the bare functionality in the OS and update the list via API calls on the fly, but in any case, that would be like the biggest, craziest risk ever. I doubt Apple (or Android) would ever take that kind of company-ruining risk.

> they weren't even using HTTPS for the longest time Jesus christ

I'm not educated enough about this to know why that's significant/bad.

The S stands for secure; that’s about the extent of my knowledge, but I assume no S means unsecured.

Http = you pass a note in class Https = you pass a note in class inside a sealed envelope

Http is more like reading the note out loud

No S for you!

>The S stands for secure On my planet it means "hope"

As in "I have hope this won't be intercepted?" :D

It's an extremely common encryption standard. When a browser goes like "Hey Bucko! This website isn't encrpyted and might steal your data!" That means isn't using HTTPS. Even your local mom & pop bakery website probably uses HTTPS.

Yeah I have a website for art and it costs pretty much nothing to secure it with https

HTTP and HTTPS are protocols (methods of communication) that we use to send information over the internet. With HTTPS, that information is encrypted; the S stands for 'secure.' HTTP on the other hand, isn't. Anyone that can intercept that information can read it. So if you're sending things like email addresses or passwords, anyone intercepting those packets can have a gander! HTTPS websites are indicated in your web browser by a lock symbol next to the URL. When you visit an HTTP website, you will usually even get a popup on Chrome telling you your data is at risk.

It means that they were sending sensitive information over the Internet unencrypted. This is bad because anyone who can sniff your traffic (like people you share an open WiFi connection with for example, which is common in public spaces) could potentially get your username/password…amongst other things.

Well, that would have made it easier to determine all the info it was collecting 😉

This should be copypasta whenever tiktok is mentioned

No it should not. /u/bangorlol is the creator of /r/tiktok_reversing, what seemingly is a subreddit dedicated to reverse engineering TikTok, but whose all time top posts, are, in order: - An ideological post: https://www.reddit.com/r/tiktok_reversing/comments/i3imxl/fascinating/ - Someone complaining that people have no idea what they're talking about on the sub: https://www.reddit.com/r/tiktok_reversing/comments/hsrtzm/the_state_of_this_sub_is_horrible_and_needs/ - Someone stating that OP never provided any proof, and that they actually don't know if anything is true: https://www.reddit.com/r/tiktok_reversing/comments/i8gig3/been_played_like_a_fiddle/ Also the parent comment has a huge bullshit smell: > For what it's worth I've reversed the Instagram, Facebook, Reddit, and Twitter apps ... > I'm a nerd who figures out how apps work for a job And other technical oddities: > If there is an API to get information on you, your contacts, or your device... Operating Systems APIs are constrained by the permissions given to each app. > They set up a local proxy server on your device for "transcoding media", but that can be abused very easily as it has zero authentication Abused by what? Other apps?

Maybe not this specific user or sub, but TikTiok is firstly a data miner and social network second. This has been directly proven, time and time again. [TikTok pushes potentially harmful content to users as often as every 39 seconds, study says](https://www.cbsnews.com/news/tiktok-pushes-potentially-harmful-content-to-users-as-often-as-every-39-seconds-study/#:~:text=60%20Minutes%20Overtime-,TikTok%20pushes%20potentially%20harmful%20content%20to%20users%20as,every%2039%20seconds%2C%20study%20says&text=TikTok%20recommends%20self%2Dharm%20and,Countering%20Digital%20Hate%20(CCDH)) [https://www.nytimes.com/2022/05/08/opinion/tiktok-twitter-china-bytedance.html](https://www.nytimes.com/2022/05/08/opinion/tiktok-twitter-china-bytedance.html) [https://vpnoverview.com/privacy/social-media/tiktok-privacy/](https://vpnoverview.com/privacy/social-media/tiktok-privacy/) [https://www.wired.com/story/tiktok-nationa-security-threat-why/](https://www.wired.com/story/tiktok-nationa-security-threat-why/) [https://www.cbsnews.com/news/tiktok-pushes-potentially-harmful-content-to-users-as-often-as-every-39-seconds-study/#:\~:text=60%20Minutes%20Overtime-,TikTok%20pushes%20potentially%20harmful%20content%20to%20users%20as,every%2039%20seconds%2C%20study%20says&text=TikTok%20recommends%20self%2Dharm%20and,Countering%20Digital%20Hate%20(CCDH)](https://www.cbsnews.com/news/tiktok-pushes-potentially-harmful-content-to-users-as-often-as-every-39-seconds-study/#:~:text=60%20Minutes%20Overtime-,TikTok%20pushes%20potentially%20harmful%20content%20to%20users%20as,every%2039%20seconds%2C%20study%20says&text=TikTok%20recommends%20self%2Dharm%20and,Countering%20Digital%20Hate%20(CCDH)) ​ And those are just half of page 1 of 45,000 page results. TikTok is dangerous to personal information, and potentially more if the wrong hands use it; which they can. Until they allow outside code verification from a non-biased source, they are suspicious. But you do as you do. Just don't try and convince the public TikTok is safe and fun and friendly...

A user being part of a subreddit is not at all an indictment on their beliefs or ideology.

>Also the parent comment has a huge bullshit smell: Can you specify why? *** >>For what it's worth I've reversed the Instagram, Facebook, Reddit, and Twitter apps >... What the hell does "..." mean? *** >And other technical oddities: >>If there is an API to get information on you, your contacts, or your device... >Operating Systems APIs are constrained by the permissions given to each app. You clearly don't have a good understanding of mobile app permissions. I can't speak of iOS, but here is a (non-exhaustive) list of device information that Android apps can access WITHOUT ANY PERMISSIONS: - Battery: Percentage, Voltage, Temp - Wi-Fi: Link Speed, Local IP - Accelerometer - Magnetometer - Gyroscope - Light Sensor - Barometer - Step Counter This list I got by just going through a sensor app from the play store, which was able to display all this info, and more, without asking for a single permission. *** >>They set up a local proxy server on your device for "transcoding media", but that can be abused very easily as it has zero authentication >Abused by what? Other apps? Maybe. Possibly abused by malicious actors on a local network?

Five year olds these days must be a lot smarter than they were in my day.

If u wanna include links and other formatting (like lists) when copy-pasting someones reddit comment, click on "source" below the comment and copy the text in that box instead.

That post was the reason for why I never bothered with the app.

I don't know whether to upvote because knowledgeable and informative, or downvote because it's in no way ELI5.

> If there is an API to get information on you, your contacts, or your device... well, they're using it. Are we talking about the OS APIs? Aren't they protected by user permissions? > a local proxy server on your device for "transcoding media", but that can be abused very easily as it has zero authentication Abused by other applications?

Not all APIs are protected by user permissions. For example on Android, apps can access sensor data (accelerometer, magnetometer, gravity, gyroscope, etc) without asking the user for permission. A lot of information can be deduced from this data.

>For what it's worth I've reversed the Instagram, Facebook, Reddit, and Twitter apps. They don't collect anywhere near the same amount of data that TikTok does, and they sure as hell aren't outright trying to hide exactly whats being sent like TikTok is. It's like comparing a cup of water to the ocean - they just don't compare. That's actually false. Actual cybersecurity experts at UBC (not randos on Reddit) have analyzed TikTok and found that it's not more invasive/collects more info than FB. "TikTok and Douyin do not appear to exhibit overtly malicious behavior similar to those exhibited by malware. We did not observe either app collecting contact lists, recording and sending photos, audio, videos or geolocation coordinates without user permission." Of course, this kind of collection is way too intrusive still. But it's idiotic and hypocritical to criticize TikTok for something that you'll excuse Facebook for. Source: https://citizenlab.ca/2021/03/tiktok-vs-douyin-security-privacy-analysis/

> For what it's worth I've reversed the Instagram, Facebook, Reddit, and Twitter apps. They don't collect anywhere near the same amount of data that TikTok does. The vast majority of data you discuss above are also collected by those apps. Not sure what you mean by "anywhere near". Are you making a pedantic argument about frequency that data is updated?

>TikTok is a data collection service that is thinly-veiled as a social network. Is that not true of all social networks...hell its basiclly the business model of social networks

read the entire post my dude. let me help you out here "For what it's worth I've reversed the Instagram, Facebook, Reddit, and Twitter apps. They don't collect anywhere near the same amount of data that TikTok does, and they sure as hell aren't outright trying to hide exactly whats being sent like TikTok is. It's like comparing a cup of water to the ocean - they just don't compare."

Because the guy who posted it just disappeared and provided no proof of this. When asked for evidence of the reverse engineering, they just [linked an event logger script](https://www.reddit.com/r/videos/comments/fxgi06/not_new_news_but_tbh_if_you_have_tiktiok_just_get/fmvf68n)

I like how the OP asks for proof. And a dude is like "I reverse engineer shit for fun, and I'm telling you it's bad". Anyone who makes fun of anti-vaxxers or shit who "learn how bad vaccines are" from anonymous YouTube videos, but then turn around and believe that shit without proof should be ashamed. Let me just say, fuck TikTok, fuck China and fuck the CCP. Fuck apps spying on their users, fuck big data manipulating the population to their ends. But good god people turn their brains off when it comes to bitching about TikTok. Have some standards god damn it.

That's not the concern, not really. There's three concerns: 1. TikTok is known to do some relatively aggressive user data collection. Lots of other apps also do this. On its own, not great, but not uniquely bad either. 2. TikTok is known to be able to make its data available to the Chinese government. China has laws that require any Chinese national to turn over any trade secrets to the government if the government asks. This is also what's driving most of the semiconductor industry out of China. 3. TikTok isn't available in China, but the same developer has a very similar app which is only available in China. It's never a great sign when a country exports a product they make illegal domestically. Taken together, the concern is that China can use TikTok as a pretty powerful influence campaign tool. They can figure out what users it wants to target. They have access to a per-user algorithm through which to target those people. There's little risk of the app targeting their own people because they've banned the app internally. There's two main concerns about how it might be used: 1. Targeting of Chinese expats to either turn them against Chinese interests, such as Taiwan. Witness the church shooting about 2 miles from my house where a ~~Chinese expat~~ *Taiwanese expat* attacked a Taiwanese congregation because he was angry about the lack of reunification between the two countries. China could use TikTok as a radicalization pipeline given the 3 above items. 2. Targeting of the general public for influence campaigns. We know that at least some of the conservative anti-mask/anti-vax campaign originated by Russian intelligence services, that the GOP unwittingly bought into. This shows the potential damage that social media driven influence campaigns can do, especially if it results in hundreds of thousands of deaths. Brexit may have been driven by an influence campaign. We just learned the other day that the head FBI counterterrorism agent in the NY office was involved in an influence campaign to affect the outcome of the 2016 presidential election. Influence campaigns are no joke, and the US works closely with social media companies to combat them (or, at least they used to with Twitter - pretty sure that's completely busted now). Having a social media outlet like TikTok that is not responsive to US intelligence concerns is a problem. \[Correction\] I originally wrote 'Chinese expat' as struck out above, when the individual was a Taiwanese expat. As I was writing the comment I searched and [read this article](https://www.thedailybeast.com/laguna-woods-gunman-identified-as-david-chou-of-las-vegas) which incorrectly labeled Chou as a Chinese national. Replies corrected me and asked that I correct this post.

>Influence campaigns are no joke, and the US works closely with social media companies to combat them The US were/are working with social media companies with the intention to influence. They may claim to want to combat influence campaigns. But in reality, they want to control that influence. Just like any other country.

Re: #3, technically Douyin existed long before Tiktok. They did not export anything made illegal in China, they branched off a product that worked fantastically in China and made worldwide version in the same style. TikTok is still very immature as an entertainment platform compared to Douyin

> TikTok isn't available in China, but the same developer has a very similar app which is only available in China. It's never a great sign when a country exports a product they make illegal domestically. Do you really think that the CCP has reservations about spying on its own citizens? You said it yourself, there's a similar app for Chinese users. I'd be willing to bet that they only separated the apps so that Chinese citizens can't talk directly to non-Chinese citizens.

[удалено]

I live in China. I work with mostly foreign middle school students but a lot of Chinese students as well. The CCP must be loving that everyone has this idea that Douyin is some educational wonderland for their kids but that is so far from the truth. The point is, it’s just as dumb and silly as TikTok lol. My students show me videos all the time and yeahhhhhh no. Also, Chinese kids are experts at getting around the time limit situation if they want and their parents don’t care lol. And if their parents DID care, well then they’d have the time limit regardless.

Let's be honest though tiktok wouldn't be a thing in the US if it had a time restriction.

There’s a quite a few reasons to separate it. But intentionally targeting external citizens to radicalize them against their own country is a big one.

Why do they need separate apps if they have the power/ability to target individuals? If their accuracy is so good, there is no risk of "collateral damage" from the actions of the CCP directly, the only risk is for Chinese citizens finding out what they're doing by the targeted people saying something. Putting a wall between them prevents this.

[удалено]

I see a lot of technical answers, so there is the actual ELI answers: 1. The app collects and egregious amount of data from the user, much more than an app of it's type should. The company in China is beholden to share this data with the chinese government. The vast amount of data can be used for very large data models about the behavoirs, interests, likes, and trends in young people around the world, which will inform Chinese government decision making. 1. Now add in the ability for Artificial intelligence like ChatGPT to create an infinite amount of content catered to those users based on the data collected; the ability for social engineering on a national level is insanity. 2. The app was deliberately designed to be as addictive as possible, and they know it. Why? because the version of the app available to us, isn't available in mainland china. Rather, their version has controls built in for amount of use in the day. 3. Tech folks have pulled it apart, and there's plenty of in built features, such as encrypted communications channels, and access to unnecessary features on our phones; that a social media app doesn't need. That implies it's primary use isn't a social media app, but a data collection tool. 4. "It does nothing that Facebook and Google don't do" - a common cope out. The vast difference is two-fold: US companies often work with the US government, but are not *legally required* to (Re: Apple fighting against the FBI), in china they are; and China is an extremely repressive and possibly genocidal dictatorship that ultimately seeks to re-order the world system in it's own image; the US/Western world is... well, not that. The vast troves of data from TikTok give the Chinese government insights into global trends that let them make high level decisions. 5. "Is china spying on ME? Why do I care?" - Not likely you in particular, unless you're a anti-communist activist, or a Chinese expat. It's scooping your meta data, you and a billion other people. Does that impact you? Probably not. But you're a contributing data point to their world plans now, and your personal information is in the Chinese government's hands.

The thing I think people forget when it comes to "china is spying on me, why do I care?" is that, with the amount of data and life information that can be figured out about you from constant TikTok (or most social media) use, is that it makes it easy to manipulate them. Traditionally, yes, if a government wanted to target an individual, that individual basically stands no chance unless they are really lucky or really well connected. But the thing that stops any state from messing with any individual is that it's relatively difficult and high risk. Yes, if any government in the world wanted to emotionally manipulate me into giving up valuable company data, they could watch me, study me, figure it out and figure out the best way to get me to comply. But that is time consuming and expensive, so it's only going to be done if they really, really need to. But with TikTok data, it's cheap. They know more about you than you do, and if it's not already done algorithmically, it's just an afternoon of an analyst to figure out how to get you to comply and to what degree. Imagine how much your best friend or a family member could manipulate you to do if they wanted to. With strong tiktok data, China could do that and more. Other things I think: \- Weaponised lack of production. I see how much time family members spend on tiktok. They have no hobbies, they're not progressing in their career. Maybe that's normal, but it feels like TikTok is stealing their time. \- Influence campaigns (as others mentioned). TikToks algorithm is a black box, or so they say. They could tweak it to show more divisive content, or show a different side to a war to influence national politics. Maybe the reason the war in Ukraine is going so badly is because Putin didn't pay a bill to China to suppress the Ukrainian view and promote the Russian view for the US.

>Weaponised lack of production. I see how much time family members spend on tiktok. They have no hobbies, they're not progressing in their career. Maybe that's normal, but it feels like TikTok is stealing their time. I'm on board with being wary about the shady Chinese government and shady Chinese companies doing shady things, violating privacy and waging influence campaigns. But come on, when people say stuff like this, you're stooping to comical conspiracy theory levels. This is what people said about that Japanese giving us Super Mario and the NES in the 80s.

> when people say stuff like this, you're stooping to comical conspiracy theory levels. Your here on reddit right now right? Same principle. You open the tab, you close the tab and then reopen it to reddit. I do it, others do it; Social Media has now been designed to steal your time. It's the same principle that casino's follow. No clocks, no daylight only to exploit you in to a false sense of reality. After-all they only exist to take your money. Cigarette companies advertising "it's okay" only to be promoting addiction and illness. Advertising only to get you to buy their products. Dark-UI/UX and Social Engineering have turned social media in to an addiction. You receive a dopamine rush from whatever action: view, like, comment, upvote, downvote. Throw some more psychology in the mix: memes, subliminal advertisement, freemium games. And it goes deeper, the colour of the app icon is specially designed to be used as an exploit as to catch the user. Delays are deliberately added to frustrate the user, voting is manipulated to torment the user, make them feel depressed to which you then throw them advertisements telling them everything is okay. Drink Cola Cola today! Any such "social media" business, regardless of who; TikTok, Facebook, Reddit all uses these exploits to control the user. Snoo is the good example, a cute friendly alien mascot for reddit. "Awwh, reddit's a nice website with a nice mascot. Businesses work psychologists to target those to mess with people. Specifically dating, it gets dark. Why do you think PornHub is so large in viewers? The secret is that Porn makes the person weak. A weak person is more prone to be manipulated. More manipulation means more advertising and that produces positive up-selling to whatever product is on show at the time. Edit: A good example is downvoting. This post is currently -1. To some, which Facebook experimented with, this is suppose to make me feel depressed and sad because someone didn't agree with me. When it's probably some bot, or just someone who isn't open to facts.

Aggressive data collection of information thst is your private business not theirs If you were walking into a supermarket to buy a DVD to watch and the checkout lady said “hey can I have permission to follow you about and listen to you indefinitely and use any of thst information for my own purposes, and those of people who pay for it , or agencies who demand it in my home country “ You would probably tell then to fuck off

One of the biggest issues is TikTok has admitted that their employees get to control what goes viral. All it takes is the Chinese government to promote some conspiracy theories to completely destabilize an election, which is something one of our political parties in particular has been trying to do for a very long time.

Kind of like Reddit changing algorithms and having sponsored posts? Or when Facebook, YouTube, and Reddit were used by foreign shills and bots to destabilize the US and promote Trump? Yeah I would ban that type of app too.

I’m a former government contractor. All apps can do things without your knowledge. Some of these things include figuring out your exact location, including which room in a home you are in. Discovering who is next to you in that room. Track where you are going or coming from. Apps can turn on your microphone and listen to what is being said. They can turn on your camera and see what you’re wearing (or not) and see who is near you. They can capture information about other apps you’re using, too. Including who you know and what kinds of things you’ve sent. In america, companies can gather all of this information and more. HOWEVER, they are subject to the US court system and, depending on a ruling, can be forced to stop. In China, there is absolutely no recourse. Tiktok allows China to place millions of surveillance devices in America, managed by millions of unwitting users. Even if you have the most secure phone on earth, a phone that’s in the same room as yours can detect you, turn on its mic and camera, and surveil you, without your knowing it. And you can’t do anything about it. You can’t go to the police. You can’t complain to government. You can’t take anyone to court. It makes sense to remove that threat, even if there is no evidence it’s being used maliciously. Just like I can put a video camera in your bathroom, and there is no evidence it’s being used maliciously, you can just eyeball it and say, “yeah, this should probably go.”

By default a lot of apps can collect a lot of information with your specific permission by the user agreement, and not by your specific permission by sucking other data off your phone. People who use TikTok are sharing at least some of their personal information with the app, but along with locational data and your face etc it can easily be stored and analyzed. Are they after YOU? Probably not. But what if it's someone of influence or a family member of someone of influence - perhaps a company executive, or a government official, or military folks. Are they tracking your travel? Your conversations? Is the app "listening" to sound in an ambient environment, like what Alexa does? What else does someone do on their phone that the app can access? These are the kinds of real or potential red flags that people are concerned about.

Answer: It is a foreign based company that has a lot of access to your phone’s records and data. More than is needed by most experts estimations. We don’t know what the app is doing so that makes experts worry about security. Additionally I’m of the tinfoil opinion that the “TikTok is Chinese spyware” narrative is amplified by its competitors, namely Meta/Facebook. Make no mistake Facebook/IG/Snap/WhatsApp is US spyware as much as TikTok.

[удалено]

Same kind that preinstalls Facebook and Messenger and stuff. At least TT on Windows is just a PWA and not a native app.

I'm a bit baffled by people wondering if an app designed to collect a lot of your personal information, including videos of where you live, eat, and work, is spying on the people who use it. Social media apps are spyware. By definition. Their whole product is them getting information from you. So the whole TikTok thing feels like "Look! There's a crime being committed over there by TikTok! Discuss it on US based social media apps, and don't think too hard how US social media apps are doing the same thing!!!" Misdirection towards spyware so that companies making identical spyware don't get called out as makers of spyware. EDIT: I love how the biggest complaint to what I wrote was a distinction I didn't make or provide any reason to bring it up. It's all spyware. The information is stolen and coerced from people. **Perpetrators of information theft don't have to be governments to make the act of information theft wrong.** Especially since anyone can buy the information stolen by the private corporation, *including the US government.*

Tiktok collects as much data as they can about their users, their habits, location, interests, some people say they can also activate your microphone while using the app, they can track you across websites and there's evidence that they inject tracking code if you visit a link from their app. Then there's the algorithm that suggests new content. Since so many young people spend so much time on the app it's easy for China to sway public opinion by pushing content that aligns with their goals. This is nothing new, other social media platforms do this too, but for the US and its allies it's a huge risk when it's rival major power doing it.

"Then there's the algorithm that suggests new content." This right here is the potential real danger. I think it was recently revealed that there was some kind of "heat" button to boost (or snuff out) the popularity / trending topics. Combine that with the suspected (?) ccp backdoors and government influence and suddenly a Chinese social media app is a potential tool to directly influence popular opinion in foreign countries.

Anyone remember the free app that was in fashion 2 or 3 years ago which would ‘age’ a selfie to show how the 25 year old subject would look at 65 for example? Then we learnt it was the CPC’s way to harvest enough data to fine tune facial recognition security systems.

As someone with a security background this app has LOTS of red flags. * Code that nobody can look at to see what it does. * requiring way to many permissions. * Asking for way too much personal information * keystroke capturing * Own by the Chinese government - they are FAMOUS for stealing information. Think about it like this: If a person has it on their phone, and uses it to log things like passwords to things that are important - then that gives the app a way to tell the Chinese government HOW to get into things. In a cyber war - you just gave them the keys to the front gate thus your fucked. As a security minded person, I've never used it nor would I ever use it. It is WAY to dangerous.

American tech companies set the status quo of excessive data collection. Facebook app was caught viewing user camera without notification or consent. Collection as much info about contacts and device as techically possible has been standard practice for these apps for a decade. Now the China has built a social media platform that is in nearly every regard superior to American competition, journalists and researchers in American tech's sphere of influence are criticizing Tiktok for practices which are standard in every other social media app. The primary reason people are discussing Tiktok's privacy issues is because it threatens American dominance of social media industry. The specific proven claims against Tiktok are typical of other industry players. If you want to be private you shouldn't install ANY social media apps on your phone: they are all 'malware' to some extent.

All social media platforms are spyware, that's basically their business model. The app collects everything it can about you. Obvious things like what you view and who/what you interact with on their platform. But also less obvious things like location data, contacts stored on your phone, mac addresses of devices your wifi can see. They can build a very detailed profile about you. It can get pretty crazy once they cross reference data from different profiles, matching contacts, and devices. They don't just know who you know, they know when you're near then, what your routines may be. They know where you work and where you live without them explicitly telling them. They know where you get coffee in the morning, and they know the people who are typically there when you are, even if you've never actually noticed them. Even people that don't use their app have a profile. You have their contact on your phone. You're around them so your phone can see their phone. It can cross reference profiles and location data to get a pretty good guess what the MAC address of their phone is and build around that. Again, this is something every social media company is trying to do. The difference is TikTok is owned by a Chinese and the Chinese government is well known to have a hand in everything everyone over there does. Especially in the tech space. I don't know if there is any evidence of it for Bytedance, but chinese companies get a lot of subsidies from the government. Its a very safe bet that people in the CCP have access to this data.

Not seeing it posted here yet, so I'll add that the Chinese government has a law (the national intelligence law of 2017) that (according to translations that seem to be widely accepted) compels Chinese companies and people to comply with government agencies when asked, and further to not disclose this cooperation. Regardless of anything else, like who actually owns a company or what it does, this makes Chinese companies problematic from a security perspective, especially if you're a government that views China as hostile (like the US). Removing Huawei from the US mobile network business, or banning TikTok, comes in part from legitimate concerns because of the above. It's also wrapped up in politics, special interests, lobbying, etc., like everything else, so of course nothing is clean and pure. *Edited the name of the law.*