Written by Nick Heer.

TikTok Admits It Used Journalists’ Location Data to Try to Find Their Sources

Emily Baker-White, reporting for Forbes in October:

TikTok spokesperson Maureen Shanahan said that TikTok collects approximate location information based on users’ IP addresses to “among other things, help show relevant content and ads to users, comply with applicable laws, and detect and prevent fraud and inauthentic behavior.”

But the material reviewed by Forbes indicates that ByteDance’s Internal Audit team was planning to use this location information to surveil individual American citizens, not to target ads or any of these other purposes. Forbes is not disclosing the nature and purpose of the planned surveillance referenced in the materials in order to protect sources. TikTok and ByteDance did not answer questions about whether Internal Audit has specifically targeted any members of the U.S. government, activists, public figures or journalists.

Baker-White today:

An internal investigation by ByteDance, the parent company of video-sharing platform TikTok, found that employees tracked multiple journalists covering the company, improperly gaining access to their IP addresses and user data in an attempt to identify whether they had been in the same locales as ByteDance employees.

According to materials reviewed by Forbes, ByteDance tracked multiple Forbes journalists as part of this covert surveillance campaign, which was designed to unearth the source of leaks inside the company following a drumbeat of stories exposing the company’s ongoing links to China. As a result of the investigation into the surveillance tactics, ByteDance fired Chris Lepitak, its chief internal auditor who led the team responsible for them. The China-based executive Song Ye, who Lepitak reported to and who reports directly to ByteDance CEO Rubo Liang, resigned.

Hannah Murphy, Financial Times:

Two members of staff in the US and two in China gained access to the IP addresses and other personal data of FT journalist Cristina Criddle, to work out if she was in the proximity of any ByteDance employees, the company said. However, the company failed to find any leaks.

A BuzzFeed journalist and a number of users connected to the reporters through their TikTok accounts were also targeted.

Similar tactics have previously — allegedly — been used by Facebook and Uber. It is perhaps not my place, but those are not the two companies from which I would take lessons on ethics. But it does illustrate the vast amount of granular information available to some of the world’s largest companies. Their surveillance is part of the societal fabric. The disadvantage for TikTok is that its spying carries the added weight of possible connections to an authoritarian state. The additional layer of complication is certainly worth discussing, but it should not distract from the fundamental assault on user privacy shared by all three companies without legal consequence.