The secretive world of TikTok
Tiktok has been making the headlines since its inception for all the wrong reasons. But the biggest concern surrounding TikTok has been the misuse of TikTok to breach the internal security of countries. The secretive world of Tiktok is abusing the residents of other countries through various techniques in the name of “Entertainment”.
Presenting a comprehensive investigative report on the secretive world of Tiktok. It is presented compiled, and curated by our technology expert P. Burton.
TikTok is an application for making and sharing short videos. It is known as Douyin (Chinese: 抖音) in China. The Chinese company ByteDance owns TikTok. The application hosts a variety of short-form user videos from genres like pranks, stunts, tricks, jokes, dance, and entertainment with durations from 15 seconds to ten minutes. It is one of the most downloaded apps of 2022 and one of the few apps with over 3.5 Billion downloads.
ByteDance is a Chinese multinational internet technology company headquartered in Beijing and domiciled in the Cayman Islands. The Chinese government also has stakes in ByteDance.
TikTok can gather information through cookies and other trackers even without signup. Once you’ve created an account, the social network collects all the data about your activities and preferences.
On top of this, several controversial sections in the National Intelligence Law of the People’s Republic of China facilitate the misusage of Tiktok. Following are the most contentious sections:
- Article 7 : Potentially coerces businesses registered in the PRC or have operations in China to hand over information to Chinese intelligence agencies such as the MSS. Read the exact section:
- Article 10 : Makes the law applicable extraterritorially, having implications for Chinese businesses operating overseas, compelling them to hand over user data even when operations are in foreign jurisdictions. Read the exact section:
Other major security concerns
- TikTok’s Cloud Hosting Networks majorly use Chinese cloud platforms like Alibaba Cloud, China Telecom IDC’s Kingsoft Cloud, and Tencent Cloud.
- TikTok on iOS and Android still use unencrypted HTTP to download media content. While this improves the performance of data transfer, it puts user privacy at risk. HTTP traffic can be easily tracked, and even altered by malicious actors. An investigation by Talal Haj Bakry and Tommy Mysk has revealed that backward-compatible support for HTTP in iOS and Android is allowing data from TikTok to be intercepted and altered. Following was the result:
This is a dangerous vulnerability because:
Over one-third of TikTokers treat it as a news source, according to the Reuters Institute at Oxford University. Young people, the most avid TikTokers, are more likely than others to get news from it. Tiktok is thus misused to smear misinformation campaigns and influence election results in other countries.
- Internal guidelines (unearthed by the Guardian in 2019) banned references to Tiananmen, Tibet, and Taiwan, alongside “highly controversial topics” from other countries.
- Posts related to the Hong Kong protests have also reportedly been censored. (TikTok has suspended business operations in Hong Kong as a result of the newly-imposed National Security Law).
- According to internal documents obtained by The Intercept, TikTok app moderators were instructed to suppress posts created by users deemed too ugly, poor, or disabled for the platform. One document instructs moderators to scan videos for cracked walls and disreputable decorations in users’ own homes and punish those poor users by narrowing their audiences.
Response from various countries
In 2020, India’s Narendra Modi Government banned TikTok and dozens of other Chinese applications. India claimed that the applications like TikTok were “stealing and surreptitiously transmitting Indian users’ information”.
The former US President Donald Trump also warned TikTok to divest to an American company within 45 days or else face a ban. His administration cited that Tiktok was collecting “vast swathes” of information. It was “potentially allowing China to track the locations of Federal employees and contractors, build dossiers of personal information for blackmail and conduct corporate espionage”. But when the 46th President Joe Biden took charge, he did not enforce the divestment order — and ByteDance didn’t sell.
Italy’s data protection authority has formally warned TikTok about a breach of existing European Union rules to safeguard user privacy.
James Paterson (an Australian politician who has been a Senator for Victoria since 2016, representing the Liberal Party) wrote a letter to TikTok Australia following revelations in the US that user data is accessible in mainland China, putting it within reach of the Chinese government. TikTok Australia replied to his letter and admitted that Australian user data is also accessible in mainland China, putting it within reach of the Chinese government, despite their previous assurances it was safe. They denied sharing it with the government. However, the controversial articles of the National Intelligence Law of the People’s Republic of China have endangered the privacy of millions of Australians using it.
Tiktok should follow in practice what its spokesperson recently said on the data breach allegation by Italy’s data protection authority. TikTok should address all the security concerns of the countries affected so that the secretive world of Tiktok doesn’t remain secretive.
P. Burton compiled and curated this reportP. Burton ( Technology Expert of Ij-reportika)