Privacy analysis of Tiktok’s app and website
I had no idea about those fingerprinting techniques! That’s absolutely mad.
Who do we contact to open up GDPR violation investigations?
I think it being owned by the chinese government is enough red flags
Does anyone have a less technical version of this in English? The article itself does link one, but in German. I want to be able to link an article to friend and family members to read so that they either get off of Tiktok or don’t even start in the first place.
The scary part: tiktok has millions of users, for months, and this analysis is trivial. And it appears only now.
We thought that when we have freedom of speech, the journalists will always be there. The practice is that we are lucky if there is even one person that dares to question the bad guys.
How can i prevent stuff like this, other than simply not using said app/website?
Yeah, this is why I buy my smart phones out right so they have NO vendor bloatware and then I basically never install any apps.
It’s happened all too often an app which is seemingly harmless just mines the fuck out the OS. Until users can start having more explicit rights over their own technology and how it’s used internally mabe it’s time to just go back to a flip phone.
Has Tiktok officially made it? Up until last week I only knew tiktok for the sporadic clip posted on reddit but now I’m seeing news and posts everywhere about its security, privacy, history and business model, and not only here but also youtube and facebook.
The article boils down to “TikTok tracks user patterns, and shares those patterns with other companies”. I think this is a standard practice, the claim that they share PII seems to not be backed up… an ID is not PII if Facebook cannot get anymore information from that. PII, as I understand it, is stuff like an email, or a SSN, or a phone number.
Reddit likely does similar things to track user patterns, are we all going to boycott Reddit?
The only acceptable use for TikTok is uploading videos of yourself or other dressed up as Winnie the Pooh wearing a president Xi mask singing a song about freeing Hong Kong with a cast of Fat, Queer, Ugly, Disabled, Uigher background dancers wearing shirts with President Xi’s face photoshopped on Pooh’s body being pissed on by Trump.
TikTok would go away so fast…
Sorry if this is a noobie question, but how were you able to read the requests via proxy when the requests are encrypted with SSL?
Everyone needs to upvote this post.
Great work! I’ll start doing this my self. Fight against the bulk data collection !
This is literally mind blowing
Can anyone explain why thats the case? :
Transfers to both companies break different rules of the GDPR: Facebook can’t fulfill Art. 14 (information, deletion etc.) on this data.
Can’t you ask Facebook to delete all information related yo you (including things outside of your account like tracked information through cookies and such ) ?
Can you clarify whether GDPR is violated only if the personal data is stored or transmitted?
For example, I may not have control over what data is being sent to servers I own, but if I then filter the stored values to only GDPR compliant fields, would I still be in violation?
*edited for grammar
And they use free software without proper license
I’ve seen huge, very profitable chinese companies use pirated license… Like Ferraris on the front and all that shit, but pirated software…
Average Chinese does not even understand what they are doing wrong. At one company the developers were seemingly confused when I showed my paid license for some software. We were trying to solve some problem and they were like “oh, you need this: crack_software.exe”. They did not understand that I already have the license and insisted on installing it (did not solve the problem).
Who wants to remake vine with me?
TikTok’s developer is a corporation in which Chinese government has zero share.
The fingerprint is used for user identifying, which is important in advertising and intelligent recommendation. But it should be opt-out and clearly described in the privacy policy and EULA of the app. If not, it violates privacy law in China. And if it collects personal information such as tel number it also violate rules and would be removed from market.
So take the weapon of law. Just sue it.