Agreed, the underlying was more interested than the summary. And also seems to be a case of measuring what's conveniently measurable.
The fact that {product} has only 1 connection to {product first party domain} doesn't say a lot about anything, given they could be internally proxying to and from who knows how many partners?
It'd be more helpful to at least see total traffic per domain.
It made me curious that the highest "first-party ratio" companies tended to be tech companies capable of realizing their own architectures (Amazon/Google/Apple).
These network contacts provide $$$ to those companies. They're low effort, easy revenue for them. Privacy for customers be d*mned.
I once met a senior-level dev who worked for a company, they wouldn't have their own app on his phone, due to those invasive practices tracking his behaviour.
One thing that I found very interesting when I looked into what TikTok does: it's scary good at aggregating data about you. I live in a foreign country, my phone's network is behind a VPN to a different foreign country and I gave the app no extra permissions, yet somehow I still got recommended content from the country where I was born. Since it's a small country there's no way that's a coincidence. I'm both intrigued and spooked as to how they figured that connection out.
I think they use the SIM card country ID and also the ad audience categories to suggest content.
For example swapping the SIM card with a fresh installation of TikTok shows different "local" videos. Even if the public IP address is unchanged like when using WiFi instead of Data.
I've also think they use ad categories to suggest videos. Using a fresh TikTok installation and then spending some time navigating a subreddit of a topic, would likely show videos of that topic the next time you open TikTok.
I had the exact opposite experience. I also live in a foreign country (The Netherlands) and even after explicitly watching content from my native country I still only got videos in Dutch (should mention that I don't even speak Dutch).
It's pretty easy to derive longitude with some accuracy simply from active hours. Combine that with population densities and your guesses might get closer, combine that with how long you dwell on some videos or what videos you like and you get closer. Your Opsec isn't as good as you think, it's just nobody has been watching. If you combine statistical guesswork across hundreds of vectors its very easy to narrow your target to a creepy extent. Eliminating some easy leaks is the first step to good opsec but so is reducing your interaction and adding a little chaos.
Does your native country use a different language and you have something set to it on your phone? I had a Korean friend get freaked out by similar, but we figured out that he had something fingerprintable set to use Korean even though his interface was set to English.
I would guess it zeroed in on common interests. Videos you like, comment on, or even just watch for more than one time can all give clues into what interests you.
What kind of data? TikTok knows what content I interact to... on tiktok. That's it. Unless they have an android 0-day or something. It has no access to my mic, camera, browsing history, contacts list, or anything useful. Guess who has access to all that, if they want it, though? Google and Facebook (through whatsapp). What is the privacy concern here, exactly?
If you've logged in it can potentially match your login information or email address to other activity on the web. TikTok's servers could also place you geographically somewhat roughly based on ip address.
Outside of that I agree. It's unclear what data TikTok is supposedly gathering that other apps aren't already and why that's a cause for alarm.
It’s a bit ignorant for you think that data is limited to “mic, camera, browsing history, contact list” etc. TikTok can harvest data on the type of content posted and what users interact with. Although it feels harmless, I’m sure there are troves of insights to be derived just from that.
When you sign up for an account, they also can find the friends in your Contact that also have a TikTok account. But you can bypass this of course. Other than that, I'm also a bit confused as to what data they have access to
The conversation here on HN is quite funny. I can imagine the same conversation taking place in China: the data on US apps goes straight to the US government.
It's pretty common for everyone to assume such things... particularly if you're doing it.
I recall when Trump ran into issues with contacts made with some Russian agents he publicly stated that he thought everyone else did it (to be specific he meant sending someone to meet with agents who said they had information he would want). When in fact almost every recent presidential candidate had reported attempted contacts by Russian agents (the lone exceptions were Trump, and George Bush Sr... but Bush had been head of the CIA so it seems likely the Russians might not try).
It seems it makes it easy to imagine these things by default if you're up to it.
The title and article smells of China-bad-clickbait.
There's no uncertainty here. Like in every other case, it goes to any company that is willing to purchase it. Overwhelmingly it will be American companies using it for direct marketing.
I feel like TikTok is significantly underdiscussed, almost like the tech and business press are assuming it's a flash-in-the-pan more similar to Snapchat than Facebook. It is almost certainly having a major impact on the business of some of the most prominent publicly traded companies in the US, yet there are just a handful of articles discussing their impact on Facebook's disastrous quarterly results.
The aspect that worries me the most is the recommendation: Facebook and Twitter discovered a little late that they had the ability to to influence opinion with simple tweaks. That raised internal questions and that model is under close surveillance by people who have talked about those questions in public and who I know have and would raise, at least internally, their concerns. People can explore the updates from their friends and can identity ommissions. Snap is more secretive, but their employees are loud Californians who can about justice, they have access to journalists if they feel the need to push back. Users can also see updates from their friends and people their follow without just having to trust the flow.
I don’t believe that TikTok has a similar internal culture of debate. I haven’t seen anything published by their academic team. I don’t believe that you can check on your friend’s page to see what they posted lately. They are examples of topics that they have favoured or censored that was worrisome and they didn’t adress the controversy. The pool of possible content is much larger so there’s more opportunity to fill strategically.
I know people who work for one but not the other, so I understand that this influence my judgement but I believe that their are objective difference in company values and product design that make TikTok more able to manipulate.
I haven’t seen anyone discuss that, and I have plenty of people who discuss those questions profesionally in my feed.
The users of TikTok are mostly teenagers and young adults, that's why. Nearly everybody in journalism is late 20s or 30+. They just don't get it, though to be fair vine had a similar type of content and that failed.
I wonder if the accessibility as far as the media goes to Facebook staff and willingness to engage with the press exposes Facebook a bit more than TikTok.
Nobody cares because (it is perceived that) there is no political discourse on TikTok yet.
It was the same for Twitter and Facebook. Then Trump happened and People With Important Jobs started paying attention to them. There has not been such a catalyst event for TikTok yet. Like with Zoom, there is a vague feeling among the security-paranoid that the Chinese are leveraging it for data-gathering, but as long as they get bazillion videos of teenagers pulling faces, who cares?
I don't understand what useful information could be harvested, as unlike Google/Facebook there is no massive tracking pixel product that follows you across the web. I'm a massive critic of the CCP, but I don't see what useful information they would get from this.
I think a bigger "conspiracy theory" I'd buy into would be the algrorithm exploiting political extremes and pushing insane voices to the top...but every social media/media company does that in some way (though not always intentionally.)
A state actor always desires insight into an adversary. The survival of nations depends on being able to either cooperate with others or subdue those who will not. The result of a state's strategy in these arenas is predominantly determined by their ability to predict the counterpart's behaviors, both at a citizen and leadership level.
Why TikTok is not seen as the ultimate embodiment of these incentives and immediately banned from the US is beyond me.
Even if it didn't share data.. it's designed from the beginning to be addictive. While other platforms like Facebook and Instagram grew into being platforms with aims to be addictive, I believe they started in a more neutral place. This type of app should be treated like smoking imo.
Queue the "you can find educational material on tiktok!" posts by the subset of HN who really love the app and the company.
Yes, as Cal Newport would point out - it’s not that social apps aren’t in some way useful, it’s whether the value they deliver is worth the price they exact by “stealing” large amounts of your time.
It's too jarring to me with the constant playing of the next thing. It's just content content content with no free time in between for you to be alone with your own thoughts. You could spend three hours on the app and have no time for a single independent thought of your own at all. At least three hours in front of cable TV would mean you'd do some introspection when you got up to pee during the commercials.
> For TikTok, the results were even more mysterious: 13 of the 14 network contacts on the popular social media app were from third parties. The third-party tracking still happened even when users didn’t opt into allowing tracking in each app’s settings, according to the study.
It seems like Apple is lacking on tracking enforcement of privacy. This mobile marketing company can do this so I'm guessing Apple has the resources to do this properly. You could even do it for the largest 1000 apps.
Beyond removing the unique identifier that allows advertisers to track you across applications (IDFA), Apple really hasn't done much to enforce tracking via other means. Depending on who you talk to, they tacitly endorse any and all non-IDFA tracking even when users opt out.
I refuse to download TikTok because I think we've reached peak social media and don't need another app that siphons off data and turns it into gold ingots. Besides, TikTok videos leak out into other platforms and you can tell by the little logo in the video that it was ripped from TikTok.
It's just Vine 2.0[1]. Many Vine videos got ripped and re-posted to YouTube so we have a small piece of internet culture surviving the death of an app and preserved.
These types of articles always frustrate me because the authors never seem to question where and how these apps are getting your data. These APIs and privileges are granted by iOS and Android. If only we had real privacy legislation in the US that could limit what is exposed to apps rather than being at the mercy of Google and Apple to put limits in place. It's not like TikTok is hacking into your phone
...
Articles such as these frame the debate around comparing different corporate and government influenced social media and never mention free social media as an alternative. https://fediverse.party/
Nobody knows where any of their data goes and few people care. Tiktok is currently better at Algorithms than other SM, go figure. Some people hate Tiktok because they’ve never used it and incorrectly think it’s all dancing 14 year olds; others simply hate China because despite having a market economy its government has a little more power than in the West, which allows China to sometimes act outside the myopic lens of market logic when necessary (blasphemy) while reaping the market’s gains.
I believe that Facebook and Google collect more of my data than any other company in the world. And I know very well that they share all that data with US intelligence, because that's what they are required to do. That said, I don't see any problem in using another countries' app that might be doing the same thing that bigger violators like FB and Google are already doing. And, notice, I live in the US. For people oversees I can guarantee that this sentiment is even more common.
Who they are sharing it with shouldn't even matter. The act of covertly collecting it and giving users no real recourse is the problem, and what we should regulate. Turn the social networks into dumb feeds driven by explicit user choices rather than algorithms. Solve that problem, and you solve the TikTok problem.
But people don't want to talk about that. They want to ban the platforms they perceive as being used to push an opposing political agenda while preserving the platforms they themselves abuse for the same purpose. It is almost funny seeing people who directly benefited from Cambridge Analytica/Facebook turn around and complain about TikTok.
I think there is a case for a mandatory warning label, like on the app store and 5 sec interstitial that says:
“ Warning: this application sends your behavior to a foreign party. It may be stored indefinitely and used for personal retribution, social scoring, and manipulation of your political views. Proceed with caution”.
If that seems extreme, an outright ban of the app is worse. The US and others have had a good history of getting results this way, but it still respects individual and corporate liberties. Thoughts?
I think this should be included if there is non-zero risk that any foreign party other than maker of the app can read the data. That is if there is theoretical risk of it leaking or the encryption being used being broken by any party.
I think one of the things we don’t appreciate (perhaps most of the people on HN do) is that many of these platforms are not, as billed, social networks. They are, in fact, data collecting applications with a user facing, attention acquisition mechanism in the form of a fun little app. They are addictive for a reason. To get data off you.
[+] [-] blakesterz|4 years ago|reply
https://app.urlgeni.us/blog/new-research-across-200-ios-apps...
Just a few of the highlights:
Magazine apps had the highest number of total network contacts (28), and the highest percentage of third party domain contacts (93%)
Social apps, followed by Games apps, made the fewest number of network contacts, 6 and 7 respectively.
Apps making the most number network contacts included iHeartRadio (56), Wall Street Journal (48), ESPN (42), Popeyes (42), and WattPad (36)
[+] [-] ethbr0|4 years ago|reply
The fact that {product} has only 1 connection to {product first party domain} doesn't say a lot about anything, given they could be internally proxying to and from who knows how many partners?
It'd be more helpful to at least see total traffic per domain.
It made me curious that the highest "first-party ratio" companies tended to be tech companies capable of realizing their own architectures (Amazon/Google/Apple).
[+] [-] fernandopj|4 years ago|reply
These network contacts provide $$$ to those companies. They're low effort, easy revenue for them. Privacy for customers be d*mned.
I once met a senior-level dev who worked for a company, they wouldn't have their own app on his phone, due to those invasive practices tracking his behaviour.
[+] [-] waffleiron|4 years ago|reply
[+] [-] Etheryte|4 years ago|reply
[+] [-] ncpa-cpl|4 years ago|reply
For example swapping the SIM card with a fresh installation of TikTok shows different "local" videos. Even if the public IP address is unchanged like when using WiFi instead of Data.
I've also think they use ad categories to suggest videos. Using a fresh TikTok installation and then spending some time navigating a subreddit of a topic, would likely show videos of that topic the next time you open TikTok.
[+] [-] catawar2|4 years ago|reply
[+] [-] davidjfelix|4 years ago|reply
[+] [-] toqy|4 years ago|reply
[+] [-] gs17|4 years ago|reply
[+] [-] taterbase|4 years ago|reply
[+] [-] cosarara|4 years ago|reply
[+] [-] taterbase|4 years ago|reply
Outside of that I agree. It's unclear what data TikTok is supposedly gathering that other apps aren't already and why that's a cause for alarm.
[+] [-] financetechbro|4 years ago|reply
[+] [-] altdataseller|4 years ago|reply
[+] [-] sydthrowaway|4 years ago|reply
[+] [-] gmm1990|4 years ago|reply
[+] [-] duxup|4 years ago|reply
I recall when Trump ran into issues with contacts made with some Russian agents he publicly stated that he thought everyone else did it (to be specific he meant sending someone to meet with agents who said they had information he would want). When in fact almost every recent presidential candidate had reported attempted contacts by Russian agents (the lone exceptions were Trump, and George Bush Sr... but Bush had been head of the CIA so it seems likely the Russians might not try).
It seems it makes it easy to imagine these things by default if you're up to it.
[+] [-] McHankHenry|4 years ago|reply
There's no uncertainty here. Like in every other case, it goes to any company that is willing to purchase it. Overwhelmingly it will be American companies using it for direct marketing.
[+] [-] Tryk|4 years ago|reply
[+] [-] saturdaysaint|4 years ago|reply
[+] [-] bertil|4 years ago|reply
I don’t believe that TikTok has a similar internal culture of debate. I haven’t seen anything published by their academic team. I don’t believe that you can check on your friend’s page to see what they posted lately. They are examples of topics that they have favoured or censored that was worrisome and they didn’t adress the controversy. The pool of possible content is much larger so there’s more opportunity to fill strategically.
I know people who work for one but not the other, so I understand that this influence my judgement but I believe that their are objective difference in company values and product design that make TikTok more able to manipulate.
I haven’t seen anyone discuss that, and I have plenty of people who discuss those questions profesionally in my feed.
[+] [-] tupac_speedrap|4 years ago|reply
[+] [-] duxup|4 years ago|reply
That's kinda a scary situation...
[+] [-] guelo|4 years ago|reply
[+] [-] toyg|4 years ago|reply
It was the same for Twitter and Facebook. Then Trump happened and People With Important Jobs started paying attention to them. There has not been such a catalyst event for TikTok yet. Like with Zoom, there is a vague feeling among the security-paranoid that the Chinese are leveraging it for data-gathering, but as long as they get bazillion videos of teenagers pulling faces, who cares?
[+] [-] partiallypro|4 years ago|reply
I think a bigger "conspiracy theory" I'd buy into would be the algrorithm exploiting political extremes and pushing insane voices to the top...but every social media/media company does that in some way (though not always intentionally.)
[+] [-] OLL_IE|4 years ago|reply
See: https://www.tiktokforbusinesseurope.com/resources/install-ti...
[+] [-] classified|4 years ago|reply
[+] [-] anonymouse008|4 years ago|reply
A state actor always desires insight into an adversary. The survival of nations depends on being able to either cooperate with others or subdue those who will not. The result of a state's strategy in these arenas is predominantly determined by their ability to predict the counterpart's behaviors, both at a citizen and leadership level.
Why TikTok is not seen as the ultimate embodiment of these incentives and immediately banned from the US is beyond me.
[+] [-] boomboomsubban|4 years ago|reply
The company for more money? Similar to the incentives behind Google and Facebook.
[+] [-] Graffur|4 years ago|reply
Queue the "you can find educational material on tiktok!" posts by the subset of HN who really love the app and the company.
[+] [-] randomsearch|4 years ago|reply
[+] [-] asdff|4 years ago|reply
[+] [-] alangibson|4 years ago|reply
With that in mind, consider how much user data TikTok has and what might be done with it.
[+] [-] lancesells|4 years ago|reply
It seems like Apple is lacking on tracking enforcement of privacy. This mobile marketing company can do this so I'm guessing Apple has the resources to do this properly. You could even do it for the largest 1000 apps.
[+] [-] qqtt|4 years ago|reply
https://www.washingtonpost.com/technology/2021/09/23/iphone-...
[+] [-] legrande|4 years ago|reply
It's just Vine 2.0[1]. Many Vine videos got ripped and re-posted to YouTube so we have a small piece of internet culture surviving the death of an app and preserved.
[1] https://en.wikipedia.org/wiki/Vine_(service)
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] fuzzyset|4 years ago|reply
[+] [-] kornhole|4 years ago|reply
[+] [-] nicce|4 years ago|reply
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] togs|4 years ago|reply
[+] [-] coliveira|4 years ago|reply
[+] [-] babypuncher|4 years ago|reply
But people don't want to talk about that. They want to ban the platforms they perceive as being used to push an opposing political agenda while preserving the platforms they themselves abuse for the same purpose. It is almost funny seeing people who directly benefited from Cambridge Analytica/Facebook turn around and complain about TikTok.
[+] [-] reilly3000|4 years ago|reply
“ Warning: this application sends your behavior to a foreign party. It may be stored indefinitely and used for personal retribution, social scoring, and manipulation of your political views. Proceed with caution”.
If that seems extreme, an outright ban of the app is worse. The US and others have had a good history of getting results this way, but it still respects individual and corporate liberties. Thoughts?
[+] [-] pessimizer|4 years ago|reply
[+] [-] Ekaros|4 years ago|reply
[+] [-] TheMightyLlama|4 years ago|reply