Alex Hern, the Guardian:
So I was interested to read a report that attempts to look at the general suspicion of the service. Published on Monday by the Australian-US cybersecurity firm Internet 2.0, it is based on a teardown of TikTok’s Android and iOS apps.
And all you have to do to read a copy of this report about TikTok’s mysterious data collection and tracking practices is enter your name, email address, and phone number into an embedded form on Internet 2.0’s website. The form is provided by Salesforce’s Pardot marketing automation product, which might share the personal identifiers you provide to augment it with information available from any of these third-party databases, depending on Internet 2.0’s settings.
But go on.
The most alarming finding in the report is that unexplained connection to a server that Perkins locates in mainland China, run by Guizhou BaishanCloud Technology Co Ltd.
When the Guardian asked TikTok about the findings, it dismissed the report. The server connection it specifically rejected, with a spokesman saying that the IP address listed “is in Singapore, the network traffic does not leave the region, and it is categorically untrue to imply there is communication with China.“
Specifically, its authors claim a subdomain referenced in the app was resolving to an IP address with a location that kept changing but sometimes reported it was in China. The report says this server connection is only present in the iOS version of TikTok, but not the Android version. The Android app is home a whole world of other privacy concerns because it permits a more permissive “culture of ‘grab what you can’ in data harvesting”, in the words of this report. That is, as has been repeatedly pointed out, not unique to TikTok.
I again feel compelled to point out that focusing on TikTok’s data practices is the wrong approach when this trove of personal information is available elsewhere. Eradicating TikTok does not solve this fundamental problem, nor does it meaningfully impede data collection efforts by unscrupulous actors. The reason this keeps making headlines is because it is easy to figure out TikTok’s anti-privacy data collection practices — or, at least, easier than coming up with a coherent narrative of its political influence.
It’s possible to draw up totally wild, action movie-style plot where TikTok’s data could pose a geopolitical risk to the west. What if, say, the prime minister’s son takes to posting private videos of his parents’ movements that can then be analysed by the People’s Liberation Army to set up a perfect cyberattack? In practice, though, the value of data harvesting to TikTok is the same as the value to Facebook, Google and all the other tech giants that it sits alongside: it makes the company money.
Others have suggested the real concern over TikTok is its hypothetical ability to sway public opinion in ways favourable to China. Evidence for this is more limited; a paper by Joanne E. Gray explored, in part, differences between moderation practices on TikTok and Douyin. The rhetoric around these concerns sometimes reminds me of American anti-communist propaganda during the Cold War. It may be as trite as it is true: history should not be forgotten or buried, and we should avoid repeating our worst instincts.