An absolute staple of the Gen Z app line-up, TikTok managed to make a fair few enemies not long after amassing popularity outside mainland China.
The US government first opened a national security investigation into the Beijing-based social media behemoth in 2019 – just about a year after Americans started using the video-sharing app. Now, the clock is TikTok-ing for US users as federal bureaus, workplaces and schools ban its use while policymakers are evaluating a proposed total TikTok ban.
TikTok skepticism has made its way to Europe, too, although the general stance against the Chinese app appears to be more moderate. Politicians seem more inclined to inspect its data privacy practices rather than pointing the finger at where its parent company is based.
But, while lawmakers are deciding whether or not TikTok is really a bigger threat compared to the likes of Facebook, Instagram and Twitter, should we consider deleting TikTok for good?
One of the best VPN services around, NordVPN, shares with us some advice to help users make a truly informed decision.
TikTok's privacy concerns
"Currently, around 95 million Americans use TikTok, and its popularity is growing daily. These numbers show that very few understand the risks this social media network brings to its users' data, including intrusive tracking and a possible connection to the Chinese government," said NordVPN's cybersecurity advisor Adrianus Warmenhoven.
As we mentioned, the debate around TikTok's security is growing - especially in the US. Some argue that these concerns are rooted in fear rather than evidence, making the campaign against its use more of a political matter. At the same time, a total ban, as with any type of censorship, could also curb freedom of expression across Western democracies as well.
What's certain is that TikTok does collect a huge amount of personal information about its users. Even worse, it's often difficult to fully understand its reach. That's why the secure VPN provider NordVPN decided to share a list of ways in which TikTok compromises its users' privacy.
"We think users should make an informed decision before choosing to use or not to use any social network," Warmenhoven told TechRadar.
1. Data-driven algorithm and intrusive tracking
Scroll through its feed long enough and you'll be bombarded with content carefully chosen for you.
That's because TikTok uses a sophisticated algorithm to gather a vast amount of users' data, both inside and outside the app, to build an accurate profile. These include their interests, political views, sexuality and more. This works very well for delivering you content that keeps you glued to the app - but at a significant cost.
At the same time, it also collects detailed information by monitoring keystroke patterns, location, browser history, and even biometric information. A new feature unique to business accounts, TikTok's Focused View goes even deeper as it also tracks people's personal interactions.
"This is not only an invasion of privacy, but is opening the gate for dystopian claims of invasive-emotion detection - both incredibly frightening, and often unscientific," said Estelle Massé, Global Data Protection Lead at Access Now, one of the privacy advocates warning of the risks of such functionality.
2. Disregarding privacy rights of journalists
At the end of December, four employees were fired from TikTok’s parent company ByteDance for obtaining usage data of US journalists. Reporters' IP address locations, including former BuzzFeed journalist Emily Baker-White and Financial Times journalist Cristina Criddle, were illegally collected in an effort to track down sources leaking internal information.
Despite ByteDance and TikTok initially denying such allegations, the companies later admitted the wrongdoings and fired all the people involved. However, according to Warmenhoven, that's worrying as it "shows the lack of data security in the company." It also confirmed that the company does not anonymize users' IP addresses, locations, and browsing history.
ByteDance used TikTok to track my location — and the locations of two of my colleagues — to try to find our sources. We reported on this back in October, but kept things vague to protect sources. Today ByteDance admitted it, so we can say much more:https://t.co/ZFdU5BVC8HDecember 22, 2022
3. TikTok’s in-app browser
TikTok comes with an in-app browser built into the app itself. This means that the app will follow users' internet journey every time they click on an ad or bio link to access an external site. This allows the company to monitor user behavior without people even knowing it.
Nearly a dozen class actions have recently been filed in the US citing violation of a federal wiretap law, the Bloomberg Law reported.
4. TikTok's link to China
TikTok is owned by ByteDance, a company based in China. What's worrying here is that, according to Chinese law, tech companies are required to share user data with the authorities if requested. "It is also understandably incentivized to stay in line with the Chinese Communist Party’s policy," said Warmenhoven.
While the company keeps rejecting such claims, he believes that the fact that ByteDance operates under the authority of the CCP should raise concerns about user privacy in general.
5. Constrained privacy settings
Last but not least, when you create a TikTok account, you agree to having a huge amount of data collected and used for targeted advertising.
Users can personalize the settings to make their experience a bit more private. They can turn off personalized ads and even make their account private. But, other than that, TikTok’s privacy policy allows the app to collect all kinds of information about its users without the possibility of opting out.
TikTok - worse than its competitors?
As we have seen, TikTok can be considered a privacy nightmare for many different reasons. However, such practices aren't unique to the Chinese app. There are countless Big Tech companies collecting the same amount of data, including US-based Meta, Uber, Microsoft and Google.
For instance, Facebook and Instagram also use a proprietary in-app browser. Felix Krause, a former Google engineer, explained how Meta injects additional lines of code on websites to better track users' online activities in a blog post from August 2022.
So, is switching from TikTok to another app a real solution? Well, probably not.
"The truth is that the more social media platforms you use, the more data they collect about you. So it is recommended to choose wisely before creating any new social media profile," Warmenhoven told TechRadar.
We think users should make an informed decision before choosing to use or not to use any social network.
Adrianus Warmenhoven, NordVPN
Despite this, he still believes that TikTok might be more risky than other platforms.
"The main difference is that TikTok is owned by a Chinese company ByteDance, which means that they have to comply with the laws of the country they are based. Under Chinese law, it is required to share user data with the authorities if requested."
As said before, TikTok denies such claims, though. Furthermore, both the US and EU are making arrangements to set up a local data center to store the data of Western users and inspect the app’s source code and content algorithms.
What's certain is that fears over Chinese surveillance via TikTok have opened up a debate around online privacy more broadly. As Anupam Chander, professor of law and technology at Georgetown University Law Center, told the Guardian: "We should have a broader approach that examines the national security risks posed by data flows more generally.”
How to stay private on TikTok
"Unfortunately, the only way to prevent TikTok from collecting your data is to stop using the app. However, there are ways to keep your account a little bit more private," said Warmenhoven.
Specifically, he recommends to:
- Set your profile to private. This is the first step towards better privacy while still engaging with all the content TikTok has to offer. Just head to the privacy settings tab and make sure that only people you know and trust can view your content. This will lower the chance of identity theft, too, making it harder for scammers to contact you. You should disable location and activity tracking, too.
- Don’t post personally identifiable content. When uploading videos, you should make sure not to include any details that could be used to triangulate your location. As a rule of thumb, the more information you make public, the easier it is for malicious actors to target you. So, you should always avoid oversharing.
- Use a VPN. VPNs are security software that hides your real IP address while encrypting the data leaving your device. This makes your online life more private overall, even when you're on social media. Just keep in mind that hiding your IP will make your TikTok experience less personalized. You should also consider getting a service offering an ad and tracker blocker feature, such as NordVPN's Threat Protection.
