TIKTOK really is spying on you for China

TIKTOK really is spying on you for China

By Zak Doffman

The relentless pressure on TikTok ramped up further this week, with U.S. Secretary of State Mike Pompeo again claiming user data is sent to to China. “It’s not possible to have your personal information flow across a Chinese server,” he warned during a British media interview, suggesting that data would “end up in the hands of the Chinese Communist Party,” which he characterized as an “evil empire.” TikTok is firmly in the sights of the Trump administration, and they’re not letting up.

But now, as TikTok continues to deny U.S. accusations of data mishandling, of it bowing to pressure from Beijing, a new report from the cyber experts at ProtonMail has called those denials into question. “Beware,” it warns, “the social media giant not only collects troves of personal data on you, but also cooperates with the CCP, extending China’s surveillance and censorship reach beyond its borders.”

TikTok’s world is now dominated by speculation as to whether the U.S. will find some way to ban the app, cutting access to tens of millions of American users and calling a halt to TikTok’s soaraway growth. The week had started with confirmation of a ban on federal employees installing the app on government-issued devices, seen by many as a precursor to some form of wider action by the Trump administration. We also now know how such a ban would operate—TikTok would be added to a Commerce Department entity list, in the same way Huawei has been sanctioned.

With every week that goes by, it is becoming ever more critical to remind ourselves of what we know and what we don’t know. Yes, TikTok is a potential threat to the west, in as much as it is a Chinese-owned app now installed on hundreds of millions of devices. In a world where Facebook data has allegedly facilitated so much damage to political processes, so much manipulation and disinformation, to assume that TikTok doesn’t carry any serious threat is woefully naive.

But, that said, allegations of data exfiltration and “spying” are technical, they are binary, they can be proven one way or the other. And this is where the rhetoric meets a reality test. For all the talk, there is no solid proof that TikTok sends any data to China, there is no solid proof that any information is pulled from users’ devices over and above the prying data grabs typical of all social media platforms.

When TikTok is asked about claims to the contrary, it stands by the lack of proof, the missing smoking gun. There’s no evidence, it says, it’s a political campaign steeped in the standoff between Washington and Beijing. “There’s a lot of misinformation about TikTok out there,” the company tells me, pointing to its U.S. CEO and its CISO “with decades of U.S. military and law enforcement experience, and a U.S. team that works diligently to develop a best-in-class security infrastructure.” The company also reassures that U.S. data never travels to China.

But the warning this week from the cyber security analysts at ProtonMail isn’t political point scoring—these are ex-CERN security engineers. TikTok’s “zealous data collection,” the company warns, “its use of Chinese infrastructure, and its parent company’s close ties to the Chinese Communist Party make it a perfect tool for massive surveillance and data collection by the Chinese government.”

ProtonMail says that it reviewed TikTok’s “data collection policies, lawsuits, cybersecurity white papers, past security vulnerabilities, and its privacy policy,” and concluded that “we find TikTok to be a grave privacy threat that likely shares data with the Chinese government. We recommend everyone approach TikTok with great caution, especially if your threat model includes the questionable use of your personal data or Chinese government surveillance.”

ProtonMail also cites a white paper published by Penetrum earlier this year, which warned that “37.70% of the known IP addresses linked to TikTok are Chinese,” and which described the “excessive amount of data harvesting, vulnerabilities in TikTok’s code, as well as a few things that may make you feel pretty uncomfortable.”

Read the full article in Forbes

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.