Viewing a single comment thread. View all comments

challengerNomad12 t1_ix8s2x6 wrote

The fact you are cleary in the IT industry and so unaware of the information that tik tok has access to during run time is a bit concerning.

Plain and simple you are wrong. The application has permissions to full hard drive scans, contacts, see other running applications (potentially harvesting data from them), and most concerning clip board data while running. If you use any sort of password saver on AndroidOS, your password is in your clipboard and thus could be compromised.

They also petitioned to collect biometric data in the US, and can presumably have access to finger print data and use images for facial recognition. (Not by any means something tik tok only does)

Add that with the repot from the engineers working for the Tik Tok US corporate branch and the clear lack of understanding and transparency on what data stays in the US and what can be shared with the larger corporation based in China and there in lies the security concern.

Racism has no play here and is a far leap from reality. A distraction from the situation at hand.

Educate yourself mate, the claim isn't ridiculous at all but your false sense of security sure is.

https://www.indy100.com/science-tech/tiktok-data-access-china-us

https://techcrunch.com/2021/06/03/tiktok-just-gave-itself-permission-to-collect-biometric-data-on-u-s-users-including-faceprints-and-voiceprints/

https://www.wired.co.uk/article/tiktok-data-privacy

https://www.triaxiomsecurity.com/tiktok-security-implications/

https://www.proofpoint.com/us/blog/threat-protection/understanding-information-tiktok-gathers-and-stores#:~:text=On%20Android%2C%20the%20app%20has,that%20TikTok%20abuses%20this%20ability.

0

geekynerdynerd t1_ix97yg7 wrote

It seems you didn't read your own sources or understand just how widespread all of these practices are. Biometric collection is done via media / camera access. Which is protected by the permissions system and containerization. Contacts again are a permission system protected thing. They do not have access to fingerprint data. That is encrypted and stored in the Secure Enclave. Only the operating system has access to that. They could make their own via a high resolution image of your fingers, but again TikTok doesn't have access if you do not grant them permission to access the camera/media/files. Clipboard access is a concern, but one that applies to all apps and is why Google and Apple have been working on locking clipboard access behind a new permission. However Most password managers use the password manager API on Android/iOS, not the clipboard, with some exceptions.

Full Hard drive scans are nonsense. There is no such thing as a "full Hard drive scan" on modern Android/iOS. On iOS apps do not have access to the full Hard drive, only a containerized file that is only available to that specific app. All requests to access other files must be made via an API, with tight restrictions on what is accessed. Only the operating system has full access at any given time on iOS. On Android it's a bit more complicated and possible to bypass simply because Google is significantly more lax in permitting apps to bypass androids newer security features by letting apps target versions of Android that are ancient and don't support the newer more secure APIs. Eventually Google will force all apps to target a version of Android with the Scoped Storage API, and when that happens this loophole will be closed, and a permission will be required for full drive access.

As for the rest of it, that's all industry standard. UUID collection, targeted advertising based on your activity in app and content uploaded to the app. Using third party tracking systems for more data to further enhance targeted advertising and algorithmic content suggestions... It's all standard and legal outside of the European Union where the GDPR has made most of this difficult, if not outright impossible to do legally.

Technical Illiteracy+ Racism have to play a role, otherwise we'd be seeing similar backlash against Facebook still. Instead all of the focus on Facebook has died out and everyone is talking about Banning TikTok, rather than admitting that we need something like the GDPR in America. A level playing ground that would still neuter the problems TikTok has, however nobody is suggesting that as an option here. Which is telling of the real motivations at hand.

2

challengerNomad12 t1_ix9dgmq wrote

Like I said, it's not that what tik tok has access to is any more alarming or different than other applications. It is that plus the fact that reports have shown a clear lack of transparency in where and how the data is stored, and whom has access to it. That doesn't negate the existence of the threat you are simply saying "its not new".

The fact that a Chinese company owns it, is obviously where the concern comes in and I am failing to see how that equates to racism. Not only is Chinese influence bad for the western world and our way of life, but they have demonstrated time and time again they do not play by the rules. Hafnium, wawei, etc. etc. So while I agree with you that a GPDR is in order do you really anticipate the Chinese to honor those laws and boundaries? When have they ever? International patents mean nothing to them. They are a safe haven for corporate espionage and labor crimes.

As far as technical illiteracy I think its evident given the very in depth analysis congress did on the security of data management at facebook (satire), that the government is far removed from having the wherewithal to accurately evaluate the threat. That doesn't mean it isnt there. That doesn't mean it should be ignored.

Nobody is saying ban tiktok because it has a owner of Chinese decent. They are saying ban tik tok because it presents a very real data collection and security threat and is owned by a company outside our jurisdiction in a country that has a record of not taking security or privacy concerns seriously.

If bytedance wants to be in the US market they should have to play by our rules. They supposedly were, but have been caught blurring those lines.

Ban it.

1

geekynerdynerd t1_ix9llml wrote

The US doesn't have much in the way of rules to begin with when it comes to data usage. That's the problem. Outside of wiretapping laws, COPPA, HIPPA and Financial data laws they effectively don't exist. Not at the federal level. There is no law requiring that TikTok not provide data access to employees located in China. They promised to cease doing so, because Trump threatened to use his broad executive powers to ban it under the claim that they were a unique national security threat. Huawei absolutely was, albeit primarily on the infrastructure side. And China definitely has a history of patent and general intellectual property theft.

Overall, I don't disagree that the CCP is a threat to western civilization. I don't even disagree that TikTok should be regulated and even banned if they repeatedly break the rules. However currently there aren't any real rules that apply to them.

If we are gonna ban them, it has to be for breaking rules that actually exist, with the consequences clearly written out in those rules/laws. Calling to ban them outright now however is completely legally and ethically unjustifiable. They haven't broken the law because there are no laws on what they are doing. They aren't collecting anything unique.

The reason why I can't help but see this as being racially motivated is because American companies have been guilty of the same things, and rather than calling for widespread reform they leave the call at banning TikTok. Like banning TikTok will solve all of our problems. Outside of Google and Apple, almost no private sector American company has much of an emphasis on security, and Apple holds the lone title for large American corporations that actually care about protecting privacy even somewhat meaningfully.

Rushing to ban TikTok before there are even any rules to attempt to constrain them, and assuming that because they are Chinese they will inherently violate data regulations immediately and fully is racist. Full stop. Regulate them like any other company from any other country. If they violate those rules then go ahead and ban them if that's the penalty written down in the laws. Whether they are a company from Panama or China should be completely irrelevant under the law. Anything less is in fact racism. By definition. We don't need to discriminate to kneecap the influence of the CCP. Doing so infact means we are acknowledging their ideology is superior. Don't do it. Don't push for us to become like them in the name of containing them. Don't repeat the mistakes of the cold war.

2

challengerNomad12 t1_ix9owv4 wrote

I appreciate your energy and agree with you.

Achievemnet unlocked: Change someone's mind in the positive on social media

Plus 2000 XP

1