Many Of The States Endlessly Freaking Out About TikTok Still Have State Websites That Funnel Sensitive Data To TikTok
from the endless-moral-panic dept
By now we’ve noted several times how the folks most vocally calling for a nationwide TikTok ban are putting on a dumb performance designed to distract you from our lack of competent internet privacy laws and our complete unwillingness to regulate the sleazy data broker space.
As in, banning TikTok doesn’t actually fix much because the real problem goes much, much deeper than one app. There’s an absolute ocean of international telecoms, app makers, services, and others collecting torrents of sensitive health, location, and browsing data, then selling access to that feebly “anonymized” (a pointless term) data to a parade of sleazy and completely unaccountable data brokers.
That data, in turn, is available for US lawmakers looking to dodge warrants, or international intelligence agencies keen on spying on or manipulating Americans. A TikTok ban doesn’t actually fix much of anything because the broader ecosystem is leaky and rotten, overseen by regulators industry has spent decades defunding and lobotomizing in an endless quest for fatter revenues.
Interestingly enough, many of the same state politicians that have suffered absolute embolisms over supposed TikTok privacy issues, have state government websites that continue to funnel data to TikTok three years into this seemingly endless moral panic.
Take Missouri, home of insurrectionist sprinter Josh Hawley, who has attempted to ban TikTok in the pretense he cares about consumer privacy. It has a COVID site with numerous trackers continually providing TikTok with browsing, and potentially, visitor health data:
The Blacklight site inspection shows that covidvaccine.mo.gov, Missouri’s official COVID website that helps people locate vaccine and testing locations and find important health information, has embedded third party tracking cookies run by TikTok. The inspection reveals that TikTok has three cookies on the site, all related to personalizing users’ advertisements on the TikTok app. These cookies do not expire for over a year, meaning that TikTok can identify returning visitors. This data also concerns potentially sensitive health-related information.
A broader analysis of what data is being shared can be found here. Missouri’s certainly not alone; numerous states employ web developers using off-the-shelf design services that integrate this kind of third-party tracking by default.
Last March, the Wall Street Journal published a review of more than 3,500 companies, organizations, and government entities that found that tracking pixels from TikTok’s parent company ByteDance were present in 30 U.S. state-sponsored government websites across 27 states. Most of these states, the same ones that have spent 3 years freaking out about TikTok, were oblivious to the tracking.
This is not remotely unique to TikTok. With no privacy law for the internet era, and a general refusal to regulate the data broker and broader adtech space (lest U.S. companies make slightly less money and the U.S. government be forced to obtain warrants), we’ve created an information exchange ecosystem that sees little meaningful oversight or accountability.
It’s why we can’t go a week without some major scandal showcasing how companies over-collect data, which is inevitably then weaponized in new and creative ways against the public. And as a surging U.S. authoritarian movement increasingly wages an ugly ideological war in the Post-Roe era, it’s inevitable that these sort of violations only get bigger, dumber, more dangerous, and more elaborate.
Again, most of the folks (like Hawley) making the most noise about TikTok privacy issues either are too dumb to realize that TikTok is just one symptom of a much broader problem, or they’re actively misleading their constituents. Either covertly on behalf of competitors like Facebook, or to help seed xenophobia-fueled outrage among the base they can they pretend to be “fixing.”
The TikTok moral panic provides a wonderful distraction from our ongoing failure to pass even a baseline competent federal internet privacy law. And a great distraction from the fact we’ve built a massive, largely unaccountable data hoovering and monetization apparatus with paper mache guard rails.