I am disappointed that TikTok executives continue citing the Citizen Lab’s research in their statements to governments as somehow exculpatory.
I’ve called them out on this in the past, and it’s unfortunate that I have to do it again.
Two years ago we analyzed the TikTok app. Our analysis was restricted to the application, and the kinds of data it collected. Broadly speaking, we found that it was similar to other social media apps: a vacuum cleaner of personal data. This is not a good thing.
We also highlighted additional concerns, including about latent functionality that could potentially be activated, and noted that TikTok contained some dormant code originally written for Douyn (TikTok’s Chinese counterpart, also owned by ByteDance).
Our analysis was explicit about having no visibility into what happened to user data once it was collected and transmitted back to TikTok’s servers. Although we had no way to determine whether or not it had happened, we even speculated about possible mechanisms through which the Chinese government might use unconventional techniques to obtain TikTok user data via pressure on ByteDance.
The conversation about potential privacy and national security concerns with TikTok should serve as a reminder that most social media apps are unacceptably invasive-by-design, treat users as raw material for personal data surveillance, and fall short on transparency about their data sharing practices. This is why comprehensive privacy legislation is desperately needed.