TikTok - the first Chinese social media giant

TikTok - like other social media apps such as Facebook or Twitter - collects a massive amount of data, not just to optimize its feed, but also to enable it to create profiles of the app users and to target them with personalized ads. But the real novelty of TikTok is that it’s a Chinese company. It is based in China and owned by the Chinese company ByteDance - with close ties to the Chinese government. Thus, all data available to TikTok could potentially be available to the Chinese government. Since there are no legal limitations in China on what data the Chinese government can request from TikTok, literally everything is available to the authorities.

Banning TikTok in the US

For that reason, in 2020 President Trump issued an Executive Order to ban transactions between US entities and the parent company of TikTok due to national security concerns. The battle between the US government and TikTok has not stopped since.

This year, the House of Representatives under the Biden administration passed a bill calling on TikTok’s parent company, ByteDance, to either divest and sell, or face a TikTok ban from app stores in the US. If ByteDance were to divest, as wished by US legislators, the wanted solution would be for TikTok to be sold to a “qualified buyer” – most likely a Western company, as a way to cut ties with China.

Many House legislators argue that through the app, the Chinese government can access large amounts of user data and influence Americans through the platform. According to The New York Times, critics have even said that TikTok has played a part in fueling the spread of antisemitism to users in the US after the attack by Hamas on Israel. Another fear of US legislators is that ByteDance could be secretly controlled by China’s Communist Party.

The US wants China out. TikTok, China’s first social media giant, has been given an ultimatum: parent company ByteDance must either divest or face getting banned from the US app store.

Is TikTok getting banned in the US? The bill isn’t explicitly banning TikTok, but rather gives parent company ByteDance six months to give up ownership and divest, otherwise face a ban. However, to date it is also not clear whether such a ban is even possible and whether it could be challenged in court in relation to freedom of speech. While other countries like India already banned TikTok, doing this in the US might not be that easy.

Surveillance is okay, but not from China

The message of the US government is clear: Surveillance via social media giants is okay, but not when the surveillance is being done by rival China. This chain of thought is completely understandable given that mass surveillance via social media services such as TikTok enables the Chinese government to eavesdrop not just on citizens, but also on US government employees or collect data for industrial espionage.

However, if TikTok is going to be allowed to continue to operate under American ownership, one major problem remains: surveillance. While concerns about data privacy issues in regards to China will be eliminated, the data will still be there - not available to Chinese, but to US authorities.

The real problem with TikTok isn’t China

Social media giants such as Facebook and Google are tracking machines, just like most big tech corporations. However, in recent years - as more people understand that privacy matters - they have started to present themselves as the new defenders of privacy by updating their privacy policies and giving the users slightly more control over what data is being collected. While this can be considered as a mere marketing measure as Facebook and Google still base their business model on tracking users to create profiles for optimized advertisements, TikTok is no different. They, too, are greedy for your information.

Excessive data collection

TikTok does not even hide what it is doing. In its privacy policy, it states the vast amount of data that it collects from its users – this is much more data than TikTok would need for operational purposes, and even more data it would need to show the famous targeted feed – as well as targeted advertisements.

”We automatically collect certain information from you when you use the Platform [TikTok], including internet or other network activity information such as your IP address, geolocation-related data, unique device identifiers, browsing and search history (including content you have viewed in the Platform), and Cookies.”

While other services like WhatsApp are now encrypting private messages, TikTok does the opposite. It openly states that it scans and analyzes all direct messages in its privacy policy:

“We collect and process, which includes scanning and analyzing, information you provide in the context of composing, sending, or receiving messages through the Platform’s messaging functionality. That information includes the content of the message and information about when the message has been sent, received and/or read, as well as the participants of the communication.”

TikTok collects just about all user data possible, including private messages, your birthday, your location, your IP address, and more.

Main privacy issues to be aware of in terms of data collection

Information You Provide

This is the information you willingly provide to TikTok when you create an account or watch a video on their app. The key privacy concern here is that they collect all your profile information. This includes your name, date of birth, phone number and email address. Any time you create content using their app or publish it, they keep this data. This includes any comment you post, every video you like, or save. If you sync your contacts, the app gains access to your devices phone book which contains extremely sensitive information.

Did you know that when you send a direct message to a friend via TikTok your message gets collected and TikTok as well as ByteDance have full access to its contents?

But the biggest privacy concern can be found under the title Information You Provide in their policy on direct messages. They clearly state that if you send or receive any direct messages via the app, they collect the content of the message and any associated metadata – like when the message was sent, received or opened and who the recipients of the message are. In short, every time you send a message via the app, they record, track and have full access to its contents.

Automatically Collected Information

Under the title Automatically Collected Information in their privacy policy the key concerns are that the Chinese tech giant automatically collects any technical information like your phone model, keystroke patterns, and your IP address. Additionally, they collect and track your location information. When you’re scrolling for hours, they also monitor and collect all information on how you interact with the app and which content you watch.

As stated in TikTok’s privacy policy, they automatically collect and track a vast amount of user information.

Data Sharing

TikTok’s tracking and data collection is concerning and so are their data sharing practices. In their privacy policy, they make it clear that they may share user information with third-party partners, this includes advertisers, measurement and data partners and other service providers. So the mass amounts of data TikTok is collecting could be used to target you with personalized ads both in the app, and on other platforms.

Social media platforms are surveillance machines

Social media platforms are surveillance machines. Whether its Facebook, Google, Twitter or TikTok. Even if the amount of data differs, the problem is that the data is there and that the authorities have the capability to ask for this data.

The Intercept concludes on this issue that: “The BlueLeaks documents highlight that without more restrictions in the United States on what companies can collect and hand over to investigators, there’s reason to worry about any social media platform, American or Chinese.”

Strategy for data protection

Instead of activism against individual companies such as TikTok, the US needs a wider strategy for data protection to define “how all companies treat our data” says cybersecurity expert Melissa Hathaway to the German tech news site Heise in 2020 - but the statement is still very valid today.

According to Hathaway, this would involve addressing fundamental regulatory issues, such as the transparency of the extent and nature of data collection, storage and transfer, as well as questions about the purpose of use, necessary consents and access rights of law enforcement officers.

”Doesn’t that sound a bit like the General Data Protection Regulation?” the site then asks.

”Yes, exactly,” Hathaway answers, underlining that California’s consumer data protection law is even stricter than the European GDPR in certain aspects.

There you have it: Cybersecurity experts agree that while TikTok data collection is problematic - also because the parent company is based in China - the problem will not go away if TikTok where based in the USA. The underlying problem with TikTok is its massive data collection and the missing laws in the US for data protection like in Germany or the EU with the GDPR.

What is TikTok and why people love it.

Released in 2016, TikTok rose to fame in late 2017, and in 2022, became the world’s most downloaded app – yes, more than Meta’s Facebook and Instagram. The app which allows people to watch, create and share short clips has changed the landscape of many industries like those of marketing, sales, and social media. At the same time, it has created a platform for people, especially youngsters to create and watch short videos on just about any topic you could imagine.

We can’t deny that TikTok is highly addictive – one thing that makes it so popular and engaging is its “For You Page” which uses machine learning to create a personalized feed of clips it thinks you’ll enjoy. And honestly speaking, the algorithm is good – it does target clips that keep you engaged. For some, TikTok is a way to pass time and for others it has become a full time profession!

Yet, whatever the reason billions of people around the world love the platform, it does come with privacy concerns that can’t and must not be ignored.

Why Tuta has and uses TikTok

It’s clear that TikTok is just another social media app, greedy for data and offering its users’ literally no privacy. Or to give it a picture: If privacy were light, then TikTok would be pitch dark.

We at Tuta are forerunners of privacy and would highly recommend deleting your TikTok account and avoiding the app completely. While this is our stance, it might seem contradictory that, as a company, we do have a Tuta Team account on the Chinese platform.

Due to the ever changing online landscape, unfortunately, we have to keep up with social media trends. Our goal with being on TikTok is not only to grow our privacy-first service, but most of all to educate the masses around the world. Through using TikTok’s platform, we hope to educate its users, thus, spreading the word about privacy, why it matters and how people can protect their sensitive data. While some might be okay to share their social media interactions, they might still be in need for communicating privately on the web. For this they need to know about alternatives such as Tuta that offers truly private emails, calendars and contacts.

So if you do not have a TikTok account: Great, you have already upped your privacy a lot!

And if you do have a TikTok account: Be sure to follow us at @TutaPrivacy and spread the word about privacy with us!