Gizmodo Found 28,000 Apps Sending TikTok User Data
from the putting-out-wildfires-with-a-tin-cup dept
Under the dull roar of our great TikTok moral panic I’ve been trying to make the semi-nuanced point that while TikTok does present some legitimate privacy issues, a ban won’t fix the actual problem. Largely because U.S. policymakers and businesses don’t want to fix the actual problem. They don’t even want to acknowledge what the actual problem is.
Namely that we’ve created a vast, largely unregulated data broker market that traffics in vast realms of private user data. That data at scale is hugely profitable for everybody in the chain. But it’s also easily exploitable by Chinese intelligence agencies keen on building detailed profiles of Americans. And it’s a great way for the U.S. government to obtain sensitive U.S. resident data without those pesky warrants.
So again, banning TikTok isn’t actually doing what U.S. politicians (especially on the GOP side) claim.
Case in point: a new Gizmodo investigation found that over 28,000 different apps make use of TikTok’s software development kits. All of these apps send TikTok various data to handle things like slinging ads, logging in to services, and sharing videos from the app. It’s another example of how “ban TikTok and we’ve fixed the problem” is simplistic and stupid:
“A simple ban on the TikTok app itself is not going to stop data flowing to TikTok,” said Daniel Kahn Gillmor, a senior staff technologist at the American Civil Liberties Union. “TikTok has software in other places, not to mention TikTok trackers spread across other parts of the web. I don’t have a TikTok account, but there are still plenty of ways the company can get data about me.”
That’s of course just the SDK. Were Chinese intelligence really keen on obtaining vast troves of U.S. resident location, browsing, and even mental health data… it’s rather trivial to buy it on the cheap from the global data broker market whose operations are convoluted specifically to help them avoid regulatory accountability. With or without TikTok’s help.
It’s kind of weird to me how despite the rampant coverage of the TikTok fracas, Gizmodo is one of very few outlets consistently pointing out to readers how banning TikTok doesn’t really address our propaganda or privacy problems:
“I’m not at all saying TikTok is innocent, but focusing specifically on one app from one country is not going to solve whatever problem you think you’re solving. It truly misses the point,” Kahn Gillmor said. “Do we really think that Facebook or Google are not capable of being influenced by the Chinese government? They know a market when they see one. I think the pressure that’s building is basically a race to be seen as tough on China.”
Again, if U.S. policymakers were actually serious about national security and privacy, we’d take widespread U.S. corruption more seriously. Corruption is eminently exploitable by foreign intelligence (see both Russia and China). It also prevented us from passing even a baseline privacy law for the internet era despite two straight decades of very clear warnings from experts and activists.
TikTok is held up as some exceptional, unique threat to U.S. consumer privacy and national security, and it’s just not. The entire ecosystem is rotten and exploitable by bad actors of every stripe, and it’s rotten because we’ve spent the better part of the last generation prioritizing making money over market health, consumer welfare, or national security:
“Lots of people have had a good look at the TikTok app, and they haven’t found a smoking gun, or anything that looks different from what happens with Facebook, Twitter, and other social networks,” Stockley said. “If the federal government had something within the app that they could expose, I would expect they’d do it.”
Actually fixing this problem would result in U.S. companies making less money from over-collecting consumer data then failing repeatedly to secure it before selling access to it to any nitwit with a few nickels. Actually fixing this problem would require reining in the U.S. government’s widespread domestic surveillance machine, and its routine abuse of this barely regulated market to avoid getting warrants.
A TikTok ban lets a parade of DC blowhards pretend they’re doing something about the problem and being tough on China, even if they’re not actually doing either. For the GOP, it also serves as chum for a xenophobic base, and it lets them pretend they’re fixing a problem (a barely regulated data broker market) their own shitty policies actively created.
Filed Under: china, corruption, domestic surveillance, national security, privacy, security, social media, surveillance, tiktok ban
Companies: tiktok
Comments on “Gizmodo Found 28,000 Apps Sending TikTok User Data”
The odd part of the panic over TikTok is that some politicians on both sides seem to think that threatening a ban gives them leverage to force ByteDance to sell or spinoff TikTok. The problem is that gambit may not work (ByteDance could easily call the U.S.’s bluff and exit the market instead of giving in), and is pointless since the CFIUS can easily request ByteDance to just that without a ban lingering over its head. (See the CFIUS’s 2020 forced sale of Grindr as an example.)
I’m wondering, Ken, if you have any thoughts about this “pressure them into selling and they’ll give in” gambit, and whether it risks backfiring, legally and politically.
Re:
*Karl
Re: Re:
Not Karl, but I think they actually don’t care about the CFIUS.
They don’t see the problem, and it will backfire badly.
Re: Re: Re:
That’s kinda why immense pressuring of lawmakers to back down from the “target TikTok and avoid the real issue” strategy needs to happen. If Dems follow this bad political strategy (a bad strategy that mirrors Republicans “ban everything remotely woke to stoke idiotic culture wars” shtick, they risk handing Trump or DeSantis the keys to the White House and the GOP full control of Congress in ‘24. That risk alone should terrify them out of doing it.
authority
so the problem outlined here is merely that U.S. politicians are clumsily trying to regulate privacy risks in social media, rather than doing it smartly and efficiently
apparently there’s no basic legal objection to the somehow assumed U.S. government authority to regulate in this area to begin with
and of course the U.S. government itself is by far the biggest collector and exploiter of American citizen’ private data
Re:
apparently there’s no basic legal objection to the somehow assumed U.S. government authority to regulate in this area to begin with
Yo, Congress, like, makes the laws. This isn’t some executive branch department regulating stuff.
Now, they can very easily produce unconstitutional stuff which will not survive, but there is nothing to stop Congress from creating laws, and creating and delegating authority to regulate.
Re: Re: Extra-terratorial BS detector activated
I wonder if what the AC was referring to was the supposition that the US government actually has authority of the internet as a whole. True, the US funded and built a lot of (but definitely not all) the underlying technologies, but that doesn’t mean they can tell a Chinese, German, South African or Australian company how to operate, only how they can operate within the US.
Which is, of course, the ultimate freedom of the internet – it is not beholden to the US government, and will route around any service interruption caused by it.
Re: Re:
The problem is the legislation has to be in accordance with the Constitution to avoid it from being blocked in court. The question is, will this bill actually be debated with experts expressing differing opinions on its merits and whether the claims made against TikTok have any evidence behind them. Independent research hasn’t found anything to verify the claims of censorship of China-related topics and its use in espionage for the CCP or as a propaganda tool, hence it comes off looking like Congress is either going off conjecture from intelligence officials made without evidentiary support or investigation, a case of economic protectionism that looks kinda discriminatory, or them purposely hiding information that refutes that of independent researchers. (As pointed out in a footnote in Georgia Tech’s threat analysis report on the app, the FBI has no expertise in or authority to investigate information ops, so Chris Wray’s opinions on TikTok only are given merit because of his job title, but carry as much weight as those of FCC Commissioner Brendan Carr on the matter, given their absence of authority on such matters.)
Mark Warner even admitted that his RESTRICT Act and the other efforts to restrict or ban TikTok are about economic competition with China, which makes no sense since ousting TikTok from the U.S. market would reduce competition in the American social media market, and risk giving the bigger players the ability to suppress any new domestic or foreign competitors… thereby totally destroying D.C.’s claims that Big Tech has too much power by icing out a competitor that thinned out that power. It would also risk trade retaliation against U.S. companies that do business with China, at the expense of American consumers. I don’t believe that “another TikTok” will pop up here stateside because the major social media platforms would exert their stranglehold on the market to prevent the rise of such a copycat platform.
Re: Re:
The privacy nuts are at it again.
Here’s an idea. Instead of pushing your paranoia on people who don’t care about it, and trying to inconvenience people who like the free benefits and services they get in exchange for companies getting non-rivalrous information about them (what the privacy nuts like to call “you are the product”), how about just having the people who care use their Tor browsers and end-to-end everyone and burner phones and tinfoil passport cases and leave everyone else alone.
Re: Re: Re:
Enjoy being arrested because your identity was stolen.
I may not be on that level of paranoid, but those people do have a point.
Re: Re: Re:2
Billions of people enjoy free services from the large providers like Google and Facebook. Maybe three people have been “arrested because their identity was stolen”. We who aren’t privacy nuts are willing to take our chances, and we don’t want the goodies taken away because the privacy nuts are paranoid. Nor do we thank the privacy idiots for having to constantly click “accept all cookies” buttons on every freaking website.
Re: Re:
I wonder how a TikTok ban would be affected under 1st amendment grounds, not only freedom of speech but also freedom of association grounds?
Re: Re: Re:
It would likely violate freedoms of speech and expression. I don’t know if there is legal precedent regarding violations of freedom of association as it applies to an Internet platform, even though that particular 1A right applies to the Internet as well.
remember also, this was part of the “Gotta save the kids from the internet” bill that the GOP was pushing a while back as well.
https://www.foxnews.com/politics/gop-bill-bans-kids-under-16-social-media-save-them-dangerous-emotional-distresses
Pipe dream
Hopefully this ends up forcing them to start regulating data in a meaningful way.
Re:
I wouldn’t hold out hope that Congress will do that.
Re:
The problem with that is that they don’t actually want to address the underlying problem(rampant data collection and exploitation) since that would impact profits of companies they do like, they’re just using the ‘they’re spying on their users!’ argument to go after very specific platforms so any actions they take will inevitably be worded such that it only goes after particular companies/platforms rather then the problem itself.
This comment has been flagged by the community. Click here to show it.
So ban the SDK, too.
28k sounds like a lot, kinda isn’t actually. Give them a grace period to update to something else.
Fine, fine data brokers are a problem, whatever. No they are not as big a problem as the CCP having its malware directly on your phone That’s been your narrative here at techdirt and it’s a dumb thing to suggest.
Re: On top of Dunning-Kruger mountain...
Sure thing.
Where’s your proof that a) TikTok is malware that sends personal information to the Chinese government, and b) banning TikTok will stop any US citizen data the Chinese government is presently obtaining.
Banning TikTok to protect US citizens’ data is like using a bandaid to prevent the Titanic from sinking.
Re:
Quote(s), please.
Re:
TikTok is just doing what literally every other app is doing. Banning one application isn’t going to solve the underlying problem.
Re: Re:
Problem is, the politicians in Washington (many of whom don’t have a great understanding of modern technology) don’t understand this, and are choosing to run headfirst into a legal quagmire and committing an act of potential political suicide with a sizable chunk of a voting bloc that both parties (Democrats moreso, since Republicans stopped caring about courting them a while ago) need to win elections.
You’d literally have to put unrelenting public pressure on them to steer the conversation to where it needs to go, bona fide data privacy legislation. Oddly, some TikTok creators (notably Gen Z for Change and the creators aligned with it) are kinda asleep at the wheel here, when they could use their platform (and the ability to use it to reach many of their followers) to exert that pressure.
Re: Re: Re:
https://www.youtube.com/watch?v=wqn3gR1WTcA — Last Week Tonight with John Oliver: Data Brokers
maybe if this was shown to politicians in Washington… things would be changed for the better… maybe…maybe not.
Re:
Here’s Mikes well trained dog… Matty “The Cry Baby”
Why are you always full of bluster but no bite?
You like to make things up in these comments and provide zero citations for your assertions.
Kind of like you’re just full of shit and nothing else.
Re:
So your dumb “solution” is to play more whack-a-mole? Banning the SDK does nothing, because they (or subsidiaries, or related companies, or foreign governments) can then just release the same or similar SDK under a different name.
That’s not a soulution; it’s an idiotic suggestion borne of ignorance of how literally anything — technology, the law, data collection, all of it — works.
Meanwhile, ALL OF THIS INFORMATION IS ALREADY AVAILABLE TO CHINA AND EVERYONE ELSE VIA DATA BROKERS.
Re:
Buddy.
I know that the CCP having control of Bytedance is a big concern and while this could affect the US indirectly…
They’ve already been able to do so via multiple vectors already, not just software.
And even I think you are simply simping for Republican assholes.
To much to loose
We have created an information market, YEARS AGO. Many Many years ago.
The biggest difference tends to be “HOW EASY IS IT?”
From using the phone book to find info on everyone to using Collected info from Catalog corps(sears and roebuck anyone?)
NOW we use BOTS.
I just had to warn off a site that collected my Info OFF my browser to get my email, and sent me adverts. They didnt want to remove me, said I filled out the info, AND I had not.
They have not enforced ANY of the privacy acts from the past, Why should they NOW. And if the subject is brought up, they will bury it.
IT WILL NOT BE DISCUSSED.
But look at the corp savings. NO MORE FILLED up mail boxes. Its all Email now.
What would happen if Sony, Xbox, Nintendo, and Tons of others, were TOLD NOT to share any data? Your Credit card corp and the Credit reporting agencies Share MORE then anyone else.