The mounting controversies surrounding TikTok privacy

Questions surrounding TikTok’s privacy practices are not letting up. New research has revealed that TikTok’s in-app browser can track its users’ every keystroke with a particular Javascript code. 

Privacy researcher Felix Krause, who previously exposed the risks of using in-app browsers, found that TikTok monitors all keyboard inputs and taps when a user opens a link in its iOS app. This can include sensitive user data such as credit card numbers and passwords, as well as any link, button, or image rendered within the app. TikTok later responded to Krause’s claims. Speaking to Forbes, a representative said that while these features exist, TikTok does not use them. They claim that the Javascript code is used for troubleshooting purposes, like debugging and performance monitoring. 

Meanwhile, national security experts in the US continue questioning TikTok’s China connection and just how much influence its government has over the app. The Chinese government’s potential access to the data of non-citizens is a key concern specifically. The New York Times reports that House of Representatives officials told its staff that they should avoid downloading or using the app due to security concerns following months of bipartisan scrutiny. The fact that 300 current employees of TikTok and its parent company ByteDance used to work for Chinese state media, according to an investigation of public LinkedIn profiles by Forbes, likely doesn’t help matters. 

It’s unsurprising then that TikTok has been trying hard to downplay its China association, according to leaked internal documents obtained by Gizmodo. The documents named “TikTok Master Messaging” and “TikTok Key Messages” include press talking points and stock answers to potential questions PR representatives might face from journalists. Topping the key messages are the bullet points, “Downplay the parent company ByteDance, downplay the China association, downplay AI.” A PR representative from a competing company told Gizmodo they were surprised at the lack of specific information contained within the documents.

Now it seems that TikTok is making a concerted effort to prove to US lawmakers that Chinese authorities are not manipulating the app. TechCrunch reports that Oracle, which now hosts all of TikTok’s US traffic, is now auditing TikTok’s algorithms and content moderation models. More than just a host for TikTok’s data, Oracle will be responsible for preventing US data from being directed to China. It may also be called upon to back up or dispute any claims directed at TikTok regarding its operations and China’s influence.

In other news

• NASA to use space robots in deep-sea environments. According to the NASA website, the US space agency will apply its robotic technology used on space missions to remote work in ocean environments. NASA believes that as remote work in both space and the deep sea share similarities, its robots can be used to much the same effect. Nauticus is a team of engineers from the Houston-based Johnson Space Center that has developed the Aquanaut, a propeller-driven torpedo that travels to its destination that gets to work with the aid of sensors, cameras, and two claw hands that fit different tools. The Nauticus team hopes that the Aquanaut will cut costs for maritime industries. 

• Chinese tech giants share algorithm details with regulator. CNBC reports that China’s biggest technology firms, including Alibaba and Tencent, have been forced to share the carefully -guarded secrets of their algorithms with the Cyberspace Administration of China, one of the country’s largest regulators. This follows a new law introduced in March that changed the way recommendation algorithms are used, such as allowing users to opt out of receiving recommendations. The Chinese government has tightened regulations in the past two years in an attempt to restrict the power of the country’s tech giants.   

• New EU law to regulate AI. The Artificial Intelligence Act is a new piece of legislation that will regulate the use of AI in the European Union and beyond, according to The Guardian. This will be the world’s first comprehensive template for AI regulation, and it’s hoped that it will prevent the kind of machine-based discrimination that can affect large purchases and important decisions. In some cases, unintentional bias can occur, which means people from certain groups can be excluded from such things as access to loans or bank accounts. The AI Act is set to come into effect in 2024 and, similar to the General Data Protection Regulation (GDPR), it will apply to organizations around the world that have EU customers and clients.    

• NASA to upgrade computers for its space missions. According to Techradar, NASA is undergoing a major upgrade of its current spaceflight computers. NASA will use Arizona-based Microchip Technology to develop a new High-Performance Spaceflight Computing (HPSC) processor. This will apparently provide a 100-fold improvement on the current computational capacity, which was developed almost 30 years ago. The project will take place over the next three years and at a cost of $50 million. NASA says the new capabilities will save a large amount of energy and improve computing efficiency.   

• Microsoft identifies Seaborgium Russian phishing attacks. Microsoft has revealed that it’s working to combat a large Russian phishing operation, according to Hacker News. Seaborgium has interests similar to the Russian government, and it is linked with hacking groups Callisto, COLDRIVER, and TA446. Microsoft described it as a “highly persistent threat actor,” the tech giant is attempting to disrupt phishing operations. Seaborgium is involved with “hack and leak campaigns” targeting the same organizations over long periods of time. Targets include defense and intelligence organizations, non-governmental organizations (NGOs), and think tanks mainly in the U.S. and the U.K. 

• Meta allows algorithm to fire employees. The New York Post reports that Meta has used an algorithm to choose 60 employees at random and make them redundant. The employees were informed via a video conference call that their employment would terminate on September 2 and their pay would end on October 3. No reasons were given for their termination except that they were chosen at random. This has come at a time of many mass layoffs in the tech industry, as Apple made 100 recruiters redundant a few days before. Last year a gaming industry payment processing company, Xsolla, laid off 150 employees that were picked by an algorithm. Meta’s company stock is down by 50% this year.  

Tip of the week: Better TikTok privacy

In some ways, “TikTok privacy” is an oxymoron. TikTok is inherently designed to distribute personal videos to the entire globe, and users must give the app permission to collect usage information, IP addresses, keystroke patterns, location data, and more. And we must keep in mind that the Chinese government has free access to anything on TikTok’s mainland-China servers. So when online privacy is a high priority, it’s better not to use the app at all. However, if you’ve got FOMO when it comes to trending TikTok videos, here are a few tips to protect your privacy just a little more.  

1. Disable personalized ad targeting. On TikTok, your posts are visible to friends only by default. However, advertisers can still target you based on your profile information. This can happen even when your profile is set to Private. If you want to make sure that your TikTok posts are not targeted by advertisers, you can turn off personalized ad targeting. To do this, go to ‘Settings’ on the app and select ‘Privacy’ from the menu. Here, turn off ‘Advertising’. This will ensure that your posts are not shown to advertisers.

2. Block access to phone contacts and Facebook friends. The TikTok app lets you select from your contacts and Facebook friends whom you want to follow you. So for privacy purposes, it’s best to block access to your contacts. This will prevent your friends from adding you without your knowledge. Also, turn off access to your Facebook friends. This will prevent your TikTok account from syncing with your Facebook account.

3. Use a VPN. If you’re serious about protecting your privacy, you should consider using a VPN while using TikTok. A VPN (virtual private network) is a service that lets you create a secure and encrypted connection to the internet. It helps you stay anonymous online and keeps your identity and location hidden from others.

4. Hide your “likes”. When you tap the heart-shaped icon on TikTok to ‘like’ a video, you can choose to keep that liking a secret from all your friends. You can hide what videos you ‘like’ by going to ‘Settings’ on the app. Here, select ‘Privacy’ and then ‘Hide Likes’. If you want to hide everything you ‘do’ on TikTok, you can do that too.