In December of last year, some US government agencies banned TikTok from government-owned devices. The action was taken because of the numerous privacy risks associated with this social media platform. In this article, Adrianus Warmenhoven, a cybersecurity advisor at NordVPN, explained five ways in which TikTok violates the privacy of [not just] its 80 million American users [but also users elsewhere including Nigeria and rest of Africa].
The app is known for collecting notorious amounts of user data and its inability to keep that data private
In December 2022, multiple US government agencies started banning TikTok from their employees’ devices. The app, created by the Chinese company ByteDance, has been on the radar of American authorities for a long time because of its numerous privacy problems.
RELATED: Staying safe on TikTok: How to avoid being scammed or hacked
“Currently, around 95 million Americans use TikTok, and its popularity is growing daily. These numbers show that very few understand the risks this social media network brings to its users’ data, including intrusive tracking and a possible connection to the Chinese government,” says Adrianus Warmenhoven, a cybersecurity advisor at NordVPN.
Below, the expert explains how TikTok compromises its users’ privacy.
Data-driven algorithm and intrusive tracking
One reason for the app’s success is that it can provide users with highly individualized content. Every user has their own unique feed based on their interests and preferences. But behind that individual approach is the practice of gathering vast amounts of user data within and outside of the app.
As soon as a user starts using TikTok, the company begins building a profile about them, including their interests, political leanings, sexuality, and every other variable that could impact the selection of videos they see. TikTok also collects information about users’ keystroke patterns, location information, browser history, and even biometric information (face and voice print).
The problem with this is not only the fact that a huge corporation has such vulnerable information about its users and can later use it for marketing purposes. It also takes one data breach for that information to fall into the wrong hands. Hackers are eager to steal valuable data from online businesses and use it for their own malicious purposes later.
Disregard to privacy rights of journalists
In the end of December 2022, Reuters reported that four employees were fired from TikTok’s parent company ByteDance for obtaining user data of two US journalists. This happened during TikTok’s unsuccessful investigation of data leaks that had happened to the company last year.
Even though TikTok fired the employees, the fact that they were able to obtain such information shows the lack of data security in the company. Furthermore, it showed that the company does not anonymize users’ IP addresses, locations, and browsing history. This means that everything a person does on the app is directly linked to a user’s IP address. Keeping browsing information private is important for every user, especially for vulnerable groups such as activists, journalists, or politicians.
TikTok’s in-app browser
TikTok uses an in-app browser built into the app itself. This means that when users try to navigate off of TikTok through an ad or a bio link, they actually stay on the app. Instead of switching to Chrome or Safari, users view pages through TikTok’s own browser.
The internal browser allows the company to monitor behavior on websites and pages that a user might assume are not within TikTok’s purview. This type of monitoring is another area where users might end up exposing more personal information than they intend to.
ByteDance and the Chinese Communist Party
TikTok is owned by ByteDance, a company based in China. Under Chinese law, it is required to share user data with the authorities if requested.
It is also understandably incentivised to stay in line with the Chinese Communist Party’s policy, which some argue has led the company to suppress videos discussing human rights abuses against Uyghur Muslims in the Chinese province of Xinjiang.
While it’s hard to verify TikTok’s stance on these issues, the fact that ByteDance operates under the authority of the CCP should raise concerns about user privacy.
Privacy settingsÂ
By creating a TikTok account, users agree to their data being collected and used for targeted advertising. If a user does not want personalized ads, they can turn them off in the settings. This is one of the two privacy settings that TikTok allows. The second one enables users to make their accounts private.
Other than that, TikTok’s privacy policy allows the app to collect all kinds of information about its user without the possibility of opting out.
Any chances of staying private on TikTok?
“Unfortunately, the only way to prevent TikTok from collecting your data is to stop using the app. However, there are ways to keep your account a little bit more private,” says Adrianus Warmenhoven, a cybersecurity advisor at NordVPN.
- Set your profile to private. You can still enjoy all the content TikTok has to offer without making your own profile public. Have a look through your privacy settings and make sure that only people you know and trust can view your content. Doing so lowers the likelihood of identity theft and makes it harder for scammers to contact you.
- Don’t post personally identifiable content. When uploading videos, make sure not to include images of your home and neighborhood, views from your windows, or other content that could be used to triangulate your location. Try to limit how much you post about your work, family, and other personal contacts. The more information you make public, the easier it is for hackers to steal your identity and use it to launch phishing attacks against others.
- Use Threat Protection. NordVPN’s Threat Protection feature blocks ads, trackers, and malicious websites you can stumble upon while browsing online. This tool will stop the TikTok trackers from following you on your browser. Even though your activity on the app and its in-app browser will still be tracked, everything you do outside of it will be kept private.