Privacy Analysis of Tiktok's App and Website
December 6, 2019 6:03 AM Subscribe
Holy crap. 1. Great job, Matthias. 2. This behavior is fucking outrageous. 3. There are a shitton of ways to track people, some of which I not only was not aware of, but wouldn't have imagined. 4. teenagers are their primary target.
As discussed in a recent advertising post, all this data doesn't seem to be effective at selling most stuff. except, I suspect, political candidates and falsehoods. This is the dystopia we were warned about.
posted by theora55 at 7:10 AM on December 6, 2019 [5 favorites]
As discussed in a recent advertising post, all this data doesn't seem to be effective at selling most stuff. except, I suspect, political candidates and falsehoods. This is the dystopia we were warned about.
posted by theora55 at 7:10 AM on December 6, 2019 [5 favorites]
Ah, to be a European and believe you're entitled to privacy.
Yes, I know that GDPR regs are binding for companies doing business in Europe. Yes, I think it has probably gone too far. Yes, I desperately wish we had something similar in the United States
posted by OverlappingElvis at 7:12 AM on December 6, 2019 [4 favorites]
Yes, I know that GDPR regs are binding for companies doing business in Europe. Yes, I think it has probably gone too far. Yes, I desperately wish we had something similar in the United States
posted by OverlappingElvis at 7:12 AM on December 6, 2019 [4 favorites]
Iām curious to understand what aspects of this behavior is standard for most apps and what is over-reach. For example it seems pretty standard to send tracking beacons to Facebook and Google Analytics. The browser fingerprinting is also not unusual, at least for security conscious sites, but seems like overkill unless They are actively combatting a spam problem.
posted by simra at 7:51 AM on December 6, 2019 [1 favorite]
posted by simra at 7:51 AM on December 6, 2019 [1 favorite]
There's so many fascinating policy things going on with TikTok. It's the first major Chinese consumer product being used in huge numbers in Western countries. How seriously will they take GDPR compliance?
For so long our debates about Internet policy in the US and Europe have been assuming Western companies with Western ideas about democracy and speech. Mostly American, for that matter. A Chinese company is different. I mean mostly the same, they want users and money as much as American companies. And we've had a few years of Chinese ownership of major videogames played in the West without too much problem. But TikTok is a whole 'nother scale of thing.
See also: How TikTok censors videos that do not please Beijing, TikTok Admits It Suppressed Videos by Disabled, Queer, and Fat Creators (with a well-meaning mistake?), TikTok's local moderation guidelines ban pro-LGBT content, TikTok apologises and reinstates banned US teen, TikTok says it doesn't allow political advertising, ...
I wonder what TikTok's influence on the 2020 US Presidential Election will be.
posted by Nelson at 8:43 AM on December 6, 2019 [5 favorites]
For so long our debates about Internet policy in the US and Europe have been assuming Western companies with Western ideas about democracy and speech. Mostly American, for that matter. A Chinese company is different. I mean mostly the same, they want users and money as much as American companies. And we've had a few years of Chinese ownership of major videogames played in the West without too much problem. But TikTok is a whole 'nother scale of thing.
See also: How TikTok censors videos that do not please Beijing, TikTok Admits It Suppressed Videos by Disabled, Queer, and Fat Creators (with a well-meaning mistake?), TikTok's local moderation guidelines ban pro-LGBT content, TikTok apologises and reinstates banned US teen, TikTok says it doesn't allow political advertising, ...
I wonder what TikTok's influence on the 2020 US Presidential Election will be.
posted by Nelson at 8:43 AM on December 6, 2019 [5 favorites]
If a Chinese company hosts its servers in non-European nations, what recourse does the EU really have for GDPR violations? Can't TikTok just throw up its hands and say, "your users came to us. We were doing business outside of the EU"?
posted by explosion at 9:08 AM on December 6, 2019 [1 favorite]
posted by explosion at 9:08 AM on December 6, 2019 [1 favorite]
It's safe to say that TikTok's ties to the Chinese government are nowhere near hands-off. So I also feel it's safe to say that if any western government tries to lean on TikTok to change its ways with any meaningful leverage, there will be instant diplomatic and economic pushback from Beijing.
The United States is trying to rule the world through intimidation. Russia is attempting to rule the world through misinformation. China is doing it gently, getting stakes in traditional and social media companies, making their "benevolent" oversight just a distant hum in the ears of hundreds of millions of Western users -- until something threatens their way.
I have no idea who's going to win.
posted by seanmpuckett at 10:16 AM on December 6, 2019 [1 favorite]
The United States is trying to rule the world through intimidation. Russia is attempting to rule the world through misinformation. China is doing it gently, getting stakes in traditional and social media companies, making their "benevolent" oversight just a distant hum in the ears of hundreds of millions of Western users -- until something threatens their way.
I have no idea who's going to win.
posted by seanmpuckett at 10:16 AM on December 6, 2019 [1 favorite]
I don't know that Western companies hold Western ideas about freedom of speech, either.
posted by stevis23 at 10:20 AM on December 6, 2019 [8 favorites]
posted by stevis23 at 10:20 AM on December 6, 2019 [8 favorites]
I think everyone has seen the Russian models of speech seem to be the most successful. I would be very interested to see if the Russian IRA is blocked from spreading propaganda on TikTok somehow.
posted by benzenedream at 11:34 AM on December 6, 2019
posted by benzenedream at 11:34 AM on December 6, 2019
If a Chinese company hosts its servers in non-European nations, what recourse does the EU really have for GDPR violations? Can't TikTok just throw up its hands and say, "your users came to us. We were doing business outside of the EU"?
Technically, yes, but only if they definitely are completely disconnected from EU jurisdiction. This means they can't use EU-based servers/services without risking them being cut off, they can't accept money from EU companies for advertising, they can't keep any funds or accounts in the EU without risking forfeiture, etc. It's possible, but if you're a company aiming for global reach, it's extremely impractical.
posted by Aleyn at 1:02 PM on December 6, 2019 [1 favorite]
Technically, yes, but only if they definitely are completely disconnected from EU jurisdiction. This means they can't use EU-based servers/services without risking them being cut off, they can't accept money from EU companies for advertising, they can't keep any funds or accounts in the EU without risking forfeiture, etc. It's possible, but if you're a company aiming for global reach, it's extremely impractical.
posted by Aleyn at 1:02 PM on December 6, 2019 [1 favorite]
Yeah I don't think a service like TikTok is really usable (by current standards of usable) without a CDN, so the EU could absolutely make TikTok unusable in practice within its jurisdiction.
posted by PMdixon at 3:25 PM on December 6, 2019
posted by PMdixon at 3:25 PM on December 6, 2019
Yes, I desperately wish we had something similar in the United StatesThe California Consumer Privacy Act (CCPA) was modeled on the GDPR and comes into effect January 1, and will realistically apply to anybody doing business on the Internet in the United States given the huge number of Californian Internet users.
posted by kdar at 12:18 AM on December 7, 2019 [1 favorite]
TikTok Admits It Suppressed Videos by Disabled, Queer, and Fat Creators
posted by kokaku at 2:02 AM on December 7, 2019 [2 favorites]
posted by kokaku at 2:02 AM on December 7, 2019 [2 favorites]
If a Chinese company hosts its servers in non-European nations, what recourse does the EU really have for GDPR violations?
This loophole was mostly closed by GDPR.
GDPR applies to data on EU citizens hosted anywhere, even outside of the EU. Otherwise any company, even EU-based companies, could simply host data outside of the EU and ignore the law. The recourse is large fines for companies that do not meet GDPR.
They may ignore GDPR but they cannot ignore the fines.
posted by romanb at 10:07 AM on December 7, 2019
This loophole was mostly closed by GDPR.
GDPR applies to data on EU citizens hosted anywhere, even outside of the EU. Otherwise any company, even EU-based companies, could simply host data outside of the EU and ignore the law. The recourse is large fines for companies that do not meet GDPR.
They may ignore GDPR but they cannot ignore the fines.
posted by romanb at 10:07 AM on December 7, 2019
they cannot ignore the fines.
I look forward to the day the EU successfully fines an arm of the PLA.
posted by aramaic at 12:35 PM on December 7, 2019
I look forward to the day the EU successfully fines an arm of the PLA.
posted by aramaic at 12:35 PM on December 7, 2019
I am not sure what you are suggesting. There are no legal options against an international company with operations in the EU, even if they refuse to pay a fine? That the PLA will drive a tank over the fine?
posted by romanb at 11:35 PM on December 7, 2019
posted by romanb at 11:35 PM on December 7, 2019
« Older Top-Selling Singles by Decade, 14,500s BCE - 2010s... | Architectural Gingerbread Houses Newer »
This thread has been archived and is closed to new comments
posted by acb at 7:07 AM on December 6, 2019 [17 favorites]